[Bug] Cannot create Case Observable on TheHive4 despite manageObservable Permission

[milesflo]

Cannot create CaseObservable on TheHive4

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Docker thehiveproject/thehive4:latest
TheHive4py version	pip version 1.6.0

Problem Description

An account with manageObservables permissions cannot actually create Observables.

Steps to Reproduce

1. Create an account with manageObservable permissions
2. Generate API token in Users tab
3. Fill parameters into PoC script
4. Observe output

Potential Solution

This same account can log into the site via password and SUCCESSFULLY create Observables, so it may be tied to how the API client authentication is defined and handled.

Complementary information

Screenshot:

PoC:

from thehive4py.api import TheHiveApi
from thehive4py.models import CaseObservable

url = "<url>"
token = "<token>"
organisation = "<organization>"

api = TheHiveApi(
    url,
    token,
    organisation=organisation,
    cert=False
)


user = (api.get_current_user()).json()

if user['status'] == 'Ok':

    print("Username:" + user['login'])
    print("Permissions: " +  str(user['roles']))

    observable = CaseObservable(
        data='john.doe',
        dataType='username',
        ioc=False,
        message='CEO of Widget Industries',
        sighted=False,
        tags=['sample'],
        tlp=2
    )

    res = api.create_case_observable(1, observable)

    print(f"{res.status_code} {res.reason}") # 403 Forbidden
    print(res.json())      # {'type': 'AuthorizationError', 'message': 'Operation not permitted'}

[milesflo]

I discovered the error! I was incorrectly using caseId and id/_id interchangeably.

create_case_observable expects the id