After following the installation guide, the application does not work. In the catalyst docker container logs I found the following error every 10 seconds:
db.go:89: could not connect to database: not authorized to execute this request, retrying in 10 seconds
Does anyone know what I need to change?

Hello,
I tried to Set up Catalyst with the respective Guide at https://catalyst-soar.com/docs/catalyst/admin/install and run into some Issues with my Setup, I believe.
I'm getting the Error:

and

I currently don't use a dedicated OpenID Connect system, so I kept the Default Values for that, since commenting out lead to Errors related to OIDC.

Step 5-6C says to create a Keycloak Client, but as far as I'm aware (and the linked documentation describes) that's only possible in the Keycloak Web interface, which is started in Step 6, is my Issue in that Step?

My Server is virtualized via Proxmox. The Traffic is routed via a Sophos XG Virtual Appliance to a Reverse Proxy VM and from there routed to the VM that runs Catalyst.
Had no Issues so far setting up other systems like matrix synapse, so I don't think my routing outside the vm should be an Issue.

Cheers

My setup that generated this error utilizes Google's OIDC provider for authentication into Catalyst.
(https://accounts.google.com/.well-known/openid-configuration)
(https://support.google.com/cloud/answer/6158849?hl=en)

Problem

When attempting to log in with accounts.google.com configured as the OIDC provider, and email as the OIDC username, catalyst responds first with JSONErrorStatus 500 could not load user and then could not create user: HTTPError(409): unique constraint violated on a second attempt.

To reproduce

1. Set up a catalyst to authenticate via Google OIDC
2. Set OIDC_CLAIM_USERNAME to email
3. Start catalyst (docker compose up or your configuration)
4. Navigate to the catalyst page. Click "Log in with OIDC"
5. Experience a redirect to the login page.
6. See the following error on the backend:

api.go:28: JSONErrorStatus 500 could not load user: HTTPError(404): document not found

7. Click "login" once again.
8. See the following error message:

{"error":"could not create user: HTTPError(409): unique constraint violated - in index primary of type primary over '_key'; conflicting key: my-email@domain-com"}

• OS: POP OS

Hi, I had installed Catalyst on following the documentation but I had not provided any domain as parameter.

However the installation had completed and I was able to see a login screen in which I entered the default admin creds and it threw me an error as shown below.

Hoping that someone can help solve the issue.

Thanks

Hi, we are going to deploy Catalyst on Kubernetes, but our devops guy told us we can't mount docker socket to container in order to run automation script in containers. Is there any way to run local script in automation tasks?

Cheers

Hello! There is an issue with LDAP authentication to Catalyst using Authelia.

Authelia can authenticate users by LDAP, but Catalyst doesn't "understand" that and you cannot login using this method.
If using default Authelia authentication method (by adding users to file) everything works fine.

Every time when you restart docker with catalyst, it is trying to create "setup" key in arangodb without any checking if this key already exists, that causes an error

main.go:27: failed to create authenticator: HTTPError(409): unique constraint violated - in index primary of type primary over '_key'; conflicting key: setup

Can there be any procedure that will check if "setup" exists in arango before trying to create it?

Run automations on a schedule.

Use https://github.com/reugn/go-quartz or https://github.com/go-co-op/gocron

Is there any support for using authentik rather than authelia. I attempted to change authelia settings to authentik with the authentik setup with an OAuth/OIDC Provider and a catalyst application and fed the client id and secret to catalyst docker-compose this didn't work with the following logs:

catalyst container
   
        <link rel="stylesheet" type="text/css" href="/static/dist/authentik.css">
        <link rel="stylesheet" type="text/css" href="/static/dist/custom.css" data-inject>
        <script src="/static/dist/poly.js?version=2023.10.6" type="module"></script>
        <script src="/static/dist/standalone/loading/index.js?version=2023.10.6" type="module"></script>
        
<style>
:root {
    --ak-flow-background: url("/static/dist/assets/images/flow_background.jpg");
    --pf-c-background-image--BackgroundImage: var(--ak-flow-background);
    --pf-c-background-image--BackgroundImage-2x: var(--ak-flow-background);
    --pf-c-background-image--BackgroundImage--sm: var(--ak-flow-background);
    --pf-c-background-image--BackgroundImage--sm-2x: var(--ak-flow-background);
    --pf-c-background-image--BackgroundImage--lg: var(--ak-flow-background);
}
/* Form with user */
.form-control-static {
    margin-top: var(--pf-global--spacer--sm);
    display: flex;
    align-items: center;
    justify-content: space-between;
}
.form-control-static .avatar {
    display: flex;
    align-items: center;
}
.form-control-static img {
    margin-right: var(--pf-global--spacer--xs);
}
.form-control-static a {
    padding-top: var(--pf-global--spacer--xs);
    padding-bottom: var(--pf-global--spacer--xs);
    line-height: var(--pf-global--spacer--xl);
}
</style>
        <meta name="sentry-trace" content="9c1bc1da946d4f7eaea0203de7135a2b-a6c92271e6c837a7-0" />
    </head>
    <body>
        
