connectors icon indicating copy to clipboard operation
connectors copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

[Mandiant] Receiving API HTTP 400 errors

Open cwrw404 opened this issue 2 years ago • 0 comments

Description

Mandiant Connector is receving HTTP 400 errors on some requests. Potential bad request.

This is also spawning a fetch job every minute.

Environment

  1. Ubuntu 22.04 running Docker (managed by Portainer)
  2. OpenCTI v5.3.7
  3. Mandiant Connector v5.3.7

Reproducible Steps

Run Mandiant Connector and observe logs

Expected Output

HTTP 200 'OK' responses

Actual Output

HTTP 400 'Bad Request' responses

Additional information

DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 205
DEBUG:urllib3.connectionpool:Resetting dropped connection: opencti
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 205
INFO:root:Synchronizing with Mandiant API...
INFO:root:Initiate work for 5475a9b5-e67e-4ad9-8b52-98057f8b52b1
DEBUG:urllib3.connectionpool:Resetting dropped connection: opencti
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 81
INFO:root:Get ACTOR after position 270
INFO:root:Iterating with limit=30 and offset=270
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.intelligence.fireeye.com:443
DEBUG:urllib3.connectionpool:https://api.intelligence.fireeye.com:443 "GET /v4/actor?limit=30&offset=270 HTTP/1.1" 200 None
INFO:root:Setting new state {'actor': 270, 'malware': 4080, 'vulnerability': 1686409200, 'indicator': 1686405600, 'report': 3600}
INFO:root:Get MALWARE after position 4080
INFO:root:Iterating with limit=10 and offset=4080
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.intelligence.fireeye.com:443
DEBUG:urllib3.connectionpool:https://api.intelligence.fireeye.com:443 "GET /v4/malware?limit=10&offset=4080 HTTP/1.1" 200 46
INFO:root:Setting new state {'actor': 270, 'malware': 4080, 'vulnerability': 1686409200, 'indicator': 1686405600, 'report': 3600}
INFO:root:Get VULNERABILITY after position 1686409200
INFO:root:Iterating with start_epoch=1686409200, end_epoch=1686412800
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.intelligence.fireeye.com:443
DEBUG:urllib3.connectionpool:https://api.intelligence.fireeye.com:443 "GET /v4/vulnerability?limit=1000&start_epoch=1686409200&end_epoch=1686412800 HTTP/1.1" 400 39
INFO:root:Setting new state {'actor': 270, 'malware': 4080, 'vulnerability': 1686412800, 'indicator': 1686405600, 'report': 3600}
INFO:root:Get INDICATOR after position 1686405600
INFO:root:Iterating with start_epoch=1686405600, end_epoch=1686409200
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.intelligence.fireeye.com:443
DEBUG:urllib3.connectionpool:https://api.intelligence.fireeye.com:443 "GET /v4/indicator?limit=1000&start_epoch=1686405600&end_epoch=1686409200 HTTP/1.1" 400 39
INFO:root:Get REPORT after position 3600
INFO:root:Iterating with start_epoch=3600, end_epoch=7200
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): api.intelligence.fireeye.com:443
DEBUG:urllib3.connectionpool:https://api.intelligence.fireeye.com:443 "GET /v4/reports?limit=1000&start_epoch=3600&end_epoch=7200 HTTP/1.1" 400 58
ERROR:root:An unknown error occurred

cwrw404 avatar Jul 05 '22 21:07 cwrw404