Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[MISP] Errors on event recovery

See original GitHub issue

Description

MISP connector (version 4.2.4) sometimes fails to recover events. From the docker logs I see the following error: “Unknown error: the response is not in JSON”. On we

Environment

OS (where OpenCTI server runs): { Red Hat Enterprise Linux Server release 7.9 (Maipo) with Docker Compose } OpenCTI version: { OpenCTI 4.2.4 } OpenCTI client: { Frontend } Other environment details: Elasticsearch 7.11.0 RabbitMQ 3.8.12 Redis 6.0.10 MinIO Latest

Expected Output

Connector always working, as in this case:

INFO:root:Connector` successfully run (2 events have been processed), storing last_run as 1614332592
INFO:root:Reporting work update_received opencti-work--9daad8c2-5983-4fbe-a0c1-ab6e6e55d664
INFO:root:Initiate work for 5ed76dda-9a94-4dcd-b372-112c0a1ea115
INFO:root:Connector last run: 2021-02-26 09:43:12

Actual Output

INFO:root:Fetching MISP events with args: {"tags": {}, "timestamp": 1614335304, "limit": 50, "page": 1}
CRITICAL [api.py:3180 - _check_response() ] Unknown error: the response is not in JSON.
Something is broken server-side, please send us everything that follows (careful with the auth key):
Request headers:
{'User-Agent': 'PyMISP 2.4.138 - Python 3.8', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Cookie': 'MISP-5ed76dda-6dd0-43e5-a3cb-112c0a1ea115=g18dvgruo9vh5oiptbafq62jks', 'Content-Length': '326', 'Authorization': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'content-type': 'application/json'}
Request body:
{"returnFormat": "json", "page": 1, "limit": 50, "tags": {}, "withAttachments": 0, "metadata": 0, "timestamp": 1614335304, "enforceWarninglist": 0, "includeEventUuid": 0, "includeEventTags": 0, "sgReferenceOnly": 0, "includeContext": 0, "headerless": 0, "includeSightings": 0, "includeDecayScore": 0, "includeCorrelations": 0}
Response (if any):
{"name":"An Internal Error Has Occurred.","message":"An Internal Error Has Occurred.","url":"\/events\/restSearch"}
CRITICAL:pymisp:Unknown error: the response is not in JSON.

Additional information

Connector configuration on docker-compose.yml:

connector-misp: image: opencti/connector-misp:latest environment: - OPENCTI_URL=http://opencti:8080 - OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN} - CONNECTOR_ID=${CONNECTOR_MISP_ID} # Valid UUIDv4 - CONNECTOR_TYPE=EXTERNAL_IMPORT - CONNECTOR_NAME=MISP - CONNECTOR_SCOPE=misp - CONNECTOR_CONFIDENCE_LEVEL=3 - CONNECTOR_UPDATE_EXISTING_DATA=false - CONNECTOR_LOG_LEVEL=info - MISP_URL=https://XXXX.YYYY:ZZZ # Required - MISP_KEY=XXXXXXXXXXXX# Required - MISP_SSL_VERIFY=False # Required - MISP_DATETIME_ATTRIBUTE=timestamp # Required, filter to be used in query for new MISP events - MISP_CREATE_REPORTS=True # Required, create report for MISP event - MISP_CREATE_INDICATORS=True # Required, create indicators from attributes - MISP_CREATE_OBSERVABLES=True # Required, create observables from attributes - MISP_REPORT_CLASS=MISP Event # Optional, report_class if creating report for event - MISP_IMPORT_FROM_DATE=2021-02-26 # Optional, import all event from this date - MISP_IMPORT_TAGS= # Optional, list of tags used for import events - MISP_IMPORT_TAGS_NOT= # Optional, list of tags to not include - MISP_INTERVAL=5 # Required, in minutes