<div class="pf-c-background-image">
    <svg xmlns="http://www.w3.org/2000/svg" class="pf-c-background-image__filter" width="0" height="0">
        <filter id="image_overlay">
            <feColorMatrix in="SourceGraphic" type="matrix" values="1.3 0 0 0 0 0 1.3 0 0 0 0 0 1.3 0 0 0 0 0 1 0" />
            <feComponentTransfer color-interpolation-filters="sRGB" result="duotone">
                <feFuncR type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncR>
                <feFuncG type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncG>
                <feFuncB type="table" tableValues="0.086274509803922 0.43921568627451"></feFuncB>
                <feFuncA type="table" tableValues="0 1"></feFuncA>
            </feComponentTransfer>
        </filter>
    </svg>
</div>
<ak-message-container></ak-message-container>
<div class="pf-c-login">
    <div class="ak-login-container">
        <header class="pf-c-login__header">
            <div class="pf-c-brand ak-brand">
                <img src="/static/dist/assets/icons/icon_left_brand.svg" alt="authentik Logo" />
            </div>
        </header>
        
        <main class="pf-c-login__main">
            <header class="pf-c-login__main-header">
                <h1 class="pf-c-title pf-m-3xl">
                    
�      
d
                </h1>
            </header>
            <div class="pf-c-login__main-body">
                
<form method="POST" class="pf-c-form">
    <p></p>
    <a id="ak-back-home" href="/" class="pf-c-button pf-m-primary">
        Go home
    </a>
</form>
            </div>
        </main>
        
        <footer class="pf-c-login__footer">
            <ul class="pf-c-list pf-m-inline">
                
                <li>
                    <a href="https://goauthentik.io?utm_source=authentik">
                        Powered by authentik
                    </a>
                </li>
            </ul>
        </footer>
    </div>
</div>
        
        
    </body>
</html>

It seems that v1 module of github.com/antlr/antlr4/runtime/Go/antlr has been deprecated.

https://github.com/antlr/antlr4/blob/master/runtime/Go/antlr/go.mod

// Deprecated: Please switch to the new v4 module path: github.com/antlr/antlr4/runtime/Go/antlr/v4 - see https://github.com/antlr/antlr4/blob/master/doc/go-target.md
module github.com/antlr/antlr4/runtime/Go/antlr

The new module is github.com/antlr/antlr4/runtime/Go/antlr/v4 and it fit more properly with the idiomatic ways of Go than v1 module.

Is there any plan to migrate to github.com/antlr/antlr4/runtime/Go/antlr/v4? If so, this doc may help.

Login screen not showing

Hi,

I had an issue with the login screen not showing uo when after installing Catalyst on a machine in the cloud.

The authentication URL had seemed to initially redirect to http://localhost:8082 which showed up on the browser address bar and didn't lead to any page.

So I had edited the install_catalyst.sh script with the following changes

    # set default domain
    if [ -z "$1" ]; then
        - echo "No domain provided, using default domain: localhost"
        + echo "No domain provided, using default domain: <IP>"
        - catalyst_domain="localhost"
        + catalyst_domain="<IP>"
    else
        catalyst_domain="$1"
    fi

    # set default hostname
    if [ -z "$2" ]; then
        - echo "No hostname provided, using default: http://localhost"
        + echo "No hostname provided, using default: http://<IP>"
        - catalyst_addr="http://localhost"
        + catalyst_addr="http://<IP>"
    else
        catalyst_addr="$2"
    fi

    # set default authelia hostname
    if [ -z "$3" ]; then
        - echo "No authelia hostname provided, using default: http://localhost:8082"
        + echo "No authelia hostname provided, using default: http://<IP>:8082"
        - authelia_addr="http://localhost:8082"
        + authelia_addr="http://<IP>:8082"
    else
        authelia_addr="$3"
    fi

After the above changes, on browsing to http://<IP>, I was greeted with the screen below

On selecting Login with OIDC it redirected to "http://<IP>:8082" with a blank screen with no login prompt

Please let me know how to solve this issue. Thanks.

Please find the attached logs
catalystlog1.txt
authelialog1.txt

Hello, great tool, i really appreciate your work, i hope it will get even better than this.
The problem: i am using it with Wazuh. I have set up this simple script to send events to catalyst:

import sys
import requests
import json

tokenheader = {'PRIVATE-TOKEN': 'MyToKeN'}

devid = "somestuff"
srcip = "123.456.3.70"
dstip = "170.70.70.70"
action = "blocked"
customer = "blahblah"

r = requests.post('https://my.catalyst.env/api/tickets', verify=False, headers=tokenheader, json={
        "name":"Wazuh | TEST NEW ",
        "status":"open",
        "type":"static-tests",
        "template":"prova",
        "default_template":"prova",
        "details":{
                "description":" DESCRIPTION ",
                "Priority":"Low",
                "status":"Open",
                "Cliente":"" + str(customer),
                "Stato":"New",
                "Category":"Info",
                "Signature":"Qua va messo msg o attack",
                "Source IP":"" + str(srcip),
                "Destination IP":"" + str(dstip),
                "Action":"" + str(action),},
})
print(r.json())
sys.exit(0)

it works fine, it creates the ticket on catalyst and puts the info inside the template. The only problem is that the template is not selected by default:

nothing is shown, my template appears only when i select "change template" and select my template:

this screen is after the template selection from "change template". Is there a way to select the template in advance from the api request? Is this a bug or am i doing something wrong? (My ticket type has for default template my custom template that i want to be shown)

Is it possible to set the admin user role based on OIDC group/role membership? This would make management of admin users much easier.

