search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
382 stars 416 forks source link

[InfoBlox] External Import Connector Error while getting intellgience #2755

Open The-Stuke opened 1 month ago

The-Stuke commented 1 month ago

Description

Since updating to OpenCTI 6.3.4 from 6.2.18 the Infoblox connector no longer pulls in threat intelligence. Error logs are shown below in Actual Output. We jumped from 6.2.18 to 6.3.4 so this could have been introduced in between the two versions.

Environment

  1. OS (where OpenCTI server runs): Docker
  2. OpenCTI version: 6.3.4
  3. OpenCTI client: N/A
  4. Other environment details: N/A

Reproducible Steps

  1. Enable the InfoBlox External Stream Connector with below config
  connector-infoblox:
    image: opencti/connector-infoblox:6.3.4
    environment:
      - OPENCTI_URL=http://opencti:8080
      - OPENCTI_TOKEN=${INFOBLOX_OPENCTI_TOKEN}
      - CONNECTOR_ID=${INFOBLOX_CONNECTOR_ID}
      - CONNECTOR_TYPE=EXTERNAL_IMPORT
      - CONNECTOR_NAME=InfoBlox
      - CONNECTOR_LOG_LEVEL=error
      - INFOBLOX_API_KEY=${INFOBLOX_API_KEY}
      - INFOBLOX_INTERVAL=1 # In hours
      - INFOBLOX_IOC_LIMIT=10000 # Limit of IOCs to import (for each IOC types)
      - INFOBLOX_URL=https://csp.infoblox.com/tide/api/data/threats
      - INFOBLOX_MARKING=TLP:AMBER
    restart: always

Expected Output

Importing of Threat Intel from InfoBlox.

Actual Output

2024-10-03T18:18:10.313092201Z ERROR Error while getting intelligence from Infoblox: Expecting value: line 1 column 1 (char 0) | timestamp=2024-10-03T18:18:10.312810Z name=InfoBlox exc_info=Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 974, in json
    return complexjson.loads(self.text, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/simplejson/__init__.py", line 514, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/simplejson/decoder.py", line 386, in decode
    obj, end = self.raw_decode(s)
               ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/simplejson/decoder.py", line 416, in raw_decode
    return self.scan_once(s, idx=_w(s, idx).end())
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/opencti-connector-infoblox/infoblox.py", line 97, in infoblox_api_get
    r_json = response.json()
             ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 978, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0) 
2024-10-03T18:18:10.313674680Z ERROR 'NoneType' object is not subscriptable | timestamp=2024-10-03T18:18:10.313530Z name=InfoBlox exc_info=Traceback (most recent call last):
  File "/opt/opencti-connector-infoblox/infoblox.py", line 248, in opencti_bundle
    var_ip = json.loads(info[0])
                        ~~~~^^^
TypeError: 'NoneType' object is not subscriptable

Additional information

Screenshots (optional)

Jobs show no data being pulled into the platform. image