Alib333
commented
4 months ago Try setting the url to
Closed aliekberkara closed 2 weeks ago
Alib333
commented
4 months ago Try setting the url to
aliekberkara
commented
4 months ago Isn't it like this?
Alib333
commented
4 months ago make sure you are not mistyping the URL of the misp and the one of opencti should be the actual IP | hostname
Jipegien
commented
4 months ago @aliekberkara Have you managed to make it work with the help provided by your fellow community member ? :)
khalidelborai
commented
3 months ago @Jipegien @aliekberkara After running some tests on an instance running on version 2.4.194
The issue seems to occur whenever i pass timestamp or event_timestapm ( MISP_DATETIME_ATTRIBUTE )while using date_from seems to work with the 500 error.
https://github.com/MISP/PyMISP/blob/9408cf180da9986781c739373aab28fa5fc789ac/pymisp/api.py#L2823
But this will make it fail here https://github.com/OpenCTI-Platform/connectors/blob/1b7003e141d84f65bea8a4543fff311e50fe3253/external-import/misp/src/misp.py#L494
I think a fix would be to have a seperate ENV variable for the filter timestamp/date set by default to date_from, leaving MISP_DATETIME_ATTRIBUTE as it is for other operations.
@Jipegien i will be opening a pull request with the propsed fix it it makes sense.
Further verifications of this scenario would help @aliekberkara .
Misp and OpenCTI work smoothly on my 1...13 and 1...10 servers. I want to integrate Misp into OpenCTI. I do this via portainer. I made the settings of the Misp Connector in the docker-compose.yml file via Portainer. However, although the Misp Connector appears to be working, there is no data flow. When I examine the logs, I encounter the following error. That's my problem.
{"timestamp": "2024-05-22T12:46:47.153598Z", "level": "ERROR", "name": "MISP", "message": "Error fetching misp event again: Error code 500:\n{\"name\":\"An Internal Error Has Occurred.\",\"message\":\"An Internal Error Has Occurred.\",\"url\":\"\\/events\\/restSearch\"}", "exc_info": "Traceback (most recent call last):\n File \"/opt/opencti-connector-misp/misp.py\", line 393, in run\n events = self.misp.search(\"events\", **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 2755, in search\n normalized_response = self._check_json_response(response)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 3706, in _check_json_response\n r = self._check_response(response, expect_json=True)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 3725, in _check_response\n raise MISPServerError(f'Error code 500:\\n{response.text}')\npymisp.exceptions.MISPServerError: Error code 500:\n{\"name\":\"An Internal Error Has Occurred.\",\"message\":\"An Internal Error Has Occurred.\",\"url\":\"\\/events\\/restSearch\"}\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/opt/opencti-connector-misp/misp.py\", line 401, in run\n events = self.misp.search(\"events\", **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 2755, in search\n normalized_response = self._check_json_response(response)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 3706, in _check_json_response\n r = self._check_response(response, expect_json=True)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pymisp/api.py\", line 3725, in _check_response\n raise MISPServerError(f'Error code 500:\\n{response.text}')\npymisp.exceptions.MISPServerError: Error code 500:\n{\"name\":\"An Internal Error Has Occurred.\",\"message\":\"An Internal Error Has Occurred.\",\"url\":\"\\/events\\/restSearch\"}"}