See https://fritx.github.io/vue-at/#/en/props or https://vue-mention.netlify.app/

Find loops, missing tasks, multiple roots (?) in playbook

Hi! I've encountered another bug (or feature) in catasyt. When i'm trying to filter tickets by any of fiends (creation, status, Last Modification) I got this error

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

Renovate tried to run on this repository, but found these problems.

• WARN: Package lookup failures

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency yaml to v2.2.2 [SECURITY]
• Update module github.com/docker/docker to v20 [SECURITY]
• Update dependency antlr4 to v4.13.1
• Update dependency typescript to v5.2.2
• Update dependency ant-design-vue to v4
• Update module github.com/tus/tusd to v2
• Update typescript-eslint monorepo to v6 (major) (@typescript-eslint/eslint-plugin, @typescript-eslint/parser)
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• Update arangodb/arangodb Docker tag to v3.11.4
• Update dependency @uppy/vue to v0.4.9
• Update dependency swagger-ui to v4.19.1
• Update dependency @uppy/vue to v1
• Update dependency @vue/eslint-config-typescript to v12
• Update dependency chart.js to v4
• Update dependency cypress to v13
• Update dependency eslint to v8
• Update dependency eslint-plugin-vue to v9
• Update dependency splitpanes to v3
• Update dependency swagger-ui to v5
• Update dependency vue to v3
• Update dependency vue-chartjs to v5
• Update dependency vue-router to v4
• Update dependency vuetify to v3
• Update dependency vuex to v4
• Update module github.com/imdario/mergo to v1
• Update ubuntu Docker tag to v22
• Update uppy monorepo to v3 (major) (@uppy/core, @uppy/tus)
• Update vue-cli monorepo to v5 (major) (@vue/cli-plugin-babel, @vue/cli-plugin-eslint, @vue/cli-plugin-pwa, @vue/cli-plugin-router, @vue/cli-plugin-typescript, @vue/cli-plugin-unit-jest, @vue/cli-plugin-vuex, @vue/cli-service)

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Following the installation guide - https://catalyst-soar.com/docs/catalyst/admin/install#installation-process
I tried to execute the installation with the --no-ssl flag:
bash install_catalyst.sh http://192.168.70.252 http://192.168.70.252 --no-ssl admin:admin:[email protected]
But I got the error:
Error: hostname must start with https://
So I tried to install it with https in the hostname
As a result - I was able to access the ip only with http, https was not responding, but and all of the urls in the http page contained https links.
How can I install the system without certificate?

Would like it if we had an OpenAPI specification JSON file for importing to other WebApps.

Add webhook support for better integration.

Discussed in #355

https://vue-responsive-dash-vuetify.netlify.app/#/Chartjs

If you add multiple comments in a row to an investigation ticket, the first comment is displayed multiple times instead of each new comment. When the page is refreshed, the comments then update to whatever you actually submitted.

Example before refresh:

After refresh:

So far I'm really loving Catalyst!

Hello,

I am currently trying to install Catalyst as per the secure install documentation for my organisation (public hospital)
I am now at the point where I have setup the new admin user in keycloak and changed the OIDC settings to match including secret and client ID etc.
When I browse the login page (catalyst.example.local/ui), enter the correct login details, and click login, the login button goes grey and disables and will not proceed any further.
After further investigation, I saw that the HTTP response header says "Wrong username or password" and in the catalyst container logs I can see the username and password are printed.

I also noticed in the network monitor on the browser that the websocket (/wss) is not able to be connected to, I have tried modifying the nginx.conf file to resolve this to no avail.
In the nginx logs, I see that the keep-alive connection for the websocket is getting disconnected - I'm unsure if this would cause this issue.

I will get some more detailed logs and screenshots when I am back at work on Monday, and I am working on this myself to hopefully see if I can make a PR to resolve this for others, but for now just posting this to see if anyone else has had this issue.

I am running this on Ubuntu Server 22.04 on vSphere

• Change owner
• Close
• Open
• Delete

I noticed that catalyst version 0.11.0 can't startup anymore.
When trying to run the docker-compose file locally, I get the following errors:

docker logs catalyst-setup-0103-catalyst-1                                                                                                                                 ✔  5s  
/app/catalyst: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /app/catalyst)
/app/catalyst: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /app/catalyst)

I assume this is because of the version upgrade of some of catalyst's dependencies that came with the release of 0.11.0.
The ubuntu 18.04 base image only offers libc-2.27.so, which is the reason the app can't find this library

A upgrade of this base image probably should do the trick to fix this