client-python icon indicating copy to clipboard operation
client-python copied to clipboard
verified publisher icon OpenCTI-Platform

Cannot read `x_opencti_workflow_id` from entity

Open NathanC-TC opened this issue 9 months ago • 3 comments

Description

When using vulnerability.read, I cannot return the x_opencti_workflow_id. Instead it errors with {'name': 'GRAPHQL_VALIDATION_FAILED', 'error_message': 'Cannot query field "x_opencti_workflow_id" on type "Vulnerability". Did you mean "x_opencti_stix_ids"?'}

Environment

OpenCTI version: 6.5.3 pycti version: 6.3.4

Reproducible Steps

Steps to create the smallest reproducible scenario: x_opencti_workflow_id = self._client.api.vulnerability.read(customAttributes="x_opencti_workflow_id", id=octi_vuln_data['id'], json_logging=False)

Expected Output

Return x_opencti_workflow_id

Actual Output

{'name': 'GRAPHQL_VALIDATION_FAILED', 'error_message': 'Cannot query field "x_opencti_workflow_id" on type "Vulnerability". Did you mean "x_opencti_stix_ids"?'}

NathanC-TC avatar Mar 12 '25 17:03 NathanC-TC

Hello, in current version of OpenCTI there is no field "x_opencti_workflow_id" thats is exposed in the graphQL API for vulnerability, so the python client cannot query it.

What is avalaible is the current status of vulnerability, so you can get the status id by using:

vulnerability.read(customAttributes="status{id template{name}}", id="xxxx", json_logging=False)

aHenryJard avatar Mar 28 '25 17:03 aHenryJard

Does that solve your issue @NathanC-TC ?

nino-filigran avatar Apr 23 '25 14:04 nino-filigran

Sorry for the late response. Finally was able to test this, and yes this works great! Thanks so much.

NathanC-TC avatar Jun 13 '25 18:06 NathanC-TC