connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

cve connector doesn't pull anything without error

Open 50YUD4N60 opened this issue 1 year ago • 3 comments

Description

Can't pull cve info with cve connector,

suppose starting to pull data after "message": "[CONNECTOR] Connector retrieve CVE history for year 2019, 365 days left"}, but it stuck at here.

Environment

  1. OS Ubuntu 16.4
  2. OpenCTI version:OpenCTI 6.0.10
  3. OpenCTI client: { e.g. frontend or python }
  4. Other environment details: Python 3.10.12

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. sudo docker-compose up -d

Expected Output

image

Actual Output

image

Additional information

my config in docker-compose.yml

connector-cve: image: opencti/connector-cve:6.0.10 environment: - OPENCTI_URL=http://opencti:8080 - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN} - CONNECTOR_ID=${CONNECTOR_CVE} - CONNECTOR_NAME=Common Vulnerabilities and Exposures - CONNECTOR_SCOPE=identity,vulnerability - CONNECTOR_CONFIDENCE_LEVEL=75 # From 0 (Unknown) to 100 (Fully trusted) - CONNECTOR_RUN_AND_TERMINATE=true - CONNECTOR_LOG_LEVEL=debug - CVE_BASE_URL=https://services.nvd.nist.gov/rest/json/cves - CVE_API_KEY=${NVD_API_KEY} - CVE_INTERVAL=2 # Required, in hours advice min 2 - CVE_MAX_DATE_RANGE=100 # In days, max 120 - CVE_MAINTAIN_DATA=true # Required, retrieve only updated data - CVE_PULL_HISTORY=true # If true, CVE_HISTORY_START_YEAR is required - CVE_HISTORY_START_YEAR=2019 # Required if pull_history is True, min 2019 (see documentation CVE and CVSS base score V3.1) restart: always depends_on: - opencti

Screenshots (optional)

50YUD4N60 avatar Apr 26 '24 09:04 50YUD4N60

I have the same problem. How to solve this? And in my platform(data-->ingestion-->connectors), I can not find the cve connetor. opencti version:6.0.10

Misschihiro avatar May 16 '24 02:05 Misschihiro

@Misschihiro @50YUD4N60 I'm on it, I'll give you an update

@Misschihiro If you cannot find CVE connector, it's probably a misconfiguration when it is deployed and an another issue can be open or you can write to me on Slack to check it, @50YUD4N60 do you see the CVE connector in Data Ingestion tab ?

helene-nguyen avatar May 16 '24 05:05 helene-nguyen

@50YUD4N60 I've deployed the connector to test it and it may take some time to get the first data from 2019, but everything seems to work.

image

Could you update your platform and try again? Sometimes, from one network to another, you can have some latency

helene-nguyen avatar May 16 '24 06:05 helene-nguyen

@50YUD4N60 Do you have any update? I close the issue for now but it can be re-opened if needed :)

helene-nguyen avatar May 29 '24 07:05 helene-nguyen

Hello! I am having the same problem. My config for the cve connector is the same as @50YUD4N60

anavitgo avatar Aug 14 '24 09:08 anavitgo

btw, what is the problem that the connectors exceed the max tries to connect to opencti on /graphql endpoint? Is this expected?

anavitgo avatar Aug 14 '24 09:08 anavitgo

@anavitgo If you pull the history, could you try 2024 in the configuration file? If the connectors exceed the max tries, it means that it cannot connect to your OpenCTI, could you check the logs ?

helene-nguyen avatar Aug 14 '24 12:08 helene-nguyen