search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
384 stars 415 forks source link

[RecordedFuture] Unexpected error #2989

Closed troll-os closed 4 days ago

troll-os commented 1 week ago

Description

The Recorded Future connector configured for Alerting is crashing when deployed

Environment

Filigran SaaS

Reproducible Steps

Run the RF connector with following config : 

ALERT_DEFAULT_OPENCTI_SEVERITY: 'P3 - low'
ALERT_ENABLE: 'True'
ALERT_PRIORITY_ALERTS_ONLY: 'True'
CONNECTOR_DURATION_PERIOD: PT5M
CONNECTOR_SCOPE: ipv4-addr,ipv6-addr,vulnerability,domain,url,StixFile
PLAYBOOK_ALERT_DEBUG: 'False'
PLAYBOOK_ALERT_ENABLE: 'False'
PLAYBOOK_ALERT_SEVERITY_THRESHOLD_CODE_REPO_LEAKAGE: 'Informational'
PLAYBOOK_ALERT_SEVERITY_THRESHOLD_DOMAIN_ABUSE: 'Informational'
PLAYBOOK_ALERT_SEVERITY_THRESHOLD_IDENTITY_NOVEL_EXPOSURES: 'Informational'
RECORDED_FUTURE_INITIAL_LOOKBACK: '240'
RECORDED_FUTURE_INSIKT_ONLY: 'True'
RECORDED_FUTURE_LAST_PUBLISHED_NOTES: '24'
RECORDED_FUTURE_PERSON_TO_TA: 'True'
RECORDED_FUTURE_PULL_ANALYST_NOTES: 'False'
RECORDED_FUTURE_PULL_RISK_LIST: 'False'
RECORDED_FUTURE_PULL_SIGNATURES: 'True'
RECORDED_FUTURE_PULL_THREAT_MAPS: 'False'
RECORDED_FUTURE_RISKLIST_RELATED_ENTITIES: 'Malware,Hash,URL,Threat Actor,MitreAttackIdentifier'
RECORDED_FUTURE_RISK_AS_SCORE: 'True'
RECORDED_FUTURE_RISK_LIST_THRESHOLD: '70'
RECORDED_FUTURE_RISK_THRESHOLD: '58'
RECORDED_FUTURE_TA_TO_INTRUSION_SET: 'True'
RECORDED_FUTURE_TLP: Green

Expected Output

Connector working without issues

Actual Output

{
  "timestamp": "2024-11-18T15:24:18.337440Z",
  "level": "ERROR",
  "name": "recordedfuture-alerts",
  "message": "[ERROR] An unexpected error occurred during schedule",
  "exc_info": "Traceback (most recent call last):\n  File \"/opt/opencti-connector-recorded-future/rflib/pyrf.py\", line 506, in get_prioritedrule_ids\n    response.headers.get(\"Content-Type\")\nAssertionError: Unexpected Content-Type from ApiRecordedFuture: application/json\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.12/site-packages/pycti/connector/opencti_connector_helper.py\", line 1380, in schedule_process\n    message_callback()\n  File \"/opt/opencti-connector-recorded-future/main.py\", line 341, in all_processes\n    self.alerts.run()\n  File \"/opt/opencti-connector-recorded-future/rflib/rf_alerts.py\", line 135, in run\n    self.update_rules()\n  File \"/opt/opencti-connector-recorded-future/rflib/rf_alerts.py\", line 118, in update_rules\n    self.api_recorded_future.get_prioritedrule_ids(limit=100)\n  File \"/opt/opencti-connector-recorded-future/rflib/pyrf.py\", line 536, in get_prioritedrule_ids\n    raise RuntimeError(\"Unexpected error\")\nRuntimeError: Unexpected error",
  "taskName": null,
  "attributes": {
    "reason": "Unexpected error"
  }
}

Additional information

Screenshots (optional)