Merge pull request #206 from LaZyDK/patch-2

Force tags as strings. Resolves #201. Thanks for your contribution!
jertel · May 31, 2021 · 982115f · 982115f
2 parents 6a1d746 + ef8f626
commit 982115f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/elastalert/alerters/thehive.py b/elastalert/alerters/thehive.py
@@ -66,9 +66,9 @@ def load_tags(self, tag_names: list, match: dict):
             tag_value = self.lookup_field(match, tag, tag)
             if isinstance(tag_value, list):
                 for sub_tag in tag_value:
-                    tag_values.add(sub_tag)
+                    tag_values.add(str(sub_tag))
             else:
-                tag_values.add(tag_value)
+                tag_values.add(str(tag_value))
 
         return tag_values
 

diff --git a/tests/alerters/thehive_test.py b/tests/alerters/thehive_test.py
@@ -18,7 +18,7 @@ def test_thehive_alerter():
                                   'severity': 2,
                                   'source': 'elastalert',
                                   'status': 'New',
-                                  'tags': ['test.ip'],
+                                  'tags': ['test.port'],
                                   'tlp': 3,
                                   'type': 'external'},
             'hive_connection': {'hive_apikey': '',
@@ -33,7 +33,8 @@ def test_thehive_alerter():
     alert = HiveAlerter(rule)
     match = {
         "test": {
-          "ip": "127.0.0.1"
+          "ip": "127.0.0.1",
+          "port": 9876
         },
         "@timestamp": "2021-05-09T14:43:30",
     }
@@ -62,7 +63,7 @@ def test_thehive_alerter():
         "source": "elastalert",
         "status": "New",
         "tags": [
-            "127.0.0.1"
+            "9876"
         ],
         "title": "test-thehive",
         "tlp": 3,