Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RST Cloud - Threat Feed] The connector seems active, raises no errors, but nothing is imported #2817

Closed
Lhorus6 opened this issue Oct 18, 2024 · 4 comments · Fixed by #2864
Closed

[RST Cloud - Threat Feed] The connector seems active, raises no errors, but nothing is imported #2817

Lhorus6 opened this issue Oct 18, 2024 · 4 comments · Fixed by #2864
Assignees
@helene-nguyen
Labels
bug use for describing something not working as expected partner support use to identify an issue related to feature developed & maintained by the third-party vendor. solved use to identify issue that has been solved (must be linked to the solving PR) to verify use to identified for Verified
Milestone
Release 6.4.8

Comments

@Lhorus6
Copy link
Contributor

Lhorus6 commented Oct 18, 2024

Description

The connector seems active, raises no errors, but nothing is imported (no work is even created). It's as if it never does anything.

Environment

OCTI 6.3.6

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Enable the connector and wait
    -> Nothing ever happens
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Oct 18, 2024
@Lhorus6
Copy link
Contributor Author

Lhorus6 commented Oct 19, 2024
edited
Loading

I'll switch the log level to “debug” to see if I can get more information.

I'll update this issue after

UPDATE: Nothing more...

@Lhorus6 Lhorus6 changed the title [RST-Threat-Feed] The connector seems active, raises no errors, but nothing is imported [RST Cloud - Threat Feed] The connector seems active, raises no errors, but nothing is imported Oct 21, 2024
@k1r10n
Copy link
Contributor

k1r10n commented Oct 29, 2024

Did you specify the API Key? this is the only parameter you need to change to test it. The errors will be in the docker output if no key provided
image

@nino-filigran nino-filigran added this to the Bugs backlog milestone Oct 31, 2024
@nino-filigran nino-filigran added the partner support use to identify an issue related to feature developed & maintained by the third-party vendor. label Oct 31, 2024
@Lhorus6
Copy link
Contributor Author

Lhorus6 commented Nov 2, 2024
edited
Loading

Hi @k1r10n,

  • The referenced API key is the same as the one in the connector for reports (which retrieves data), so I imagine that it is valid.
  • The connector is in log level debug and I have no logs.

This is the configuration that I'm currently using (with the correct API key, not "changeme" of course)

image

@k1r10n
Copy link
Contributor

k1r10n commented Nov 2, 2024

Please send the Docker logs output to [email protected]. The issue may be related to connectivity within your network. The API returns a temporary link to AWS S3 to get the feed.

docker logs containername

Usually, there are no issues with the connector. Just set the key.

Additionally, consider clearing the state for the connector from the UI. If you see the 'lastrun' with an epoch value in it, the connector will wait for 86400 sec till the next run, so that is why 'nothing happens'. Just in case, after the state is cleared, kill the container so it is rebuilt and see if it helps.

@helene-nguyen helene-nguyen added the to verify use to identified for Verified label Dec 11, 2024
@helene-nguyen helene-nguyen self-assigned this Jan 16, 2025
@helene-nguyen helene-nguyen linked a pull request Jan 16, 2025 that will close this issue
[RST IoC Lookup] Add RST IoC Lookup connector. + Fixes for Report Hub and Threat Feed #2864
Merged
4 tasks
@helene-nguyen helene-nguyen removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 16, 2025
helene-nguyen pushed a commit that referenced this issue Jan 16, 2025
@k1r10n
[RST IoC Lookup] Add RST IoC Lookup connector. + Fixes for Report Hub…
a2ce4ed 
… and Threat Feed (#3287)(#2767)(#2817)
@helene-nguyen helene-nguyen added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jan 16, 2025
maximus-debski pushed a commit to maximus-debski/connectors that referenced this issue Feb 26, 2025
@k1r10n @maximus-debski
[RST IoC Lookup] Add RST IoC Lookup connector. + Fixes for Report Hub…
9d5d02f 
… and Threat Feed (OpenCTI-Platform#3287)(OpenCTI-Platform#2767)(OpenCTI-Platform#2817)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helene-nguyen helene-nguyen

Labels
bug use for describing something not working as expected partner support use to identify an issue related to feature developed & maintained by the third-party vendor. solved use to identify issue that has been solved (must be linked to the solving PR) to verify use to identified for Verified
Projects
None yet
Milestone
Release 6.4.8
5 participants
@SamuelHassine @k1r10n @Lhorus6 @helene-nguyen @nino-filigran