Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

stix_cyber_observable.create: Unable to create StixFile without MD5 #173

Closed
r0sier opened this issue May 16, 2021 · 2 comments
Closed

stix_cyber_observable.create: Unable to create StixFile without MD5 #173

r0sier opened this issue May 16, 2021 · 2 comments
Labels
question use for asking information about a functionality or behavior solved use to identify issue that has been solved (must be linked to the solving PR)

Comments

@r0sier
Copy link

r0sier commented May 16, 2021
edited
Loading

Description

When using pycti to create a StixFile observable, the MD5 file hash value must be present. Without, an unsupported error is raised for 'Cant create key for StixFile from empty data'

Environment

pycti-4.5.3

Reproducible Steps

Create a StixFile observable with a hash algorithm other than MD5, for example:

observable = opencti_api_client.stix_cyber_observable.create(
    observableData={
        "type": "file",
        "hashes": {
            "sha1": "3a1f908941311fc357051b5c35fd2a4e0c834e37",
        },
    }
)

Expected Output

An observable is created

Actual Output

ERROR:root:Cant create key for StixFile from empty data

Additional information

On another note, it would be useful if the type could also be set as StixFile rather than just file. If attempting to create an observable of type StixFile, an error is thrown: ERROR:root:Observable type Stixfile is not supported.

Thanks in advance!
@r0sier
Copy link
Author

r0sier commented May 16, 2021

I've found that the issue was the algorithm key was not mapped correctly. If you execute the pycti examples/create_file_with_hashes.py:

# Create observable
observable = opencti_api_client.stix_cyber_observable.create(
    observableData={
        "type": "file",
        "hashes": {
            "md5": "16b3f663d0f0371a4706642c6ac04e42",
            "sha1": "3a1f908941311fc357051b5c35fd2a4e0c834e37",
            "sha256": "bcc70a49fab005b4cdbe0cbd87863ec622c6b2c656987d201adbb0e05ec03e56",
        },
    }
)

The sha256 and sha1 hashes are displayed with no errors within the UI, however are not mapped correctly I believe as when you go to edit the observable within the UI, the hash fields for SHA1 and SHA-256 are empty.

The correct hash key should be sah-256 and sha-1. This has closed my issue but unsure if this is working as intended. May be worth updating the hash keys within examples/create_file_with_hashes.py so others don't also have issues with this! :)

@r0sier r0sier closed this as completed May 16, 2021
@richard-julien
Copy link
Member

@SamuelHassine ?

SamuelHassine pushed a commit that referenced this issue May 16, 2021
[examples] Fix hashes example (#173)
4228691
@SamuelHassine SamuelHassine added question use for asking information about a functionality or behavior solved use to identify issue that has been solved (must be linked to the solving PR) labels May 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question use for asking information about a functionality or behavior solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@richard-julien @SamuelHassine @r0sier