Synapse with thehive4

[aymansabri]

Hello,
I trying to connect my thehive4 with QRadar using synapse, but it doesn't work, i don't get any error in the log,

this is my synapse conf file:

_[api]
debug:True
host:127.0.0.1
port:5000
threaded:True

[TheHive]
url:http://127.0.0.1:9000
user:[email protected]
api_key:secret

[EWS]
#ip or domain to EWS server
server:ews.stargazer.org
#According to exchangelib doc:
#"username is usually in WINDOMAIN\username format
#some servers also accept usernames in PrimarySMTPAddress
#('[email protected]') format (Office365 requires it)
#username:stargazer.org\ap0054
#password:P@55w0rD
#auth_type:NTLM
#smtp_address:[email protected]
#folder_name:TheHive

[QRadar]
#ip or domain to QRadar
server:..66.100
auth_token:secret
cert_filepath:/***/qradar.cer
api_version:11.0_

this command worked for me well , i can recieve offenses : ( checking the connection from thehive to qradar) :
curl -X GET -H 'SEC:your_auth_token' -H 'Range: items=0-5' -H 'Version: 11.0' -H 'Accept: application/json' 'https://your.qradar.url/api/siem/offenses'

I also tried this :
#54

in the file TheHiveConnector.py

i replaced this line _"query['string'] = 'description:"{}"'.format(string)
by this one query = ContainsString('description', format(string))

and replaced the owner='synapse' by owner='[email protected]'

i assigned managealert permission for synapse user in thehive

Can you help me resolving this