API Docs missing some required parameters. #1871
Comments
|
hey, thanks for reporting. we are having difficulties in properly handling the documentation with ReDoc and drf-spectacular (we want to change them) so there might be some missing things in the docs. We didn't get any problem reported before because usually people leverage the supported clients so that's easier for them. If I may ask, which is your use case that does not allow to use the official libraries? Are you using a different language? Getting this kind of feedback from the users is very important to us and could drive the decision of the mantainers and our roadmap. Meanwhile, for your specific case, you can check the params required by the API for a single analysis which are inherited by the multiple analysis endpoint. Then, the 500 status code is never a good thing (it should have been a 400) so we'll investigate it further. |
|
Thanks for the update! For our use case, I'm integrating the IntelOwl API into a SIEM/SOAR platform which does not support third-party libraries (technically not true, but to use them I'd have to log a support ticket every time I needed to change/update any libraries, which is impractical). Thanks for the link, I did see this one already - it may be better to use this particular endpoint in hindsight, as I can make the requests separately. Hope that helps clarify the situation. |
|
Related bug #1742 |
|
closing this. We plan to refactor the docs to be more easily usable and maintainable: see #2043 |
What happened
The API documentation seems to be missing some required parameters for analysing multiple observables. It seems that the API docs have not been updated to show the correct keys required for the JSON payload.
I am unsure if there are other endpoints that have the same issues, as this is the only one I've tried to configure so far.
Note: I am not using
pyintelowlorgo-intelowl, this is just standard HTTP requests to the REST API. In my particular use case, I cannot currently make use of these libraries.Environment
What did you expect to happen
API Docs should show the correct requirements for making an API request to the application for multiple observables to be analysed.
How to reproduce your issue
I wanted to create an API request for analyzing an observable. After seeing that
/api/analyze_multiple_observableswas one of the endpoints I attempted to configure the API request as per the documentation.However, the provided documentation does not actually specify what an observable item should look like, nor does it include keys such as the
tlp,connectors_requestedandanalyzers_requested(amongst others) that seem to be required in the request (which I think originated from this issue/PR: #1020 (comment))Without including the correct format for the payload, I receive a
500, because the format was incorrect.Request:
{ "method": "POST", "uri": "https://<redacted>/api/analyze_multiple_observables", "protocol version": "HTTP/1.1", "headers": { "Content-Type": "application/json", "Accept": "application/json", "Authorization": "Token <redacted>" }, "payload": { "observables": [ ["ip", "1.1.1.1"] ] } }Response:
{ "status code": 500, "protocol version": "HTTP/1.1", "reason phrase": "Internal Server Error", "headers": { "Content-Length": "145", "Content-Type": "text/html; charset=utf-8", "Cross-Origin-Opener-Policy": "same-origin", "Date": "Thu, 31 Aug 2023 09:03:36 GMT", "Referrer-Policy": "same-origin", "Server": "nginx", "Vary": "Cookie", "X-Content-Type-Options": "nosniff", "X-Frame-Options": "DENY" }, "body": "\n<!doctype html>\n<html lang=\"en\">\n<head>\n <title>Server Error (500)</title>\n</head>\n<body>\n <h1>Server Error (500)</h1><p></p>\n</body>\n</html>\n" }With the correct payload, I receive a
200response from the API stating that the analysis is running.Request:
{ "method": "POST", "uri": "https://<redacted>/api/analyze_multiple_observables", "protocol version": "HTTP/1.1", "headers": { "Content-Type": "application/json", "Accept": "application/json", "Authorization": "Token <redacted>" }, "payload": { "observables": [ ["ip", "1.1.1.1"] ], "analyzers_requested": ["Classic_DNS", "AbuseIPDB"], "connectors_requested": ["OpenCTI"], "tlp": "WHITE", "runtime_configuration": {}, "tags_labels": [] } }Response:
{ "status code": 200, "protocol version": "HTTP/1.1", "reason phrase": "OK", "headers": { "Allow": "OPTIONS, POST", "Content-Length": "188", "Content-Type": "application/json", "Cross-Origin-Opener-Policy": "same-origin", "Date": "Thu, 31 Aug 2023 09:06:26 GMT", "Referrer-Policy": "same-origin", "Server": "nginx", "Vary": "Cookie", "X-Content-Type-Options": "nosniff", "X-Frame-Options": "DENY" }, "body": { "results": [{ "job_id": 124, "analyzers_running": ["AbuseIPDB", "Classic_DNS"], "connectors_running": ["OpenCTI"], "visualizers_running": [], "playbook_running": null, "status": "accepted" }], "count": 1 } }Error messages and logs
N/A
The text was updated successfully, but these errors were encountered: