Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Playbook] Deactivating the detection field on Indicator does not work #8602

Open
Lhorus6 opened this issue Oct 3, 2024 · 1 comment
Open

[Playbook] Deactivating the detection field on Indicator does not work #8602

Lhorus6 opened this issue Oct 3, 2024 · 1 comment
Labels
bug use for describing something not working as expected playbook Linked to automation engine
Milestone
Bugs backlog

Comments

@Lhorus6
Copy link

Lhorus6 commented Oct 3, 2024

Description

When I try to deactivate / set to false the detection field of an Indicator, the playbook runs until the end but the detection field remains at “true”.

I can see in the execution traces that in the bundle sent for ingestion, the field is set to true, so the playbook component doesn't seem to be doing anything.

image

image

Environment

OCTI 6.3.4

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create this playbook

Listener

image

Manipulate

image

Send for ingestion

image

  1. Switch the detection field of an Indicator to "true"
  2. Apply the label "test"
  3. Check out the playbook. It ran but did not modify the detection field.
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Oct 3, 2024
@romain-filigran
Copy link
Member

Reproduced

@romain-filigran romain-filigran added playbook Linked to automation engine and removed needs triage use to identify issue needing triage from Filigran Product team labels Oct 4, 2024
@romain-filigran romain-filigran added this to the Bugs backlog milestone Oct 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected playbook Linked to automation engine
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
2 participants
@Lhorus6 @romain-filigran