Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Mandiant] Problem with Observable when importing Indicators via a Report #3125

Open
Lhorus6 opened this issue Dec 12, 2024 · 0 comments
Open

[Mandiant] Problem with Observable when importing Indicators via a Report #3125

Lhorus6 opened this issue Dec 12, 2024 · 0 comments
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@Lhorus6
Copy link
Contributor

Lhorus6 commented Dec 12, 2024

Description

The Mandiant connector allows you to import a lot of data in different ways. For example, you can:

  • Indicators can be imported independently (works very well)
  • But you can also import Indicators when you import Reports (problem here).

For this second point, we seem to have a problem with the management of Observables linked to Indicators.

Normally, when we have Indicators, we also create Observables and a based-on relationship. In the case where Indicators are fetched as part of a Report, we should also create Observables and a based-on relationship + add them to the Report. However, I see this happening:

  • Observables and relationships are not in the report
  • (not sure about this) the connector doesn't even create them. EDIT: They are created by the connector but not added to the report

Environment

OCTI 6.4.4

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Run the Mandiant connector
  2. Look for Report containing Indicator

Expected Output

Include in my report the Indicators + the Observables + the relationships between them

Actual Output

I have only the Indicators in my Report and it seems to me that we don't have at all the Observables and the relationship in the database EDIT: They are created by the connector but not added to the report
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Dec 12, 2024
@Lhorus6 Lhorus6 mentioned this issue Dec 12, 2024
Closed
@romain-filigran romain-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 7, 2025
@romain-filigran romain-filigran added this to the Bugs backlog milestone Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
2 participants
@Lhorus6 @romain-filigran