MISP connector unable to fetch data to OpenCTI

[argithubtogo]

Description

No data being fetched from MISP to OpenCTI after few days. Work showed "in progress" and "total number of operations" showed. However, no operation cpomleted.
Checked connection between MISP connector host and MISP. MISP api call works fine.

Environment

1. OS (where OpenCTI server runs): Ubuntu 20.0.4.1 LTS
2. OpenCTI version: e.g. OpenCTI 5.12.15
3. OpenCTI client: { e.g. frontend or python }
4. Other environment details:
   MISP connector version 6.0.7
   MISP version v2.4.184

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. enable MISP connector
2. pending for data being fetched
3. however no data being fetched

Expected Output

data from MISP being fetched

Actual Output

Additional information

Screenshots (optional)

connection between MISP connector host and MISP, tested with API call

[Jipegien]

Hello @argithubtogo! Can you confirm your platform is in 5.12.15 version? If so, try to update to 6.0

[argithubtogo]

Tried to upgrade the platform from 5.12.15 to 6.0.7 but facing API unreachable issue. Now still fixing. Will update on the MISP issue once fixed.

[argithubtogo]

Tried to upgrade the platform from 5.12.15 to 6.0.7 but facing API unreachable issue. Now still fixing. Will update on the MISP issue once fixed.

After upgrading, the platform now cannot start and having error log below. Any suggestion on his issue?
{ "category": "APP", "errors": [ { "attributes": { "genre": "TECHNICAL", "http_status": 500 }, "message": "Cannot query field \"edges\" on type \"Label\".", "name": "UNKNOWN_ERROR", "stack": "UNKNOWN_ERROR: Cannot query field \"edges\" on type \"Label\".\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at UnknownError (/opt/opencti/build/src/config/errors.js:76:47)\n at Object._logWithError (/opt/opencti/build/src/config/conf.js:331:23)\n at Object.error (/opt/opencti/build/src/config/conf.js:341:48)\n at Object.willSendResponse (/opt/opencti/build/src/graphql/loggerPlugin.js:115:20)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async Promise.all (index 1)\n at b (/opt/opencti/build/node_modules/apollo-server-core/src/requestPipeline.ts:530:5)\n at processGraphQLRequest (/opt/opencti/build/node_modules/apollo-server-core/src/requestPipeline.ts:273:16)\n at processHTTPRequest (/opt/opencti/build/node_modules/apollo-server-core/src/runHttpQuery.ts:437:24)" }, { "message": "Cannot query field \"edges\" on type \"Label\".", "name": "GraphQLError", "stack": "GraphQLError: Cannot query field \"edges\" on type \"Label\".\n at Object.Field (/opt/opencti/build/node_modules/graphql/validation/rules/FieldsOnCorrectTypeRule.js:51:13)\n at Object.enter (/opt/opencti/build/node_modules/graphql/language/visitor.js:301:32)\n at Object.enter (/opt/opencti/build/node_modules/graphql/utilities/TypeInfo.js:391:27)\n at visit (/opt/opencti/build/node_modules/graphql/language/visitor.js:197:21)\n at validate (/opt/opencti/build/node_modules/graphql/validation/validate.js:91:18)\n at validate (/opt/opencti/build/node_modules/apollo-server-core/src/requestPipeline.ts:477:12)\n at processGraphQLRequest (/opt/opencti/build/node_modules/apollo-server-core/src/requestPipeline.ts:267:32)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at processHTTPRequest (/opt/opencti/build/node_modules/apollo-server-core/src/runHttpQuery.ts:437:24)" } ], "inner_relation_creation": 0, "level": "error", "message": "Platform unmanaged direct error", "operation": "Unspecified", "operation_query": "query ThreatActors($filters:FilterGroup$search:String$first:Int$after:ID$orderBy:ThreatActorsOrdering$orderMode:OrderingMode){threatActors(filters:$filters search:$search first:$first after:$after orderBy:$orderBy orderMode:$orderMode){edges{node{id standard_id entity_type parent_types spec_version created_at updated_at createdBy{...on Identity{id standard_id entity_type parent_types spec_version identity_class name description roles contact_information x_opencti_aliases created modified objectLabel{edges{node{id value color}}}}...on Organization{x_opencti_organization_type x_opencti_reliability}...on Individual{x_opencti_firstname x_opencti_lastname}}objectMarking{edges{node{id standard_id entity_type definition_type definition created modified x_opencti_order x_opencti_color}}}objectLabel{edges{node{id value color}}}externalReferences{edges{node{id standard_id entity_type source_name description url hash external_id created modified importFiles{edges{node{id name size metaData{mimetype version}}}}}}}revoked confidence created modified name description aliases threat_actor_types first_seen last_seen roles goals sophistication resource_level primary_motivation secondary_motivations importFiles{edges{node{id name size metaData{mimetype version}}}}}}pageInfo{startCursor endCursor hasNextPage hasPreviousPage globalCount}}}", "size": 85, "time": 7, "timestamp": "2024-03-21T02:25:59.861Z", "type": "READ_ERROR", "user": { "group_ids": [ "f89e620b-09da-4703-aad1-a0844ab858c8" ], "ip": "::ffff:10.0.5.6", "organization_ids": [], "socket": "query", "user_id": "88ec0c6a-13ce-5e39-b486-354fe4a7084f", "user_metadata": {} }, "variables": { "after": null, "filters": null, "first": 1, "orderBy": null, "orderMode": null, "search": null }, "version": "6.0.7" }

[nino-filigran]

@helene-nguyen or @Megafredo If you have some time, could you maybe check this please?

[helene-nguyen]

Yes @nino-filigran, we will check as soon as possible and give you an update :)

[helene-nguyen]

@argithubtogo, after some investigations, it is a known issue from the platform.
Have you double checked that the platform and everything (connector included) have been upgraded to the last version ?

About your issue on querying edges on type Label, it's not due to connector changes but the version of OpenCTI platform because there is no more need to use 'edges' for the objectLabel field.

[argithubtogo]

thx @helene-nguyen, will check again but will properly rebuild the stack instead

[helene-nguyen]

@argithubtogo, I close the issue as the problem was identified, but we can re-open it if needed :)