[Sublime] Verify the connector

[Ninoxe]

Proposed changes

• Clean config files (remove entrypoint, comment optional config)
• Add connector-sdk settings config
• Manage API calls outside of connector.py file
• Use correct logger
• Add functions in utils.py instead of connector.py
• Create converter_to_stix.py

Related issues

• close [Sublime] Verify the connector #6131

Checklist

• I consider the submitted work as finished
• I have signed my commits using GPG key.
• I tested the code for its functionality using different use cases
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality

Further comments

[codecov]

Codecov Report

❌ Patch coverage is 79.11302% with 146 lines in your changes missing coverage. Please review.
✅ Project coverage is 0.66%. Comparing base (4d9abbe) to head (999ba19).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...-import/sublime/src/connector/sublime_connector.py	5.26%	126 Missing ⚠️
external-import/sublime/src/main.py	0.00%	13 Missing ⚠️
...al-import/sublime/src/sublime_client/api_client.py	90.74%	5 Missing ⚠️
...-import/sublime/src/connector/converter_to_stix.py	96.96%	2 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (4d9abbe) and HEAD (999ba19). Click for more details.

HEAD has 94 uploads less than BASE

Flag	BASE (4d9abbe)	HEAD (999ba19)
connectors	96	2

Additional details and impacted files

@@             Coverage Diff             @@
##           master    #6326       +/-   ##
===========================================
- Coverage   41.08%    0.66%   -40.43%     
===========================================
  Files        2151     1676      -475     
  Lines      129129   100739    -28390     
===========================================
- Hits        53058      673    -52385     
- Misses      76071   100066    +23995     

Flag	Coverage Δ
baseline	0.00% <0.00%> (ø)
connectors	58.06% <80.61%> (-16.35%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jabesq]

Nothing is blocking, mostly code improvements.

[Copilot]

Pull request overview

Refactors the Sublime external-import connector to use the newer connectors-sdk configuration pattern, split API/STIX logic into dedicated modules, and mark the connector as verified/manager-supported in repository metadata.

Changes:

• Moves connector bootstrap/config handling to ConnectorSettings + main.py, and extracts API and STIX conversion helpers.
• Adds a new test suite covering settings, utils, API client, and STIX conversion behavior.
• Updates packaging, samples, docs, and metadata to support manager usage and verified status.

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
external-import/sublime/tests/test-requirements.txt	Adds Python test dependencies.
external-import/sublime/tests/test_utils.py	Adds utility-function tests.
external-import/sublime/tests/test_settings.py	Adds configuration validation tests.
external-import/sublime/tests/test_converter_to_stix.py	Adds STIX conversion tests.
external-import/sublime/tests/test_api_client.py	Adds API client tests.
external-import/sublime/tests/conftest.py	Adds shared pytest fixtures/mocks.
external-import/sublime/tests/__init__.py	Adds test package marker.
external-import/sublime/src/sublime_client/api_client.py	Introduces dedicated Sublime API client.
external-import/sublime/src/sublime_client/__init__.py	Exposes API client package exports.
external-import/sublime/src/requirements.txt	Adds connectors-sdk dependency.
external-import/sublime/src/main.py	Adds new connector entrypoint.
external-import/sublime/src/connector/utils.py	Extracts shared helper utilities.
external-import/sublime/src/connector/sublime_connector.py	Refactors main connector flow around new settings/client/converter modules.
external-import/sublime/src/connector/settings.py	Adds connectors-sdk based settings models.
external-import/sublime/src/connector/converter_to_stix.py	Adds centralized STIX object factory/conversion logic.
external-import/sublime/src/connector/__init__.py	Re-exports connector/settings classes.
external-import/sublime/src/config.yml.sample	Removes old sample config location.
external-import/sublime/README.md	Updates configuration/documentation links.
external-import/sublime/entrypoint.sh	Removes old shell entrypoint.
external-import/sublime/Dockerfile	Switches container startup to main.py.
external-import/sublime/docker-compose.yml	Cleans sample env vars for new config model.
external-import/sublime/config.yml.sample	Adds root-level sample config for new settings loader.
external-import/sublime/__metadata__/connector_manifest.json	Marks connector verified and manager-supported.
external-import/sublime/__metadata__/connector_config_schema.json	Adds generated connector config schema.
external-import/sublime/__metadata__/CONNECTOR_CONFIG_DOC.md	Adds generated config documentation.

Comments suppressed due to low confidence (5)

external-import/sublime/src/connector/sublime_connector.py:375

• The primary EmailMessage is now built without from_ref/to_refs, so the imported email no longer keeps any direct link to the sender and recipients you just created above. OpenCTI will ingest the addresses as unrelated observables instead of participants of the message.
  external-import/sublime/src/connector/sublime_connector.py:1166
• After a bundle send fails, this code only logs the exception and still increments processed_count below. The caller will then advance the connector state past this message, so failed imports are silently dropped instead of being retried.
  external-import/sublime/src/connector/sublime_connector.py:1325
• to_processed() is now called unconditionally in finally, even when the except path above logged a batch-processing failure. That marks failed runs as successful in OpenCTI work tracking and hides operational problems.
  external-import/sublime/src/connector/sublime_connector.py:50
• This makes amber+strict selectable, but the connector never adds the resulting custom MarkingDefinition to the bundle before calling send_stix2_bundle(..., cleanup_inconsistent_bundle=True). With SUBLIME_TLP_LEVEL=amber+strict, OpenCTI will drop or reject objects whose object_marking_refs point to that missing definition.
  external-import/sublime/src/connector/sublime_connector.py:968
• create_ip_address() returns None for malformed header values, but this loop appends that None directly into observables. The later indicator-generation/bundling paths assume every entry is a STIX object, so a single bad IP will still crash processing instead of being skipped.

[jabesq]

LGTM 👍