Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
vschmitt_FTNT
Staff
Staff

Created on ‎03-07-2025 05:15 AM

Article Id 380973

Troubleshooting Tip: Recorded Future health check failing on Invalid endpoint or credentials

Description

This article describes how to troubleshoot the Recorded Future health check failing with an Invalid endpoint or credentials.
Scope Recorded Future v2.0.0.
Solution

The Recorded Future health check will trigger the API endpoint 'https://api.recordedfuture.com/v2/ip' and the configuration should be as follows:

 

Server URL: https://api.recordedfuture.com

 

If the FortiSOAR administrator has an error: Invalid endpoint or credentials, the following actions can be done.

  • Verify in the /var/log/cyops/cyops-integrations/connectors.log the presence of this error message:

 

2025-02-26 14:05:34 PM UTC ERROR connectors.recorded-future connector check_health(): Invalid endpoint or credentials
Traceback (most recent call last):
  File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 422, in test_connection
    raise ConnectorError('Invalid endpoint or credentials')
connectors.core.base_connector.ConnectorError: Invalid endpoint or credentials

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/connector.py", line 21, in check_health
    return test_connection(config)
  File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 440, in test_connection
    raise ConnectorError(str(e))
connectors.core.base_connector.ConnectorError: Invalid endpoint or credentials
2025-02-26 14:05:34 PM UTC INFO connectors views dispatch(): Broadcast: No destination id found returning, current MASTER ID: None
2025-02-26 14:05:38 PM UTC ERROR connectors.recorded-future operations make_rest_call(): {"error":{"status":401}}
2025-02-26 14:05:38 PM UTC ERROR connectors.recorded-future operations _get_response(): 'message'
Traceback (most recent call last):
  File "/opt/cyops/configs/integrations/connectors/recorded-future_2_0_0/operations.py", line 45, in make_rest_call
    {'status_code': response.status_code, 'message': response.json()['error']['message']})
KeyError: 'message'

 

  • Open a CLI on FortiSOAR and execute the following query, replacing the '[API token]' with the Recorded Future API token:


curl -H "X-RFToken: [API token]" "https://api.recordedfuture.com/v2/ip/8.8.8.8?fields=risk"

 

 

If the web interface works, it will validate the good API token is being used. If the CLI does not work, analyze the answer provided by curl.

 

If the error message does not have the following error: make_rest_call(): {"error":{"status":401}} but another 401 error message, the connection is not targeting the Recorded Future API server.
56
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.