[Bug] OpenCTI analyser: missing Python module?

[xme]

Describe the bug Can't run opencti analyzer, missing Python module?

To Reproduce Steps to reproduce the behavior:

1. Just try to run the analyzer

Expected behavior

Complementary information from six.moves.collections_abc import MappingModuleNotFoundError: No module named 'six.moves.collections_abc'

Work environment

• Cortex version:
  • Cortex Analyzer/Responder name: opencti
• Cortex Analyzer/Responder version: latest

Possible solutions

Additional context I did not find a way to install this module. "six" is properly installed.

[slimpagey]

That's found in the stix2 module - but you should get that if you install pycti. It's in requirements.txt. Probably worth running the snippet from the docs - just to make sure you're not missing other requirements: for I in $(find Cortex-Analyzers -name 'requirements.txt'); do sudo -H pip2 install -r $I; done && \ for I in $(find Cortex-Analyzers -name 'requirements.txt'); do sudo -H pip3 install -r $I || true; done

[xme]

Hmm... It was already installed...

Requirement already satisfied: pycti in /usr/local/lib/python3.7/dist-packages (4.0.4)
Requirement already satisfied: requests==2.25.0 in /usr/local/lib/python3.7/dist-packages (from pycti) (2.25.0)
Requirement already satisfied: datefinder==0.7.1 in /usr/local/lib/python3.7/dist-packages (from pycti) (0.7.1)
Requirement already satisfied: pytz==2020.4 in /usr/local/lib/python3.7/dist-packages (from pycti) (2020.4)
Requirement already satisfied: sseclient==0.0.27 in /usr/local/lib/python3.7/dist-packages (from pycti) (0.0.27)
Requirement already satisfied: python-magic==0.4.18; sys_platform == "linux" or sys_platform == "darwin" in /usr/local/lib/python3.7/dist-packages (from pycti) (0.4.18)
Requirement already satisfied: pika==1.1.0 in /usr/local/lib/python3.7/dist-packages (from pycti) (1.1.0)
Requirement already satisfied: python-dateutil==2.8.1 in /usr/local/lib/python3.7/dist-packages (from pycti) (2.8.1)
Requirement already satisfied: PyYAML==5.3.1 in /usr/local/lib/python3.7/dist-packages (from pycti) (5.3.1)
Requirement already satisfied: stix2==2.1.0 in /usr/local/lib/python3.7/dist-packages (from pycti) (2.1.0)
Requirement already satisfied: idna<3,>=2.5 in /usr/local/lib/python3.7/dist-packages (from requests==2.25.0->pycti) (2.10)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /usr/local/lib/python3.7/dist-packages (from requests==2.25.0->pycti) (1.26.2)
Requirement already satisfied: chardet<4,>=3.0.2 in /usr/local/lib/python3.7/dist-packages (from requests==2.25.0->pycti) (3.0.4)
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.7/dist-packages (from requests==2.25.0->pycti) (2020.12.5)
Requirement already satisfied: regex>=2017.02.08 in /usr/local/lib/python3.7/dist-packages (from datefinder==0.7.1->pycti) (2020.11.13)
Requirement already satisfied: six in /usr/local/lib/python3.7/dist-packages (from sseclient==0.0.27->pycti) (1.15.0)
Requirement already satisfied: stix2-patterns>=1.2.0 in /usr/local/lib/python3.7/dist-packages (from stix2==2.1.0->pycti) (1.3.2)
Requirement already satisfied: simplejson in /usr/local/lib/python3.7/dist-packages (from stix2==2.1.0->pycti) (3.17.2)
Requirement already satisfied: antlr4-python3-runtime~=4.8.0; python_version >= "3" in /usr/local/lib/python3.7/dist-packages (from stix2-patterns>=1.2.0->stix2==2.1.0->pycti) (4.8)

[dadokkio]

Six is already installed in cortex machine but is in a old release.. you need to update it. We added a minimal six release as requirements in develop branch

[xme]

Ok, I fixed the problem... I also had to switch to the "develop" branch for the OpenCTI responder...