[Bug] OpenCTI Analyser #1182
Description
Describe the bug
OpenCTI analyser is not working if any observable found is related to a report
To Reproduce
Steps to reproduce the behavior:
- Using any OpenCTI instance, create an observable, with an indicator.
- Create a report using this indicator (hence this observable) :
- Search for this observable using Cortex-Analyzers/analyzers/OpenCTI
Expected behavior
Informations about this observable
Error
Traceback (most recent call last):
File "/worker/OpenCTI/opencti.py", line 111, in <module> OpenCTIAnalyzer().run()
File "/worker/OpenCTI/opencti.py", line 97, in run del(report["x_opencti_graph_data"])
KeyError: 'x_opencti_graph_data' Killed Complementary information
/
Work environment
- Client OS: Windows
- Server OS: Linux
- Browse type and version:
- Cortex version: any
- Cortex Analyzer/Responder name: any
- Cortex Analyzer/Responder version: any
- OpenCTI version : >=5.0.0
Possible solutions
OpenCTI removed the "x_opencti" field 2 yers ago in this commit d008b33.
You only need to remove line 97 from opencti.py :
del(report["x_opencti_graph_data"])Then, please release a new dockerhub opencti_searchexactobservables and opencti_searchobservables version
Thank you !
Additional context
/