-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Neo4J not working with BloodHound #159
Comments
Signed-off-by: fastlorenzo <[email protected]>
This all works fine in my testing. Perhaps an issue related to another of your PRs? Or maybe not proper ports exposed in docker-compose file? Moving to a newer branch of the neo4j is desired at some point. But it equals opening a whole new can of worms. Im not happy to do this now. Amongst others, it would require testing if Jupyter notebook docker still works. I'll leave this PR open for future additions. |
Did a quick check and found the issue. The used SpecterOps neo4j image is indeed very old (v3), while modern BloodHound app require a neo4j instance using a newer bolt protocol version. That is why the builtin neo4j browser does work (it uses the old v3 protocol). I did not check, but Im pretty sure the data path did work for the old image, but indeed needs to be changed for newer neo4j images. Forcing RedELK users to an old BloodHound app is no option. We need to move to a newer neo4j image asap. I did a quick test with your proposed solution, and it works at least for neo4j data. Jupyter workbooks connectivity is to be checked. |
Moved to neo4j official docker to fix #159
Revert "Moved to neo4j official docker to fix #159"
Reverting your PR as it breaks access to /neo4jbrowser which redirects to ip:7473. Seems neo4j 4 needs different handling of the ssl certs. I see three options - ranging from most to less preferred:
|
I'll check this one ;) |
Note: when we'll update neo4j, we prolly also need a newer install of py2neo in the jupyter image. Dockerfile currently states a specific version with |
I've worked on a fix, which I tested to be working: it uses nginx to listen on port 7687, and proxies the requests to the neo4j container. Adds back the neo4j container behind nginx as well. As this touches the Nginx container config, I'll wait for #152 to be merged before making a PR |
I can't use the Neo4J instance with BloodHound (bolt port).
This works fine with the Neo4J browser.
I've tried via SSH tunneling and via direct IP access, BloodHound stays stuck in a loop.
By changing the container image from
specterops/bloodhound-neo4j
toneo4j:4.2
, everything works fine.Proposed patch to adapt it.
Furthermore, the mount point in the docker compose file (
/var/lib/neo4j
) is incorrect, it should be/data
The text was updated successfully, but these errors were encountered: