IDR_Log Search Fails

When using the IDR plugin to search a log set I get the following error. I have confirmed that the logs exist and my search is valid. Seem like a formatting issue within the plugin.

Log set found.
Found log set with name Ingress Authentication and ID:
Getting logs from: https://us.api.insight.rapid7.com/log_search/query/logsets
Using parameters: {‘query’: ‘where(account="user1@hiltonfoundation.org" AND geoip_country_code != “US”)’, ‘from’: 1620212634000, ‘to’: 1620255834000}
Got a callback url. Polling results…
Trying to get results from callback URL: https://us.api.insight.rapid7.com/log_search/query/
Sending results to orchestrator.
{‘links’: [{‘rel’: ‘Self’, ‘href’: ‘https://us.api.insight.rapid7.com/log_search/management/labels/’}], ‘id’: ‘’} is not of type ‘string’

Failed validating ‘type’ in schema[‘properties’][‘results’][‘items’][‘properties’][‘labels’][‘items’]:
{‘type’: ‘string’}

On instance[‘results’][0][‘labels’][0]:
{‘id’: ‘’,
‘links’: [{‘href’: ‘https://us.api.insight.rapid7.com/log_search/management/labels/’,
‘rel’: ‘Self’}]}

This was acknowledged as a bug here

It is indeed a bug. We’re looking into it. For some reason, the output type changes depending on what the query is, and that trips our type validator into thinking it’s invalid output.

This bug has been patched as of InsightIDR plugin version 3.1.5.

1 Like