socfortress / Wazuh-Rules

Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!
https://www.socfortress.co
590 stars 169 forks source link

OpenCTI Integration Error #27

Open u-ahmad1 opened 7 months ago

u-ahmad1 commented 7 months ago

Hi. I have the following environment: Opencti Version: 5.12.16 Wazuh Version: 4.7.3

I am trying to integrate OpenCTI with wazuh. It seems that query in the script custom-opencti.py is not working for me. I figured the issue was in the graphql query. I extracted the query from the script and tried it in Postman and I get the following error:

{
    "errors": [
        {
            "message": "Unknown type \"StixCyberObservablesFiltering\". Did you mean \"StixCyberObservablesOrdering\", \"StixCyberObservableConnection\", \"StixCyberObservableEdge\", \"StixCyberObservableEditMutations\", or \"StixCyberObservable\"?",
            "locations": [
                {
                    "line": 2,
                    "column": 57
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"X509V3ExtensionsType\".",
            "locations": [
                {
                    "line": 266,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"XOpenCTICryptographicKey\". Did you mean \"CryptographicKey\"?",
            "locations": [
                {
                    "line": 284,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"XOpenCTICryptocurrencyWallet\". Did you mean \"CryptocurrencyWallet\"?",
            "locations": [
                {
                    "line": 287,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"XOpenCTIHostname\".",
            "locations": [
                {
                    "line": 290,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"XOpenCTIText\". Did you mean \"OpenCtiFile\"?",
            "locations": [
                {
                    "line": 293,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        },
        {
            "message": "Unknown type \"XOpenCTIUserAgent\".",
            "locations": [
                {
                    "line": 296,
                    "column": 8
                }
            ],
            "extensions": {
                "code": "GRAPHQL_VALIDATION_FAILED"
            }
        }
    ]
}