Troubleshooting Tip: Recorded Future health check failing on Invalid endpoint or credentials

The Recorded Future health check will trigger the API endpoint 'https://api.recordedfuture.com/v2/ip' and the configuration should be as follows:

Server URL: https://api.recordedfuture.com

If the FortiSOAR administrator has an error: Invalid endpoint or credentials, the following actions can be done.

• Verify in the /var/log/cyops/cyops-integrations/connectors.log the presence of this error message:

2025-02-26 14:05:34 PM UTC ERROR connectors.recorded-future connector check_health(): Invalid endpoint or credentials Traceback (most recent call last):   File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 422, in test_connection     raise ConnectorError('Invalid endpoint or credentials') connectors.core.base_connector.ConnectorError: Invalid endpoint or credentials  During handling of the above exception, another exception occurred:  Traceback (most recent call last):   File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/connector.py", line 21, in check_health     return test_connection(config)   File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 440, in test_connection     raise ConnectorError(str(e)) connectors.core.base_connector.ConnectorError: Invalid endpoint or credentials 2025-02-26 14:05:34 PM UTC INFO connectors views dispatch(): Broadcast: No destination id found returning, current MASTER ID: None 2025-02-26 14:05:38 PM UTC ERROR connectors.recorded-future operations make_rest_call(): {"error":{"status":401}} 2025-02-26 14:05:38 PM UTC ERROR connectors.recorded-future operations _get_response(): 'message' Traceback (most recent call last):   File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 45, in make_rest_call     {'status_code': response.status_code, 'message': response.json()['error']['message']}) KeyError: 'message'

• Open a CLI on FortiSOAR and execute the following query, replacing the '[API token]' with the Recorded Future API token:

curl -H "X-RFToken: [API token]" "https://api.recordedfuture.com/v2/ip/8.8.8.8?fields=risk"

• Open a web browser and try using the web interface: https://docs.recordedfuture.com/reference/ip-lookup, enter the ip 8.8.8.8 in the path params, the fields: risk in the query params, and in the credentials enter the X-RFToken and select 'Try it!'.

If the web interface works, it will validate the good API token is being used. If the CLI does not work, analyze the answer provided by curl.

If the error message does not have the following error: make_rest_call(): {"error":{"status":401}} but another 401 error message, the connection is not targeting the Recorded Future API server.