Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list #389

Open
frequent6198 opened this issue Aug 1, 2023 · 0 comments
Open

cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list #389

frequent6198 opened this issue Aug 1, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@frequent6198
Copy link

Describe the bug
cbcloud connector is connecting successfully to the data source but it is unable to return results because of the following error:
cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list

Details of the bug

  • What is the hunt flow/script you are executing?
    Incrementing the following by an additional 0 in the seconds value until it returns results.
test = GET process
       FROM stixshifter://src
       WHERE process:name != "name"
       LAST 1 SECONDS

Error occurred with:

test = GET process
       FROM stixshifter://src
       WHERE process:name != "name"
       LAST 100 SECONDS
  • What is the error message?
    Debug tail:
5:35:49 DEBUG jsonmerge descend:         invoke strategy overwrite
15:35:49 DEBUG jsonmerge work   :         base #/configuration/auth/token/type, head #/configuration/auth/token/type
15:35:49 ERROR stix_shifter_utils.stix_translation.stix_translation_error_mapper received exception => TypeError: the JSON object must be str, bytes or bytearray, not list
15:35:49 DEBUG kestrel_datasource_stixshifter.multiproc [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list
Traceback (most recent call last):
  File "/opt/tljh/user/bin/kestrel", line 9, in <module>
    runpy.run_module("kestrel", run_name="__main__")
  File "/opt/tljh/user/lib/python3.9/runpy.py", line 228, in run_module
    return _run_code(code, {}, init_globals, run_name, mod_spec)
  File "/opt/tljh/user/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/__main__.py", line 32, in <module>
    outputs = session.execute(huntflow)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/session.py", line 274, in execute
    return self._execute_ast(ast)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/session.py", line 427, in _execute_ast
    output_var_struct, display = execute_cmd(stmt, self)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 102, in wrapper
    return func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 64, in wrapper
    ret = func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 81, in wrapper
    return func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 254, in get
    rs = session.data_source_manager.query(
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/datasource/manager.py", line 33, in query
    rs = i.query(uri, pattern, session_id, c, store, limit)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/interface.py", line 138, in query
    return query_datasource(uri, pattern, session_id, config, store, limit)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/query.py", line 129, in query_datasource
    for result in multiproc.read_translated_results(
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/multiproc.py", line 102, in read_translated_results
    raise DataSourceError(log_msg)
kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list
please check data source config or diagnose with stix-shifter-diag command.

stix-shifter-diag will not work correctly with cbcloud as LIKE has not been implemented for this connector.

To Reproduce
Steps to reproduce the behavior:

  1. connect to a carbonblack cloud instance
  2. run a simple hunt flow that will get results if the timespan is long enough, e.g: get process from src where process != 'name' last 1 seconds
  3. increase the duration by one digit until the search attempts to return results, it will fail.

Expected behavior
The matching results are returned

Environment (please complete the following information):

  • OS: AWS EC2
  • Python version: Python 3.9.13
  • Python install environment: Jupyterhub w/ pip
  • STIX-Shifter version: 5.3.1
@frequent6198 frequent6198 added the bug Something isn't working label Aug 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@frequent6198