-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AlienVault Connector doesn't pull any data . #2057
Comments
Update : Error popped up in the logs this morning : |
Update : Updated OpenCTI deployment to 6.0.10 , same issue |
Hi @CyberSentr!
This error indicates an error on your database and not with AlienVault directly. |
Hello there ! Since 20 March 2024 my AlienVault connector has completely stopped working . I tried every troubleshooting variant possible , but no success so far . Things I did
I'm really running out of options here. Interestingly, the same configuration is working perfectly fine on my colleague's setup. I'm confident that my Docker implementation is solid.
Docker container logs
![image](https://private-user-images.githubusercontent.com/165257328/323650317-fa7f9c44-b40d-468b-a0ba-c5a251aaca35.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg1MTIwMzcsIm5iZiI6MTcxODUxMTczNywicGF0aCI6Ii8xNjUyNTczMjgvMzIzNjUwMzE3LWZhN2Y5YzQ0LWI0MGQtNDY4Yi1hMGJhLWM1YTI1MWFhY2EzNS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjE2JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYxNlQwNDIyMTdaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT1hNjVmNGIyZTM2ZTQ5ZjA2OGRjYzY5Nzc5OGQ5NDM2NGMzZWMwN2E1ZWZjZmQ5ZGExM2JmMDViZjg5ODViNTU2JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.1MUucYc4QfrLFkTc2Tp0saHW0FCqKYU4MoR5NrrWLaQ)
Docker-compose configuration
connector-alienvault:
image: opencti/connector-alienvault:6.0.10
environment:
- OPENCTI_URL=https://URL
- OPENCTI_TOKEN=f9eeb6aa-4423-4423-af8a-xxxxxxxxxxxx
- CONNECTOR_ID=89df23ff-be0f-4971-91aa-xxxxxxxxxxxxx
- CONNECTOR_TYPE=EXTERNAL_IMPORT
- CONNECTOR_NAME=AlienVault
- CONNECTOR_SCOPE=alienvault
- CONNECTOR_CONFIDENCE_LEVEL=85 # From 0 (Unknown) to 100 (Fully trusted)
- CONNECTOR_UPDATE_EXISTING_DATA=false
- CONNECTOR_LOG_LEVEL=info
- ALIENVAULT_BASE_URL=https://otx.alienvault.com
- ALIENVAULT_API_KEY=${ALIENVAULT_API_KEY}
- ALIENVAULT_TLP=White
- ALIENVAULT_CREATE_OBSERVABLES=true
- ALIENVAULT_CREATE_INDICATORS=true
- ALIENVAULT_PULSE_START_TIMESTAMP=2020-05-01T00:00:00 # BEWARE! Could be a lot of pulses!
- ALIENVAULT_REPORT_TYPE=threat-report
- ALIENVAULT_REPORT_STATUS=NEW
- ALIENVAULT_GUESS_MALWARE=true # Use tags to guess malware.
- ALIENVAULT_GUESS_CVE=true # Use tags to guess CVE.
- ALIENVAULT_EXCLUDED_PULSE_INDICATOR_TYPES=FileHash-MD5,FileHash-SHA1 # Excluded Pulse indicator types.
- ALIENVAULT_ENABLE_RELATIONSHIPS=true # Enable/Disable relationship creation between SDOs.
- ALIENVAULT_ENABLE_ATTACK_PATTERNS_INDICATES=true # Enable/Disable "indicates" relationships between indicators and attack patterns
- ALIENVAULT_INTERVAL_SEC=500
restart: always
depends_on:
- opencti
CTI version : 6.0.5 ( Standalone architecture , 1 node deployment )
Docker version : 26.0.1, build d260a54
Any help would be greatly appreciated ! Have a nice day !
The text was updated successfully, but these errors were encountered: