search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
383 stars 415 forks source link

[Crowdstrike-Security-Endpoint] Error while processing indicator #2980

Closed troll-os closed 49 minutes ago

troll-os commented 4 days ago

Description

The CrowdStrike Security Endpoint connector is failing to process data

Environment

Filigran SaaS

Reproducible Steps

Run the CS Security Endpoint connector in error log level

Expected Output

No logs

Actual Output

{"timestamp": "2024-11-18T10:11:54.854171Z", "level": "ERROR", "name": "CrowdStrike Endpoint Security", "message": "[API] Error while processing indicator", "exc_info": "NoneType: None", "taskName": null, "attributes": {"error_message":"check fql filter"}}

{"timestamp": "2024-11-18T10:11:54.859639Z", "level": "ERROR", "name": "CrowdStrike Endpoint Security", "message": "Error in ListenStream loop, exit.", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.12/site-packages/pycti/connector/opencti_connector_helper.py\", line 650, in run    self.callback(msg)  File \"/opt/opencti-connector-crowdstrike-endpoint-security/crowdstrike_connector/crowdstrike.py\", line 72, in _process_message  self.client.create_indicator(data, msg.event)\n  File \"/opt/opencti-connector-crowdstrike-endpoint-security/crowdstrike_services/client.py\", line 231, in create_indicator if len(ioc_cs) == 0: TypeError: object of type 'NoneType' has no len()", "taskName": null, "attributes": {"reason": "object of type 'NoneType' has no len()"}}

Additional information

Screenshots (optional)

gileri commented 1 day ago

We still hit the issue on 6.4.0 :

{"timestamp": "2024-11-21T16:45:05.423941Z", "level": "ERROR", "name": "CrowdStrike Endpoint Security", "message": "[API] Error while processing indicator", "exc_info": "NoneType: None", "taskName": null, "attributes": {"error_message": "check fql filter"}}
{"timestamp": "2024-11-21T16:45:05.430909Z", "level": "ERROR", "name": "CrowdStrike Endpoint Security", "message": "Error in ListenStream loop, exit.", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.12/site-packages/pycti/connector/opencti_connector_helper.py\", line 658, in run\n    self.callback(msg)\n  File \"/opt/opencti-connector-crowdstrike-endpoint-security/crowdstrike_connector/crowdstrike.py\", line 72, in _process_message\n    self.client.create_indicator(data, msg.event)\n  File \"/opt/opencti-connector-crowdstrike-endpoint-security/crowdstrike_services/client.py\", line 231, in create_indicator\n    if len(ioc_cs) == 0:\n       ^^^^^^^^^^^\nTypeError: object of type 'NoneType' has no len()", "taskName": null, "attributes": {"reason": "object of type 'NoneType' has no len()"}}
Terminated
helene-nguyen commented 12 hours ago

@gileri my bad, I've not seen the 2nd same condition that needs changes, I'm on it