[sentinel-incidents]: No values for required properties for Directory bug

[blockanz]

Description

Environment

1. OS Ubuntu 24.04
2. OpenCTI version: 6.4.9
3. OpenCTI client: frontend
4. Other environment details: Sentinel-Incidents Conenctor

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Configure yaml file with sentinel app registration ID, tenant ID, and secret
2. Same erro from 6.4.8 at least

Expected Output

Defender for Endpoint Incidents downloaded and added to OpenCTI. Originally worked on old Sentinel connector.

Actual Output

INFO [CONNECTOR] Connector last imported incident timestamp: | timestamp=2025-01-28T23:30:17.932312Z name="Sentinel Incidents" taskName=null attributes={"last_incident_datetime":1736477672}

INFO Initiate work | timestamp=2025-01-28T23:30:17.932597Z name=api taskName=null attributes={"connector_id":"ab273d9b-3d81-ea79-d6a7-7ac72df2ad1e"}

INFO [CONNECTOR] Running connector... | timestamp=2025-01-28T23:30:18.025673Z name="Sentinel Incidents" taskName=null attributes={"connector_name":""Sentinel Incidents""}

ERROR No values for required properties for Directory: (path). | timestamp=2025-01-28T23:30:19.637727Z name="Sentinel Incidents" exc_info=Traceback (most recent call last):
File "/opt/opencti-connector-sentinel-incidents/sentinel_incidents_connector/connector.py", line 326, in process_message
stix_objects = self._extract_intelligence(incident)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/opencti-connector-sentinel-incidents/sentinel_incidents_connector/connector.py", line 210, in _extract_intelligence
self.converter_to_stix.create_evidence_directory(file)
File "/opt/opencti-connector-sentinel-incidents/sentinel_incidents_connector/converter_to_stix.py", line 313, in create_evidence_directory
stix_directory = stix2.Directory(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/stix2/v21/base.py", line 15, in init
super(_Observable, self).init(**kwargs)
File "/usr/local/lib/python3.12/site-packages/stix2/base.py", line 381, in init
super(_Observable, self).init(**kwargs)
File "/usr/local/lib/python3.12/site-packages/stix2/base.py", line 215, in init
raise MissingPropertiesError(cls, missing_kwargs)
stix2.exceptions.MissingPropertiesError: No values for required properties for Directory: (path). taskName=null

[blockanz]

Here is the configuration (edited for security)

connector-sentinel-incidents:
image: opencti/connector-sentinel-incidents:6.4.9
environment:
- OPENCTI_URL=http://192.168.16.80:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
- CONNECTOR_ID=${CONNECTOR_SENTINEL_INCIDENT_ID}
- CONNECTOR_NAME="Sentinel Incidents"
- CONNECTOR_TYPE=EXTERNAL_IMPORT
- CONNECTOR_LOG_LEVEL=debug
- CONNECTOR_DURATION_PERIOD=PT15M
- CONNECTOR_RUN_AND_TERMINATE=false
- CONNECTOR_SEND_TO_DIRECTORY=false
- SENTINEL_INCIDENTS_TENANT_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- SENTINEL_INCIDENTS_CLIENT_ID=XXXXXXXXXXXXXXXXXXXXXXXXXXXX
- SENTINEL_INCIDENTS_CLIENT_SECRET=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- SENTINEL_INCIDENTS_TARGET_PRODUCT="Microsoft Defender ATP"
- SENTINEL_INCIDENTS_LOGIN_URL=https://login.microsoft.com
- SENTINEL_INCIDENTS_API_BASE_URL=https://graph.microsoft.com
- SENTINEL_INCIDENTS_INCIDENT_PATH=/v1.0/security/incidents
- SENTINEL_INCIDENTS_IMPORT_START_DATE=2025-01-01T00:00:00Z
restart: always
depends_on:
- opencti