TheHive/CAPE flow needs a "wait node"

When an suspicious url or file is uploaded to the TheHive (incident response platform) and gets tagged with “cape” the flow wil upload the object to an automated malware analysis sandbox (CAPEv2)
the only thing have not solved yet, is the time-out. N8n needs to wait for the sandbox to complete the analysis. but i can’t think up a simple manner to do so. Can anyone share some tought about how to adress this?

We have a PR that we will hopefully get merge soon that contains wait functionality:

You can then easily define in a node to wait for a certain amount of time, or wait until a webhook gets called. That should solve this problem if I understand it correctly.

Hi Jan, tnxs for the fast reply, appriciate it!

i’m still learning, i’m not yet that seasoned that i easly can add some java script to a function node, well with that said i did try this

it’s one of your suggestion on an other comment, however were talking some serieus waiting time here, sometimes up to 518 seconds, as the sandbox needs to spin up and spin down a vm, execute the code and do some processing on the data it extracts

Hey @Ruben!

You can change the time in the code. However, that won’t be an efficient solution. If you have set a timeout for your workflows, you might have to increase that as well. Is there a possibility that the sandbox sends a webhook call when it finishes processing? This way you can hook up a Webhook node and build a workflow that gets triggered when the processing by the sandbox is complete.

As far as i’m aware CAPE does only provide RESTapi’s and no webhooks, however i’ll think they can be created without to much fuzz, as it’s frontend is build on the Django Framework. I will look into that for the comming days.

1 Like

Ah yes, the wait-branch got actually created to handle very serious wait times. Even waiting for years would not be a problem.

1 Like

cool! then i think i’ll just wait a little longer for the PR to get merged :grinning:

This is awesome news! Super excited!!