connectors
connectors copied to clipboard
OpenCTI-Platform
Qradar-Connector Deprecated API
The URL used in the qradar connector script is pointing to a deprecated qradar API.
Environment
- OS (where OpenCTI server runs): Ubuntu 20.04.6
- OpenCTI version: OpenCTI 6.1.0
- OpenCTI client: 6.1.0
- Other environment details: qradar-connector:6.1.0
Reproducible Steps
Steps to create the smallest reproducible scenario:
- Configure docker-compose.yml
- configure and export env variables
- run: docker stack deploy ...
- create a live stream in data sharing
- Configure and run the qradar-connector
Expected Output
Reference Set should be created on qradar.
Actual Output
Container keeps restarting and giving this error:
{"timestamp": "2024-05-14T11:31:37.874929Z", "level": "ERROR", "name": "OpenCTI QRADAR Connector", "message": "an error occurred while consuming messages", "exc_info": "Traceback (most recent call last):\n File "/opt/opencti-connector-qradar/qradar.py", line 175, in consume\n self._consume()\n File "/opt/opencti-connector-qradar/qradar.py", line 196, in consume\n self.qradar_reference.create(id, payload)\n File "/opt/opencti-connector-qradar/qradar.py", line 62, in create\n f"{self.collection_url}{self.get_type(payload)}",\n ^^^^^^^^^^^^^^^^^^^^^^\n File "/opt/opencti-connector-qradar/qradar.py", line 49, in get_type\n ).group(1)\n ^^^^^\nAttributeError: 'NoneType' object has no attribute 'group'"} {"timestamp": "2024-05-14T11:31:37.875405Z", "level": "ERROR", "name": "OpenCTI QRADAR Connector", "message": "an error occurred while consuming messages", "exc_info": "Traceback (most recent call last):\n File "/opt/opencti-connector-qradar/qradar.py", line 175, in consume\n self._consume()\n File "/opt/opencti-connector-qradar/qradar.py", line 196, in consume\n self.qradar_reference.create(id, payload)\n File "/opt/opencti-connector-qradar/qradar.py", line 62, in create\n f"{self.collection_url}{self.get_type(payload)}",\n ^^^^^^^^^^^^^^^^^^^^^^\n File "/opt/opencti-connector-qradar/qradar.py", line 49, in get_type\n ).group(1)\n ^^^^^\nAttributeError: 'NoneType' object has no attribute 'group'"} {"timestamp": "2024-05-14T11:31:37.875628Z", "level": "ERROR", "name": "OpenCTI QRADAR Connector", "message": "'NoneType' object has no attribute 'group'", "exc_info": "Traceback (most recent call last):\n File "/opt/opencti-connector-qradar/qradar.py", line 175, in consume\n self._consume()\n File "/opt/opencti-connector-qradar/qradar.py", line 196, in consume\n self.qradar_reference.create(id, payload)\n File "/opt/opencti-connector-qradar/qradar.py", line 62, in create\n f"{self.collection_url}{self.get_type(payload)}",\n ^^^^^^^^^^^^^^^^^^^^^^\n File "/opt/opencti-connector-qradar/qradar.py", line 49, in get_type\n ).group(1)\n ^^^^^\nAttributeError: 'NoneType' object has no attribute 'group'"}
Additional information
I have observed that the api url used in the python script is pointing to a deprecated version: Actual URL in the script: /reference_data/sets (Deprecated) The new value: /reference_data_collections/sets
I don't know if this have anything to do with the issue I am getting, but I think it might be the problem.
Screenshots (optional)
Yes the API url is outdated. I had to modify it to the current version to get it running.
Hello @Alib333 and @timebotdon In fact, the API request is deprecated, I will update it with the new value. ;)
