Hi.
I have the following environment:
Opencti Version: 5.12.16
Wazuh Version: 4.7.3
I am trying to integrate OpenCTI with wazuh. It seems that query in the script custom-opencti.py is not working for me. I figured the issue was in the graphql query. I extracted the query from the script and tried it in Postman and I get the following error:
{
"errors": [
{
"message": "Unknown type \"StixCyberObservablesFiltering\". Did you mean \"StixCyberObservablesOrdering\", \"StixCyberObservableConnection\", \"StixCyberObservableEdge\", \"StixCyberObservableEditMutations\", or \"StixCyberObservable\"?",
"locations": [
{
"line": 2,
"column": 57
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"X509V3ExtensionsType\".",
"locations": [
{
"line": 266,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"XOpenCTICryptographicKey\". Did you mean \"CryptographicKey\"?",
"locations": [
{
"line": 284,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"XOpenCTICryptocurrencyWallet\". Did you mean \"CryptocurrencyWallet\"?",
"locations": [
{
"line": 287,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"XOpenCTIHostname\".",
"locations": [
{
"line": 290,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"XOpenCTIText\". Did you mean \"OpenCtiFile\"?",
"locations": [
{
"line": 293,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"XOpenCTIUserAgent\".",
"locations": [
{
"line": 296,
"column": 8
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
}
]
}
Hi. I have the following environment: Opencti Version: 5.12.16 Wazuh Version: 4.7.3
I am trying to integrate OpenCTI with wazuh. It seems that query in the script
custom-opencti.py
is not working for me. I figured the issue was in the graphql query. I extracted the query from the script and tried it in Postman and I get the following error: