[Tenable Vuln Management]: Validation error for VulnerabilityFinding 'scan.target' Field required

[romain-filigran]

Description

Some errors are observed when ingesting findings from Tenable Vulnerability Management solution.

Traceback (most recent call last): File "/opt/opencti-connector-tenable-vuln-management/tenable_vuln_management/connector.py", line 171, in _process VulnerabilityFinding.from_api_response_body( File "/opt/opencti-connector-tenable-vuln-management/tenable_vuln_management/models/tenable.py", line 402, in from_api_response_body return [cls(**item) for item in joined_data] ^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pydantic/main.py", line 214, in __init__ validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ pydantic_core._pydantic_core.ValidationError: 1 validation error for VulnerabilityFinding scan.target Field required [type=missing, input_value={'schedule_uuid': 'templa...4e25-9300-59db1286f4c2'}, input_type=dict] For further information visit https://errors.pydantic.dev/2.10/v/missing

Environment

OpenCTI version: 6.5.4

Contact me if more information are required

[flavienSindou]

Seems related to : #3542

[flavienSindou]

Seems related to : #3542

TL;DR : when retrieving findings from the API, an asset should be linked and its ip/domain indicated via last_scan_target attribute. The API seems not to consistently return this attribute anymore compared to what was observed during connector development. Though this attribute can be used to ensure API response consistency, it is not used or processed to create OCTI objects.