Cortex-Analyzers icon indicating copy to clipboard operation
Cortex-Analyzers copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

[Bug]OpenCTI analyzer 'Unknown type \"CryptographicKey\"

Open igcoser opened this issue 2 years ago • 5 comments

The Cortex analyser is not able to recognise the OpenCTI CryptographicKey type. The opencti_stix_cyber_observable class has it declared but the API client, opencti_api_client, fails to receive that type as a response.

igcoser avatar Aug 11 '22 15:08 igcoser

Hi, I'm having the same error. Any progress so far?

bakhtawarw avatar Sep 14 '22 10:09 bakhtawarw

Hi, not at all. I am trying to develop a custom analyzer for OpenCTI to avoid the bug

igcoser avatar Sep 14 '22 12:09 igcoser

Hi, have you enabled SSL certificates for elastic search and cortex? Maybe that can resolve the error.

bakhtawarw avatar Sep 16 '22 04:09 bakhtawarw

Just need a new tag here to take into account the new version of the Python library in the analyzer.

SamuelHassine avatar Oct 03 '22 10:10 SamuelHassine

It doesn’t work. pycti==5.3.16 and OpenCTI==5.3.16. The error disappears for other versions but still not working neither.

% echo '{"data":"http://89.40.15.153/apache2","dataType":"url","tlp":0}' | python3 opencti.py
ERROR:root:Unknown type "CryptographicKey".
    {"name": error_name, "message": main_error["message"]}
ValueError: {'name': 'Unknown type "CryptographicKey".', 'message': 'Unknown type "CryptographicKey".'}
zsh: done       echo '{"data":"http://89.40.15.153/apache2","dataType":"url","tlp":0}' | 
zsh: killed     python3 opencti.py

igcoser avatar Oct 06 '22 13:10 igcoser