Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cape sandbox] Analysis failing due to incompatable attributes #2357

Closed
human4357 opened this issue Jul 16, 2024 · 0 comments · Fixed by #2361
Closed

[Cape sandbox] Analysis failing due to incompatable attributes #2357

human4357 opened this issue Jul 16, 2024 · 0 comments · Fixed by #2361
Assignees
@romain-filigran
Labels
bug use for describing something not working as expected
Milestone
Release 6.2.7

Comments

@human4357
Copy link

Description

When attempting to push analysis results to OpenCTI, the connector is met with a validation error.

Environment

OS (where OpenCTI server runs): Ubuntu 24.04 LTS
OpenCTI version: 6.2.5
OpenCTI client: Python (probably)
Other environment details: N/A

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Configure cape connector
  2. Attempt to enrich an artifact

Expected Output

Analysis results are reported into OpenCTI

Actual Output

Validation error with message You cannot update incompatible attribute

Additional information

Connector log (screenshot also attached)
{"timestamp": "2024-07-16T10:37:24.935537Z", "level": "ERROR", "name": "CAPEv2 Sandbox", "message": "Error in message processing, reporting error to API", "exc_info": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.11/site-packages/pycti/connector/opencti_connector_helper.py\", line 349, in _data_handler\n message = self.callback(event_data)\n ^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-cape-sandbox/cape-sandbox.py\", line 649, in _process_message\n return self._process_observable(observable)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-cape-sandbox/cape-sandbox.py\", line 631, in _process_observable\n return self._trigger_sandbox(observable)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-cape-sandbox/cape-sandbox.py\", line 623, in _trigger_sandbox\n return self._send_knowledge(observable, response_dict)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-cape-sandbox/cape-sandbox.py\", line 105, in _send_knowledge\n final_observable = self.helper.api.stix_cyber_observable.update_field(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pycti/entities/opencti_stix_cyber_observable.py\", line 1250, in update_field\n result = self.opencti.query(\n ^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pycti/api/opencti_api_client.py\", line 363, in query\n raise ValueError(value_error)\nValueError: {'name': 'VALIDATION_ERROR', 'error_message': 'Validation error', 'http_status': 500, 'genre': 'BUSINESS', 'field': 'hashes.MD5', 'message': 'You cannot update incompatible attribute'}"}

Screenshots (optional)

image
image
image
@human4357 human4357 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jul 16, 2024
@romain-filigran romain-filigran added community support use to identify an issue related to feature developed & maintained by community. and removed needs triage use to identify issue needing triage from Filigran Product team labels Jul 17, 2024
romain-filigran added a commit that referenced this issue Jul 17, 2024
@romain-filigran
https://github.com/OpenCTI-Platform/connectors/issues/2357
cb0cce7
@romain-filigran romain-filigran mentioned this issue Jul 17, 2024
Merged
4 tasks
@romain-filigran romain-filigran linked a pull request Jul 17, 2024 that will close this issue
[cape-sandbox]: Fix, error updating some "File" observable properties #2361
Merged
4 tasks
@romain-filigran romain-filigran self-assigned this Jul 17, 2024
@romain-filigran romain-filigran added this to the Bugs backlog milestone Jul 17, 2024
@romain-filigran romain-filigran removed the community support use to identify an issue related to feature developed & maintained by community. label Jul 17, 2024
@Jipegien Jipegien modified the milestones: Bugs backlog, Release 6.2.7 Jul 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romain-filigran romain-filigran

Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Release 6.2.7
Development

Successfully merging a pull request may close this issue.

[cape-sandbox]: Fix, error updating some "File" observable properties OpenCTI-Platform/connectors
3 participants
@human4357 @Jipegien @romain-filigran