search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
382 stars 416 forks source link

[Yara Scan] Several problem #2546

Closed Lhorus6 closed 4 days ago

Lhorus6 commented 2 months ago

Description

Many issues have been identified. As is, the connector can be deployed in production but its quality is very low.

Non-blocking problem

  1. Many enrichments encounter an error, always the same one.

`Traceback (most recent call last): File "/usr/local/lib/python3.11/site-packages/pycti/connector/opencti_connector_helper.py", line 352, in _data_handler message = self.callback(event_data) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/opencti-yara/main.py", line 107, in _process_message self._scan_artifact(artifact, yara_indicators) File "/opt/opencti-yara/main.py", line 63, in _scan_artifact artifact_contents = self._get_artifact_contents(artifact) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/opencti-yara/main.py", line 27, in _get_artifact_contents file_id = artifact["importFiles"][0]["id"]


IndexError: list index out of range`

![image](https://github.com/user-attachments/assets/1e164f4e-086e-42e8-afbf-893c55e406ab)

![image](https://github.com/user-attachments/assets/0eab5f26-3c57-42d8-a765-f4b9de6f0af5)

2. It does not fill in the "Author" fields of the entities and relationships it creates + It does not apply marking (nb: the connector creates only relationships AFAIK)

![image](https://github.com/user-attachments/assets/7068d6ba-549f-4b8f-abed-1c94c35c6621)

## Environment

OCTI 6.2.14
caineblood commented 2 months ago

that is malware to steal your account; do not under any circumstances download or run it. The post needs to be removed. If you have attempted to run it please have your system cleaned and your account secured immediately.

Lhorus6 commented 2 months ago

I deleted the malicious comment. Thanks for your vigilance @caineblood