Description
When enriching Case, like Incident Response, the python client crashes in the _process_message function. Here's the problem flow:
- In the
_process_message function, the _data_handler function is called on line 274.
- Inside the
_data_handler function, we call a generate_export function that will process the entity to be enriched, on line 365.
- This function will rewrite the entity ID by adding "x-opencti-" at the beginning, on line 1470.
- Then, back in the
_data_handler function, we will loop to keep only the entities that have e[”id“] == opencti_entity[”standard_id“], on line 372.
- However, having added “x-opencti-” to the beginning of the ID, this condition is no longer satisfied.
- As a result, the list "stix_entity" on line 369 remains empty.
- Finally, we try to retrieve the first element of the "stix_entity" list on line 373.
-> As the list is necessarily empty, we get the error:
{ "timestamp": "2025-03-18T00:30:01.171407Z", "level": "ERROR", "name": "internal-opencti-to-fire", "message": "Error in message processing, reporting error to API", "exc_info": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/pycti/connector/opencti_connector_helper.py\", line 325, in _data_handler\n stix_entity = [\n ^\nIndexError: list index out of range", "taskName": null }
Environment
OCTI 6.5.8
Reproducible Steps
Steps to create the smallest reproducible scenario:
- Try to run an enrichment connector on an Incident Response Case entity
Expected Output
I'd like the python client to be adapted so that we can create and use enrichment connectors on Cases (and on any other entities that might be affected by the same behavior).
Note
Since I didn't know whether this issue should be opened on the “opencti” or “client-python” repo, I opened it on both. I'll let you close one of them if necessary. Here's the issue on the “client-python” repo: OpenCTI-Platform/client-python#861
Description
When enriching Case, like Incident Response, the python client crashes in the _process_message function. Here's the problem flow:
_process_messagefunction, the_data_handlerfunction is called on line 274._data_handlerfunction, we call agenerate_exportfunction that will process the entity to be enriched, on line 365._data_handlerfunction, we will loop to keep only the entities that havee[”id“] == opencti_entity[”standard_id“], on line 372.-> As the list is necessarily empty, we get the error:
{ "timestamp": "2025-03-18T00:30:01.171407Z", "level": "ERROR", "name": "internal-opencti-to-fire", "message": "Error in message processing, reporting error to API", "exc_info": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.12/site-packages/pycti/connector/opencti_connector_helper.py\", line 325, in _data_handler\n stix_entity = [\n ^\nIndexError: list index out of range", "taskName": null }Environment
OCTI 6.5.8
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
I'd like the python client to be adapted so that we can create and use enrichment connectors on Cases (and on any other entities that might be affected by the same behavior).
Note
Since I didn't know whether this issue should be opened on the “opencti” or “client-python” repo, I opened it on both. I'll let you close one of them if necessary. Here's the issue on the “client-python” repo: OpenCTI-Platform/client-python#861