Skip to content

cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list  #389

New issue
New issue
Open
Open
cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list #389
Labels
bugSomething isn't working
@frequent6198

Description

@frequent6198
frequent6198
opened on Aug 1, 2023

Describe the bug
cbcloud connector is connecting successfully to the data source but it is unable to return results because of the following error:
cbcloud connector failing to return results: kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list

Details of the bug

  • What is the hunt flow/script you are executing?
    Incrementing the following by an additional 0 in the seconds value until it returns results.
test = GET process
       FROM stixshifter://src
       WHERE process:name != "name"
       LAST 1 SECONDS

Error occurred with:

test = GET process
       FROM stixshifter://src
       WHERE process:name != "name"
       LAST 100 SECONDS
  • What is the error message?
    Debug tail:
5:35:49 DEBUG jsonmerge descend:         invoke strategy overwrite
15:35:49 DEBUG jsonmerge work   :         base #/configuration/auth/token/type, head #/configuration/auth/token/type
15:35:49 ERROR stix_shifter_utils.stix_translation.stix_translation_error_mapper received exception => TypeError: the JSON object must be str, bytes or bytearray, not list
15:35:49 DEBUG kestrel_datasource_stixshifter.multiproc [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list
Traceback (most recent call last):
  File "/opt/tljh/user/bin/kestrel", line 9, in <module>
    runpy.run_module("kestrel", run_name="__main__")
  File "/opt/tljh/user/lib/python3.9/runpy.py", line 228, in run_module
    return _run_code(code, {}, init_globals, run_name, mod_spec)
  File "/opt/tljh/user/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/__main__.py", line 32, in <module>
    outputs = session.execute(huntflow)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/session.py", line 274, in execute
    return self._execute_ast(ast)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/session.py", line 427, in _execute_ast
    output_var_struct, display = execute_cmd(stmt, self)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 102, in wrapper
    return func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 64, in wrapper
    ret = func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 81, in wrapper
    return func(stmt, session)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/codegen/commands.py", line 254, in get
    rs = session.data_source_manager.query(
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel/datasource/manager.py", line 33, in query
    rs = i.query(uri, pattern, session_id, c, store, limit)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/interface.py", line 138, in query
    return query_datasource(uri, pattern, session_id, config, store, limit)
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/query.py", line 129, in query_datasource
    for result in multiproc.read_translated_results(
  File "/opt/tljh/user/lib/python3.9/site-packages/kestrel_datasource_stixshifter/multiproc.py", line 102, in read_translated_results
    raise DataSourceError(log_msg)
kestrel.exceptions.DataSourceError: [ERROR] DataSourceError: [worker: Translator-1] STIX-shifter translation to STIX failed: STIX translation error: the JSON object must be str, bytes or bytearray, not list
please check data source config or diagnose with stix-shifter-diag command.

stix-shifter-diag will not work correctly with cbcloud as LIKE has not been implemented for this connector.

To Reproduce
Steps to reproduce the behavior:

  1. connect to a carbonblack cloud instance
  2. run a simple hunt flow that will get results if the timespan is long enough, e.g: get process from src where process != 'name' last 1 seconds
  3. increase the duration by one digit until the search attempts to return results, it will fail.

Expected behavior
The matching results are returned

Environment (please complete the following information):

  • OS: AWS EC2
  • Python version: Python 3.9.13
  • Python install environment: Jupyterhub w/ pip
  • STIX-Shifter version: 5.3.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions