Error when processing data from MISP 'STIXdatetime' object is not subscriptable

[Daavide]

Hi, trying to import IoC from a specific event, I'm getting the error about STIXdatetime. How can I troubleshoot this? For sure, the event exists with lots of attributes.

/tmp/misp2sentinel.log 2023-08-23 10:45:25,108 - misp2sentinel - INFO - Start MISP2Sentinel 2023-08-23 10:45:25,108 - misp2sentinel - INFO - Fetching and parsing data from MISP ... 2023-08-23 10:45:25,108 - misp2sentinel - INFO - Using Microsoft Upload Indicator API 2023-08-23 10:45:25,415 - misp2sentinel - INFO - Received MISP events page 1 with 1 events 2023-08-23 10:45:28,257 - misp2sentinel - ERROR - Error when processing data from MISP 'STIXdatetime' object is not subscriptable 2023-08-23 10:45:28,265 - misp2sentinel - INFO - Received 0 indicators in MISP 2023-08-23 10:45:28,438 - misp2sentinel - INFO - Start uploading indicators 2023-08-23 10:45:28,438 - misp2sentinel - INFO - Finished uploading indicators 2023-08-23 10:45:28,438 - misp2sentinel - INFO - End MISP2Sentinel

misp event filter: misp_event_filters = { "eventid": "10494", "includeEventTags": True }

Thanks!!

[cudeso]

The date handling from STIXdatetime has been an issue. There needs to be a cleaner way to process it but haven't come around to improve it yet.

/If the event does not contain sensitive information maybe you can share it with me so I can have a look what's causing the error? Reach out via Twitter or e-mail /Put a print(valid_until) before https://github.com/cudeso/misp2sentinel/blob/main/script.py#L111

[cudeso]

Can you check if the latest commit https://github.com/cudeso/misp2sentinel/commit/75acd1eeb79921778c6aa826a7826bfd037b00c4 fixes your problem?

[Daavide]

Thanks! I was trying to troubleshoot but found nothing strange in the event. Did a quick test with latest commit and seem to work, thanks for now!