Hi @goji Having checked the python code within this app - it looks like it is forcing SSL Verification when connecting to the OpenCTI endpoint. response = helper.send_http_request(url, method, pa...
See more...
Hi @goji Having checked the python code within this app - it looks like it is forcing SSL Verification when connecting to the OpenCTI endpoint. response = helper.send_http_request(url, method, parameters=None, payload=None,
headers=None, cookies=None, verify=True, cert=None,
timeout=None, use_proxy=True) This means that you would need to provide a OpenCTI URL on a DNS name with a valid SSL Certificate. When you tried to connect using curl, did you need to pass param like "-k" to skip SSL Verification? Are you able to use a DNS name and add a valid SSL certificate to the OpenCTI server? If not then I think the only other option would be to modify the script to turn off SSL verification (Its a shame the app author hasnt provided this option). The issue with this is it can leave you with a fragile environment, in that if you upgrade the app in the future then it will override your changes. If you want to test this approach then you can try making the following modifications - but remember the caveats (This is obviously sub-optimal!) TA-opencti-add-on/bin/input_module_opencti_indicators.py - Lines 224-226
response = helper.send_http_request(url, method, parameters=None, payload=None,
headers=None, cookies=None, verify=True, cert=None,
timeout=None, use_proxy=True)
Change verify=True to verify=False And the modalert: TA-opencti-add-on/bin/ta_opencti_add_on/alert_actions_base.py - Line 108
def send_http_request(self, url, method, parameters=None, payload=None, headers=None, cookies=None, verify=True, cert=None, timeout=None, use_proxy=True):
Again, change verify=True to verify=False Please let me know how you get on and consider adding karma to this or any other answer if it has helped. Regards Will