Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[sentinel-intel] JWT token expire after two hours and is not renewed #3032

Closed
gileri opened this issue Nov 26, 2024 · 0 comments · Fixed by #3041
Closed

[sentinel-intel] JWT token expire after two hours and is not renewed #3032

gileri opened this issue Nov 26, 2024 · 0 comments · Fixed by #3041
Assignees
@Megafredo
Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP filigran support [optional] use to identify an issue related to feature developed & maintained by Filigran. solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.4.2

Comments

@gileri
Copy link
Member

gileri commented Nov 26, 2024

Description

The sentinel-intel connector request a JWT at startup, the Sentinel API returns one that expires after two hours (exp: field is visible in the JWT).

Environment

  1. OS (where OpenCTI server runs): Official docker image
  2. OpenCTI version: OCTI 6.4.0
  3. OpenCTI client: python
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Run the connector for more than two hours
  2. Trigger an update in the stream watched

Expected Output

No errors

Actual Output

{"timestamp": "2024-11-22T10:59:24.483846Z", "level": "ERROR", "name": "Sentinel Intel", "message": "[API] Error while requesting : ", "exc_info": "Traceback (most recent call last):\n  File \"/opt/opencti-connector-sentinel-intel/sentinel_intel_connector/api_handler.py\", line 63, in _send_request\n    response.raise_for_status()\n  File \"/usr/local/lib/python3.11/site-packages/requests/models.py\", line 1024, in raise_for_status\n    raise HTTPError(http_error_msg, response=self)\nrequests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://graph.microsoft.com/beta/security/tiIndicators", "attributes": {"url_path": "POST https://graph.microsoft.com/beta/security/tiIndicators", "error": "401 Client Error: Unauthorized for url: https://graph.microsoft.com/beta/security/tiIndicators"}}

Additional information

Restarting the connector fixes the issue.

Screenshots (optional)
@gileri gileri added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Nov 26, 2024
@romain-filigran romain-filigran added critical use to identify critical bug to fix ASAP and removed needs triage use to identify issue needing triage from Filigran Product team labels Nov 26, 2024
@romain-filigran romain-filigran added this to the Bugs backlog milestone Nov 26, 2024
@helene-nguyen helene-nguyen added the filigran team use to identify PR from the Filigran team label Nov 27, 2024
@Megafredo Megafredo mentioned this issue Nov 27, 2024
Merged
4 tasks
@Megafredo Megafredo linked a pull request Nov 27, 2024 that will close this issue
[Sentinel-Intel] Fix Error 401 Unauthorized #3041
Merged
4 tasks
Megafredo added a commit that referenced this issue Nov 27, 2024
@Megafredo
[Sentinel-Intel] Fix Error 401 Unauthorized - Expiration token (#3041)…
d85ec9a 
… (issue: #3032)
@Megafredo Megafredo added the solved use to identify issue that has been solved (must be linked to the solving PR) label Nov 27, 2024
@Megafredo Megafredo modified the milestones: Bugs backlog, Release 6.4.1 Nov 27, 2024
@helene-nguyen helene-nguyen added filigran support [optional] use to identify an issue related to feature developed & maintained by Filigran. and removed filigran team use to identify PR from the Filigran team labels Jan 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Megafredo Megafredo

Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP filigran support [optional] use to identify an issue related to feature developed & maintained by Filigran. solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.4.2
Development

Successfully merging a pull request may close this issue.

[Sentinel-Intel] Fix Error 401 Unauthorized OpenCTI-Platform/connectors
4 participants
@gileri @Megafredo @helene-nguyen @romain-filigran