[Bug] OpenCTI analyzers #1223
Description
Describe the bug
Once the analyzer config is set for OpenCTI. Create a observable and launch a worker analyzer the above error is show.
ERROR:pycti.api:Cannot query field "x_opencti_reliability" on type "Identity". Did you mean to use an inline fragment on "Organization"?
Traceback (most recent call last):
File "/worker/OpenCTI/opencti.py", line 110, in <module>
OpenCTIAnalyzer().run()
File "/worker/OpenCTI/opencti.py", line 80, in run
reports = opencti["api_client"].report.list(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/pycti/entities/opencti_report.py", line 307, in list
result = self.opencti.query(
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/pycti/api/opencti_api_client.py", line 358, in query
raise ValueError(
ValueError: {'name': 'Cannot query field "x_opencti_reliability" on type "Identity". Did you mean to use an inline fragment on "Organization"?', 'message': 'Cannot query field "x_opencti_reliability" on type "Identity". Did you mean to use an inline fragment on "Organization"?'}
I am using the last version of both OpenCTI workers analyzer.
It seems that this only fails if the workers find a least a result. If no results the worker end without error.
To Reproduce
Steps to reproduce the behavior:
- Configure the OpenCTI in Cortex
- Launch a job with an observable.
- It fails
Expected behavior
A list of potential observables.
Work environment
- Client OS: Windows
- Server OS: Docker Cortex image thehiveproject/cortex:latest
- Cortex version: thehiveproject/cortex:latest
- Cortex Analyzer name: OpenCTI_SearchExactObservable and OpenCTI_SearchObservables
- Cortex Analyzer version: 2.0