Malpedia OpenCTI connector fails to import due to missing STIX-Domain-Object
faustus25 opened this issue · comments
Describe the bug
Malpedia connector for OpenCTI not working due to STIX issues
To Reproduce
INFO:root:Creating Identity {Malpedia}. INFO:root:starting Malpedia connector... INFO:root:current Malpedia version: 16218 INFO:root:loaded state: {} INFO:root:running importers INFO:root:running Knowledge importer with state: {} INFO:root:Reading Marking-Definition {marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9}. INFO:root:Reading Marking-Definition {marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da}. INFO:root:Reading Marking-Definition {marking-definition--f88d31f6-486f-44da-b317-01333bde0b82}. INFO:root:Reading Marking-Definition {marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed}. INFO:root:Processing malware family: aix.fastcash INFO:root:Processing malware family: aix.fastcash INFO:root:Listing Malwares with filters [{"key": "name", "values": ["FastCash"]}]. INFO:root:Listing Malwares with filters [{"key": "aliases", "values": ["FastCash"]}]. INFO:root:Tag 'FastCash' does not reference malware INFO:root:Listing Malwares with filters [{"key": "name", "values": ["aix.fastcash"]}]. INFO:root:Listing Malwares with filters [{"key": "aliases", "values": ["aix.fastcash"]}]. INFO:root:Tag 'aix.fastcash' does not reference malware INFO:root:Reading Marking-Definition {marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9}. INFO:root:Creating Malware {FastCash}. INFO:root:Creating External Reference {Malpedia}. INFO:root:Adding External-Reference {ada1969f-477e-4c47-9b4e-a2e1cbc87c91} to Stix-Domain-Object {d1ca16b4-7653-4f19-b6e8-01ff523df348} ERROR:root:Cannot add the relation, Stix-Domain-Object cannot be found. ERROR:root:{'name': 'FunctionalError', 'message': 'Cannot add the relation, Stix-Domain-Object cannot be found.'}
Expected behavior
The STIX domain object should be available for each entity to be imported into OpenCTI.
Additional context
Running the latest version of OpenCTI.
Hi!
Thanks for the notification about this issue!
We ourselves are not involved with the maintenance of the OpenCTI connector, so it's hard to tell what's going wrong there, especially since we didn't change any formats on our side.
I guess the more appropriate location to track this issue would be over at the OpenCTI connectors issue tracker.