opencti icon indicating copy to clipboard operation
opencti copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

"OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration...",

Open igcoser opened this issue 2 years ago • 3 comments

Description

I had configured an analyzer for Cortex with the external docker image that worked in the past. After the pycti update it stopped working because of:

Unknown type \"X509V3ExtensionsType\

which is caused by the image not having the correct version of pycti. Therefore I decided to develop the OpenCTI Custom Analyzer with the correct version of pycti. Which should be 5.3.5. But now it turns out that Cortex is not able to connect to OpenCTI. I'm afraid it's a timing problem.

Environment

  1. pycti >= 5.0.3
  2. python 3.7.3

Actual Output

{
  "errorMessage": "ERROR:root:Unknown type \"X509V3ExtensionsType\".Traceback (most recent call last):  File \"/opt/Cortex-Analyzers/custom_analyzers/opencti-cortex-analyzer/OpenCTI/opencti.py\", line 111, in <module>    OpenCTIAnalyzer().run()  File \"/opt/Cortex-Analyzers/custom_analyzers/opencti-cortex-analyzer/OpenCTI/opencti.py\", line 65, in run    observables = opencti[\"api_client\"].stix_cyber_observable.list(search=data)  File \"/usr/local/lib/python3.7/dist-packages/pycti/entities/opencti_stix_cyber_observable.py\", line 382, in list    \"orderMode\": order_mode,  File \"/usr/local/lib/python3.7/dist-packages/pycti/api/opencti_api_client.py\", line 315, in query    {\"name\": error_name, \"message\": main_error[\"message\"]}ValueError: {'name': 'Unknown type \"X509V3ExtensionsType\".', 'message': 'Unknown type \"X509V3ExtensionsType\".'}",
  "input": null,
  "success": false
}

igcoser avatar Sep 15 '22 14:09 igcoser

Hi, the version of pycti to use must be perfectly align with the current platform version.

richard-julien avatar Sep 16 '22 12:09 richard-julien

Hi, could please let me know which platform version should be the indicated for a pycti version 5.3.5? Thanks

igcoser avatar Sep 16 '22 15:09 igcoser

The 5.3.5

richard-julien avatar Sep 16 '22 16:09 richard-julien

Hi, thank you for your message. I upgraded pycti to 5.3.5, 5.3.7 and 5.3.15 to test and it resolves the previous problem and the https://github.com/TheHive-Project/Cortex-Analyzers/issues/1104

pycti 5.3.7

but it returns the following error in Cortex:

{
  "errorMessage": "",
  "input": null,
  "success": false
}

and if run it locally:

echo'{"data":"http://89.40.15.153/apache2","dataType":"url","tlp":0}' | python3 opencti.py
ERROR:root:Unknown type "CryptographicKey".
Traceback (most recent call last):
  File "opencti.py", line 114, in <module>
    OpenCTIAnalyzer().run()
  File "opencti.py", line 68, in run
    observables = opencti["api_client"].stix_cyber_observable.list(search=data)
  File "/.pyenv/versions/3.7.12/lib/python3.7/site-packages/pycti/entities/opencti_stix_cyber_observable.py", line 364, in list
    "orderMode": order_mode,
  File "/.pyenv/versions/3.7.12/lib/python3.7/site-packages/pycti/api/opencti_api_client.py", line 315, in query
    {"name": error_name, "message": main_error["message"]}
ValueError: {'name': 'Unknown type "CryptographicKey".', 'message': 'Unknown type "CryptographicKey".'}
zsh: done       echo '{"data":"http://89.40.15.153/apache2","dataType":"url","tlp":0}' | 
zsh: killed     python3 opencti.py

Could please guide me on how to resolve this? Thank you

igcoser avatar Sep 28 '22 11:09 igcoser

same issue here!

HolzmanoLagrene avatar Jan 09 '23 15:01 HolzmanoLagrene

Hi @HolzmanoLagrene, this kind of error is 99% due to a misalignment between opencti version and connectors versions. Can you double check that all the versions that you currently running are aligned? thanks

richard-julien avatar Jan 09 '23 16:01 richard-julien

I think I managed to fix this in the end. Thanks for your support.

HolzmanoLagrene avatar Oct 13 '23 06:10 HolzmanoLagrene