[OPENCTI-MODULE] INGESTION - Error with taxii handler CISA-GOV - Atribute Must be a string

[AndrewH3215]

Description

I am trying to set up a TAXII Ingester for a CISA-AIS Taxii Feed . After I input the necessary information and the taxii ID I am getting a Validation error

Environment

1. OS : Ubuntu
2. OpenCTI version: OpenCTI 6.3.5
3. OpenCTI client: frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Set up TAXII Feed from CISA-AIS

Expected Output

Receive threat intel ingestion

Actual Output

No works registered , no messages in RabbitMQ queues .

`

{
  "category": "APP",
  "level": "error",
  "message": "[OPENCTI-MODULE] INGESTION - Error with taxii handler CISA-GOV",
  "source": "backend",
  "timestamp": "2024-10-15T12:44:04.409Z",
  "version": "6.3.5"
}

{
  "category": "APP",
  "context": "Taxii ingestion execution",
  "errors": [
    {
      "attributes": {
        "field": "current_state_cursor",
        "genre": "BUSINESS",
        "http_status": 500
      },
      "message": "Attribute must be a string",
      "name": "VALIDATION_ERROR",
      "stack": "
    GraphQLError: Attribute must be a string\n    at error (/opt/opencti/build/src/config/errors.js:7:10)\n    at ValidationError (/opt/opencti/build/src/config/errors.js:129:58)\n    at validateAndFormatSchemaAttribute (/opt/opencti/build/src/schema/schema-validator.ts:46:15)\n    at /opt/opencti/build/src/schema/schema-validator.ts:98:7\n    at Array.forEach (<anonymous>)\n    at fn (/opt/opencti/build/src/schema/schema-validator.ts:96:16)\n    at telemetry (/opt/opencti/build/src/config/tracing.ts:109:12)\n    at validateFormatSchemaAttributes (/opt/opencti/build/src/schema/schema-validator.ts:101:10)\n    at fn (/opt/opencti/build/src/schema/schema-validator.ts:230:11)\n    at telemetry (/opt/opencti/build/src/config/tracing.ts:109:12)\n    at validateInputUpdate (/opt/opencti/build/src/schema/schema-validator.ts:245:10)\n    at updateAttribute (/opt/opencti/build/src/database/middleware.js:2225:9)\n    at patchTaxiiIngestion (/opt/opencti/build/src/modules/ingestion/ingestion-taxii-domain.ts:51:19)\n    at processTaxiiResponse (/opt/opencti/build/src/manager/ingestionManager.ts:332:31)\n    at taxiiV21DataHandler (/opt/opencti/build/src/manager/ingestionManager.ts:362:3)\n    at async Promise.all (index 0)\n    at async Promise.all (index 1)\n    at ingestionHandler (/opt/opencti/build/src/manager/ingestionManager.ts:478:5)\n    at /opt/opencti/build/src/manager/ingestionManager.ts:499:9\n    at Ynt.#runHandlerAndScheduleTimeout (/opt/opencti/build/node_modules/set-interval-async/dist/set-interval-async-timer.cjs:36:13)\n    at Timeout._onTimeout (/opt/opencti/build/node_modules/set-interval-async/dist/set-interval-async-timer.cjs:29:13)"
    }
  ],
  "level": "error",
  "message": "Attribute must be a string",
  "name": "CISA-GOV",
  "source": "backend",
  "timestamp": "2024-10-15T12:44:04.409Z",
  "version": "6.3.5"
}

`

Additional information

Screenshots (optional)

[nino-filigran]

@AndrewH3215 can you let me know which steps you have done when you say "Set up TAXII Feed from CISA-AIS"? Could you maybe share a screenshot of your configuration (you can hide any token information) if it's easier.

[AndrewH3215]

Hi @nino-filigran . I will send you a picture on Slack as well . I was in touch today with @aHenryJard and confirmed that the configuration looks good ( certificate authenticated TAXII server ) .

[nino-filigran]

Thanks @AndrewH3215

[AndrewH3215]

Hi @nino-filigran . Could I kindly inquire about an estimate about when this bug could be resolved ( mngm making my life a hell regarding this TAXII Feed ) .. We are sitting stable on 6.3.5 at this moment . Would this be something coming up in the next releases requiring a platform update? Thanks a lot and have a nice day ahead :D

[nino-filigran]

Even though I would love to provide an ETA for you, right now I'm not able to do so. I've raised the priroity of this bug internally, but right now, we still have a few urgent bugs to tackle first. Once a dev self-assigned to the ticket, you'll get a notification & can expect a resolution ETA.

[AndrewH3215]

Sure , no problem at all . I'll keep an eye on the ticket . Thankss