Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] OpenCTI Analyser #1182

Closed
FormindMPO opened this issue Apr 27, 2023 · 0 comments · Fixed by #1183
Closed

[Bug] OpenCTI Analyser #1182

FormindMPO opened this issue Apr 27, 2023 · 0 comments · Fixed by #1183
Assignees
@jeromeleonard
Labels
category:bug Issue is related to a bug
Milestone
3.3.0

Comments

@FormindMPO
Copy link
Contributor

Describe the bug

OpenCTI analyser is not working if any observable found is related to a report

To Reproduce

Steps to reproduce the behavior:

  1. Using any OpenCTI instance, create an observable, with an indicator.
  2. Create a report using this indicator (hence this observable) :

image

  1. Search for this observable using Cortex-Analyzers/analyzers/OpenCTI

Expected behavior

Informations about this observable

Error

Traceback (most recent call last): 
File "/worker/OpenCTI/opencti.py", line 111, in <module> OpenCTIAnalyzer().run()
File "/worker/OpenCTI/opencti.py", line 97, in run del(report["x_opencti_graph_data"]) 
KeyError: 'x_opencti_graph_data' Killed

Complementary information

/

Work environment

  • Client OS: Windows
  • Server OS: Linux
  • Browse type and version:
  • Cortex version: any
  • Cortex Analyzer/Responder name: any
  • Cortex Analyzer/Responder version: any
  • OpenCTI version : >=5.0.0

Possible solutions

OpenCTI removed the "x_opencti" field 2 yers ago in this commit d008b33.
You only need to remove line 97 from opencti.py :

del(report["x_opencti_graph_data"])

Then, please release a new dockerhub opencti_searchexactobservables and opencti_searchobservables version
Thank you !

Additional context

/
FormindMPO added a commit to FormindMPO/Cortex-Analyzers that referenced this issue Apr 27, 2023
@FormindMPO
Editing bug related to https://github.com TheHive-Project#1182
1a8a097 
TheHive-Project#1182
@FormindMPO FormindMPO mentioned this issue Apr 27, 2023
Merged
@jeromeleonard jeromeleonard linked a pull request Aug 1, 2023 that will close this issue
Editing bug related to https://github.com #1182 #1183
Merged
@jeromeleonard jeromeleonard added this to the 3.3.0 milestone Aug 1, 2023
@jeromeleonard jeromeleonard added the category:bug Issue is related to a bug label Aug 1, 2023
@jeromeleonard jeromeleonard self-assigned this Aug 1, 2023
jeromeleonard added a commit that referenced this issue Aug 4, 2023
@jeromeleonard
Merge pull request #1183 from FormindMPO/master
c56af7a 
Editing bug related to https://github.com #1182
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeromeleonard jeromeleonard

Labels
category:bug Issue is related to a bug
Projects
None yet
Milestone
3.3.0
Development

Successfully merging a pull request may close this issue.

Editing bug related to https://github.com #1182 FormindMPO/Cortex-Analyzers
2 participants
@jeromeleonard @FormindMPO