search

OpenCTI-Platform / connectors

OpenCTI Connectors
https://www.opencti.io
Apache License 2.0
384 stars 415 forks source link

[Tenable] Error while importing data #2997

Open NexusFuzzy opened 5 days ago

NexusFuzzy commented 5 days ago

Description

When running the connector, an error is thrown in the container log and no data is ingested

Environment

  1. OS (where OpenCTI server runs): SLES
  2. OpenCTI version: 6.4.0
  3. OpenCTI client: frontend
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Add Tenable to docker-compose.yml
  2. Restart platform

Expected Output

Vulnerability data should be imported

Actual Output

Within container logs, errors are thrown:

{"timestamp": "2024-11-20T08:19:15.219265Z", "level": "ERROR", "name": "Tenable Vuln Management", "message": "Unexpected Tenable API response", "exc_info": "Traceback (most recent call last):\n File \"/opt/opencti-connector-tenable-vuln-management/tenable_vuln_management/connector.py\", line 166, in _process\n VulnerabilityFinding.from_api_response_body(\n File \"/opt/opencti-connector-tenable-vuln-management/tenable_vuln_management/models/tenable.py\", line 392, in from_api_response_body\n return [cls(**item) for item in joined_data]\n ^^^^^^^^^^^\n File \"/usr/local/lib/python3.12/site-packages/pydantic/main.py\", line 193, in __init__\n self.__pydantic_validator__.validate_python(data, self_instance=self)\npydantic_core._pydantic_core.ValidationError: 3 validation errors for VulnerabilityFinding\nasset.last_scan_target\n Extra inputs are not permitted [type=extra_forbidden, input_value='10.41.174.113', input_type=str]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden\nplugin.has_workaround\n](https://errors.pydantic.dev/2.8/v/extra_forbidden/nplugin.has_workaround/n) Extra inputs are not permitted [type=extra_forbidden, input_value=False, input_type=bool]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden\nscan.target\n](https://errors.pydantic.dev/2.8/v/extra_forbidden/nscan.target/n) Extra inputs are not permitted [type=extra_forbidden, input_value='10.10.10.10', input_type=str]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden"](https://errors.pydantic.dev/2.8/v/extra_forbidden%22), "taskName": null, "attributes": {"error": "3 validation errors for VulnerabilityFinding\nasset.last_scan_target\n Extra inputs are not permitted [type=extra_forbidden, input_value='10.10.10.10', input_type=str]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden\nplugin.has_workaround\n](https://errors.pydantic.dev/2.8/v/extra_forbidden/nplugin.has_workaround/n) Extra inputs are not permitted [type=extra_forbidden, input_value=False, input_type=bool]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden\nscan.target\n](https://errors.pydantic.dev/2.8/v/extra_forbidden/nscan.target/n) Extra inputs are not permitted [type=extra_forbidden, input_value='10.10.10.10', input_type=str]\n For further information visit [https://errors.pydantic.dev/2.8/v/extra_forbidden"}}](https://errors.pydantic.dev/2.8/v/extra_forbidden%22%7D%7D)

Additional information

` connector-tenable-vuln-management: image: opencti/connector-tenable-vuln-management:6.4.0 environment:

Connector's generic execution parameters

  - OPENCTI_URL=https://opencti:8080/
  - OPENCTI_TOKEN=<TOKEN>
  - CONNECTOR_ID=c532f859-bca7-4236-bc04-3d497a75f529

  # Connector's definition parameters REQUIRED
  - "CONNECTOR_NAME=Tenable Vuln Management"
  - CONNECTOR_SCOPE=vulnerability
  - CONNECTOR_LOG_LEVEL=error
  - CONNECTOR_DURATION_PERIOD=P0Y0M0DT0H5M0S # ISO8601 format in String, start with 'P...' for Period

  # Connector's definition parameters OPTIONAL
  # - CONNECTOR_QUEUE_THRESHOLD=500 # Default 500Mo, Float accepted
  # - CONNECTOR_RUN_AND_TERMINATE=False # Default False, True run connector once
  # - CONNECTOR_SEND_TO_QUEUE=True # Default True
  # - CONNECTOR_SEND_TO_DIRECTORY=False # Default False
  # - CONNECTOR_SEND_TO_DIRECTORY_PATH=CHANGEME # if CONNECTOR_SEND_TO_DIRECTORY is True, you must specify a path
  # - CONNECTOR_SEND_TO_DIRECTORY_RETENTION=7 # Default 7, in days

  # Connector's custom execution parameters
  - TIO_NUM_THREADS=2
  - TIO_API_BASE_URL=https://cloud.tenable.com/
  - TIO_API_ACCESS_KEY=<KEY>
  - TIO_API_SECRET_KEY=<KEY>
  - TIO_API_TIMEOUT=30
  - TIO_API_BACKOFF=1
  - TIO_API_RETRIES=5
  - TIO_EXPORT_SINCE=2023-01-01T00:00:00+01:00 # ISO8601 format in String
  - TIO_MIN_SEVERITY=low # minimal severity level to export from Tenable.io, should be in (info, low, medium, high, critical)
  - "TIO_MARKING_DEFINITION=TLP:AMBER" # default TLP marking to apply to exported objects

restart: unless-stopped

`

Screenshots (optional)