Improve ransomware.live connector #2746
Conversation
|
How do I properly test this connector on my development system? This PR should work, but I'm keeping the PR in draft status until I can properly test it. {"timestamp": "2024-10-01T23:54:16.228980Z", "level": "ERROR", "name": "pika.adapters.utils.connection_workflow", "message": "AMQP connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - gaierror(11001, 'getaddrinfo failed'); first exception - None.", "taskName": null}
{"timestamp": "2024-10-01T23:54:16.228980Z", "level": "ERROR", "name": "pika.adapters.utils.connection_workflow", "message": "AMQPConnectionWorkflow - reporting failure: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - gaierror(11001, 'getaddrinfo failed'); first exception - None", "taskName": null}
{"timestamp": "2024-10-01T23:54:16.228980Z", "level": "ERROR", "name": "pika.adapters.blocking_connection", "message": "Connection workflow failed: AMQPConnectionWorkflowFailed: 1 exceptions in all; last exception - gaierror(11001, 'getaddrinfo failed'); first exception - None", "taskName": null} |
|
I was able to test is by creating a local docker image, but that's not ideal if I want to walk through the Python code in a debugger Now I'm getting an exception that states "File data is not a valid bundle" {"timestamp": "2024-10-02T00:30:20.182278Z", "level": "ERROR", "name": "ransomware.live", "message": "Error sending STIX2 bundle to OpenCTI", "exc_info": "Traceback (most recent call last):\n File \"/opt/connector/lib/ransomConn.py\", line 960, in run\n self.helper.send_stix2_bundle(\n File \"/usr/local/lib/python3.11/site-packages/pycti/connector/opencti_connector_helper.py\", line 1699, in send_stix2_bundle\n ) = stix2_splitter.split_bundle_with_expectations(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/pycti/utils/opencti_stix2_splitter.py\", line 215, in split_bundle_with_expectations\n raise Exception(\"File data is not a valid bundle\")\nException: File data is not a valid bundle"}Any suggestions for tracking down where my PR went wrong? |
|
All issues have been fixed. |
richard-julien
force-pushed
the
master
branch
from
416a305 to
982a01c
Compare
There was a problem hiding this comment.
Hi @seanthegeek thank you for submitting a PR and improvements!
I managed to resolve conflicts locally by keeping your changes and pycti.<ENTITY_CLASS>.generate_id() functions calls from master.🤞
I had to add "filterGroups": [] on line ~320 (in filterGroups[0]) to avoid errors returned by OpenCTI API, and now everything seems to work as intended 👍
May I ask you to resolve conflicts and fix the filters tiny issue on your repo so we can merge your PR? Thanks 🙏
|
Hi. Sorry I missed this message two months ago! Maintainers like you have the ability to modify my incoming branch. That's the best way, since you know exactly what needs to be done. |
- Properly handle empty sector values - Do not create threat actor objects by default - They were wasteful duplicates of Intrusion Sets and not threat actors in terms of STIX - Fix typos - Fix README tables
Powlinett
force-pushed
the
ransomwarelive-fixes
branch
from
f2b929a to
968c5fa
Compare
helene-nguyen
added
the
solved
Proposed changes
Related issues
Checklist
Further comments