Connector Healthcheck Implementation

[ManaswibRane]

(Please add to the PR name the issue/s that this PR would close if merged by using a Github keyword. Example: <feature name>. Closes #999. If your PR is made by a single commit, please add that clause in the commit too. This is all required to automate the closure of related issues.)
Connector Healthcheck Implementation. Closes #928

Description

Contains healthcheck function for the Connector MISP

Type of change

Please delete options that are not relevant.

• New feature (non-breaking change which adds functionality).

Checklist

• I have read and understood the rules about how to Contribute to this project
• The pull request is for the branch develop
• A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • I strictly followed the documentation "How to create a Plugin"
  • Usage file was updated. A link to the PR to the docs repo has been added as a comment here.
  • Advanced-Usage was updated (in case the plugin provides additional optional configuration). A link to the PR to the docs repo has been added as a comment here.
  • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks (HEAD HTTP requests).
  • If a new analyzer has beed added, I have created a unittest for it in the appropriate dir. I have also mocked all the external calls, so that no real calls are being made while testing.
  • I have added that raw JSON sample to the get_mocker_response() method of the unittest class. This serves us to provide a valid sample for testing.
  • I have created the corresponding DataModel for the new analyzer following the documentation
• I have inserted the copyright banner at the start of the file: # This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl # See the file 'LICENSE' for copying permission.
• Please avoid adding new libraries as requirements whenever it is possible. Use new libraries only if strictly needed to solve the issue you are working for. In case of doubt, ask a maintainer permission to use a specific library.
• If external libraries/packages with restrictive licenses were added, they were added in the Legal Notice section.
• Linters (Ruff) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• If the GUI has been modified:
  • I have a provided a screenshot of the result in the PR.
  • I have created new frontend tests for the new component or updated existing ones.
• After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review by using GitHub's reviewing system detailed here.

[ManaswibRane]

Hello @mlodic ,
Extremely sorry for the delay
Testing took too much time had to debug and build multiple times the misp-docker too : X + docs
will commit the code soon after handling all errors
The cases of loggings

1. api unreachable
2. authentication
3. healthy (+more minor once)

Edit : Set openctl but gotta submit my gsoc proposal

The two main cases I have tested error and healthy
Attached the screenshots

Incase you need the video test
https://github.com/user-attachments/assets/05fdcfb9-a239-4caa-9ec0-62508ab7e3b9

Will move to openctl soon
Thanks !

[ManaswibRane]

Implemented the yeti healthcheck too need some cleanup before commits
used the test in the docs https://yeti-platform.io/docs/api/

import requests
apikey = "5902c3f2e63a172e0da2a8e9162771b3c7e0d98b813804f44149c1cd15dbcc6e"

# Add your API key to the x-yeti-apikey header
# Write a requests POST call with the api key in the header
response = requests.post(
    "http://localhost:8000/api/v2/auth/api-token",
    headers={"x-yeti-apikey": apikey},
)

access_token = response.json().get("access_token")

response = requests.get(
    "http://localhost:8000/api/v2/auth/me",
    headers={"authorization": f"Bearer {access_token}"},
)

print("response:", response.json())

# Or using a requests Session object, so you don't have to pass it every time
yeti_session = requests.Session()
yeti_session.headers.update({"authorization": f"Bearer {access_token}"})
response = yeti_session.get("http://localhost:8000/api/v2/auth/me")
print("response:", response.json())

tested with real instance
https://github.com/user-attachments/assets/8d3ba6a7-6f83-4643-a1c0-fbf9c1cd0002

[ManaswibRane]

Only openctl left once I implement that will look into the test faliure(need to add monkeypatches)

[ManaswibRane]

Opencti healthcheck implemented
All healthchecks tested with local instances

Screen.Recording.2026-03-29.214150.mp4

[mlodic]

this is not bad but we need also unittests and adjustment to the logic

[mlodic]

how this should be enough to evaluate that the MISP instance is up?

[ManaswibRane]

The next line misp.version Will fidget with that and its good to go then

[ManaswibRane]

code updated

Looks good to me checking if version word exists

[mlodic]

what happens if the health check fails? This is not clear here. I prefer that you explicitly raise the error instead of returning True at the end. Also for the other analyzers. This could bring some bugs and is difficult to maintain

[ManaswibRane]

Needed review if it is good upto this
I tested the error on line 1323 is triggered in api_app/views.py
Will create proper error handlers since all good

[ManaswibRane]

A few issues in the current connector implementation to be solved will solve and open a fresh pr later

[ManaswibRane]

Hi @mlodic ,

I am starting with my exams so will have to pause my work
But here are my insights
While doing the healthchecks I also tried the runs and openctl works
but there is an issue with yeti's current implementation

 headers = {"Accept": "application/json", "X-Api-Key": self._api_key_name}
        if self._url_key_name and self._url_key_name.endswith("/"):
            self._url_key_name = self._url_key_name[:-1]
        url = f"{self._url_key_name}/api/v2/observables/"

        # create observable with `obs_value` if it doesn't exists
        # new context, tags, source are appended with existing ones
        try:
            resp = requests.post(
                url=url,
                headers=headers,
                json=payload,
                verify=self.verify_ssl,
                timeout=60,
            )
            

but the official docs require token(Authorization header) https://yeti-platform.io/docs/api/ also it failed while I tried and also there is an issue in the post request it should be sent to another endpoint /api/v2/observables/{obs_id}/context
I fixed it and tried some tests

misp.py implementation works still the error occurs with no logs, didnt get time to find where the error is

[github-actions]

This pull request has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates or it will be closed in 5 days.