Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The attribute infrastructure_types is not readable in the API #1116

Closed
amr-cossi opened this issue Feb 26, 2021 · 0 comments
Closed

The attribute infrastructure_types is not readable in the API #1116

amr-cossi opened this issue Feb 26, 2021 · 0 comments
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 4.3.0

Comments

@amr-cossi
Copy link
Contributor

Description

Infrastructure entities created by the FireEye connector are invalid because of of the field "infrastructure_types" populated with an invalid type. No problem is seen during import or to display in UI but these entities cannot be queried correctly at export (STIX export or full read in the API).

Environment

  1. Fully dockerized version on Ubuntu 20
  2. OpenCTI version: 4.2.4
  3. OpenCTI client: python 4.2.4 or GUI 4.2.4

Reproducible Steps

  1. Import data with the FireEye connector
  2. Read an infrastructure entity created by the connector
opencti_api_client.infrastructure.read(id="infrastructure--e46a96f1-ee03-56c3-8982-745f7b617424")

Expected Output

No error

Actual Output

Unknown technical error in python logs
Error in the OpenCTI platform logs:

{"user":{"ip":"","user_id":""},"type":"READ_ERROR","operation_query":"query StixDomainObject($id:String!){stixDomainObject(id:$id){id standard_id entity_type parent_types spec_version created_at updated_at createdBy{...on Identity{id standard_id entity_type parent_types spec_version name description roles contact_information x_opencti_aliases created modified objectLabel{edges{node{id value color}}}}...on Organization{x_opencti_organization_type x_opencti_reliability}...on Individual{x_opencti_firstname x_opencti_lastname}}objectMarking{edges{node{id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color}}}objectLabel{edges{node{id value color}}}externalReferences{edges{node{id standard_id entity_type source_name description url hash external_id created modified}}}revoked confidence created modified ...on AttackPattern{name description aliases x_mitre_platforms x_mitre_permissions_required x_mitre_detection x_mitre_id killChainPhases{edges{node{id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified}}}}...on Campaign{name description aliases first_seen last_seen objective}...on Note{attribute_abstract content authors objects{edges{node{...on BasicObject{id}...on BasicRelationship{id}}}}}...on ObservedData{first_observed last_observed number_observed objects{edges{node{...on BasicObject{id}...on BasicRelationship{id}}}}}...on Opinion{explanation authors opinion objects{edges{node{...on BasicObject{id}...on BasicRelationship{id}}}}}...on Report{name description report_types published x_opencti_report_status objects{edges{node{...on BasicObject{id}...on BasicRelationship{id}}}}}...on CourseOfAction{name description x_opencti_aliases}...on Individual{name description x_opencti_aliases contact_information x_opencti_firstname x_opencti_lastname}...on Organization{name description x_opencti_aliases contact_information x_opencti_organization_type x_opencti_reliability}...on Sector{name description x_opencti_aliases contact_information}...on Indicator{pattern_type pattern_version pattern name description indicator_types valid_from valid_until x_opencti_score x_opencti_detection x_opencti_main_observable_type}...on Infrastructure{name description aliases infrastructure_types first_seen last_seen}...on IntrusionSet{name description aliases first_seen last_seen goals resource_level primary_motivation secondary_motivations}...on City{name description latitude longitude precision x_opencti_aliases}...on Country{name description latitude longitude precision x_opencti_aliases}...on Region{name description latitude longitude precision x_opencti_aliases}...on Position{name description latitude longitude precision x_opencti_aliases street_address postal_code}...on Malware{name description aliases malware_types is_family first_seen last_seen architecture_execution_envs implementation_languages capabilities killChainPhases{edges{node{id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified}}}}...on ThreatActor{name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations personal_motivations}...on Tool{name description aliases tool_types tool_version killChainPhases{edges{node{id standard_id entity_type kill_chain_name phase_name x_opencti_order created modified}}}}...on Vulnerability{name description x_opencti_base_score x_opencti_base_severity x_opencti_attack_vector x_opencti_integrity_impact x_opencti_availability_impact}...on XOpenCTIIncident{name description aliases first_seen last_seen objective}importFiles{edges{node{id name size}}}}}","inner_relation_creation":0,"operation":"StixDomainObject","time":43,"variables":{"id":"infrastructure--e46a96f1-ee03-56c3-8982-745f7b617424"},"size":61,"error":{"stacktrace":["GraphQLError: String cannot represent value: [\"command-and-control\"]","at GraphQLScalarType.serializeString [as serialize] (/opt/opencti/node_modules/graphql/type/scalars.js:173:9)","at completeLeafValue (/opt/opencti/node_modules/graphql/execution/execute.js:654:37)","at completeValue (/opt/opencti/node_modules/graphql/execution/execute.js:580:12)","at resolveField (/opt/opencti/node_modules/graphql/execution/execute.js:474:19)","at executeFields (/opt/opencti/node_modules/graphql/execution/execute.js:294:18)","at collectAndExecuteSubfields (/opt/opencti/node_modules/graphql/execution/execute.js:749:10)","at completeObjectValue (/opt/opencti/node_modules/graphql/execution/execute.js:739:10)","at completeAbstractValue (/opt/opencti/node_modules/graphql/execution/execute.js:681:10)","at completeValue (/opt/opencti/node_modules/graphql/execution/execute.js:586:12)","at /opt/opencti/node_modules/graphql/execution/execute.js:471:16","at runMicrotasks (<anonymous>)","at processTicksAndRejections (internal/process/task_queues.js:93:5)","at async Promise.all (index 0)"]},"version":"4.2.3","level":"error","message":"API Call","timestamp":"2021-02-24T13:58:41.492Z"}

Additional information

To find the right property in error:

query Infrastructure($id: String!) {
  infrastructure(id: $id) {
    id
    infrastructure_types
  }
}
@SamuelHassine SamuelHassine transferred this issue from OpenCTI-Platform/connectors Feb 26, 2021
@SamuelHassine SamuelHassine changed the title [FireEye] Invalid infrastructure entities The attribute infrastructure_types is not readable in the API Feb 26, 2021
SamuelHassine pushed a commit that referenced this issue Feb 26, 2021
[api] Fix infrastructure_types type in the schema (#1116)
7d44410
@SamuelHassine SamuelHassine added this to the Release 4.3.0 milestone Feb 26, 2021
@SamuelHassine SamuelHassine added bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR) labels Feb 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 4.3.0
Development

No branches or pull requests
2 participants
@SamuelHassine @amr-cossi