Cortex-Analyzers icon indicating copy to clipboard operation
Cortex-Analyzers copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

OpenCTI analyzers not working

Open bakhtawarw opened this issue 2 years ago • 3 comments

Describe the bug I enabled opencti analyzers in cortex but I'm getting the following error for both of the analyzers.

Traceback (most recent call last): File "/worker/OpenCTI/opencti.py", line 111, in OpenCTIAnalyzer().run() File "/worker/OpenCTI/opencti.py", line 97, in run del(report["x_opencti_graph_data"]) KeyError: 'x_opencti_graph_data' Killed

To Reproduce Steps to reproduce the behavior:

  1. Run analyzer on observavble.

Expected behavior Report about the observable from opencti.

Work environment

  • 2 Ubuntu 20.04 Virtual machines. Cortex is deployed on one vm and opencti on another.

  • Browse type and version:

  • Cortex version: 3.1.6-1

  • Cortex Analyzer/Responder name: OpenCTI_SearchObservables_2_0 & OpenCTI_SearchExactObservable_2_0

  • Opencti version : 5.3.7

bakhtawarw avatar Sep 02 '22 07:09 bakhtawarw

Just need a new tag here to take into account the new version of the Python library in the analyzer.

SamuelHassine avatar Oct 03 '22 10:10 SamuelHassine

Make sure that you are not accessing # del (report["x_opencti_graph_data"]) in your analyzer.

igcoser avatar Oct 18 '22 14:10 igcoser

still doesnt work. is there an updated Docker container yet?

HolzmanoLagrene avatar Jan 10 '23 13:01 HolzmanoLagrene