[Mandiant] Problem with Observable when importing Indicators via a Report

[Lhorus6]

Description

The Mandiant connector allows you to import a lot of data in different ways. For example, you can:

• Indicators can be imported independently (works very well)
• But you can also import Indicators when you import Reports (problem here).

For this second point, we seem to have a problem with the management of Observables linked to Indicators.

Normally, when we have Indicators, we also create Observables and a based-on relationship. In the case where Indicators are fetched as part of a Report, we should also create Observables and a based-on relationship + add them to the Report. However, I see this happening:

• Observables and relationships are not in the report
• (not sure about this) the connector doesn't even create them. EDIT: They are created by the connector but not added to the report

Environment

OCTI 6.4.4

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Run the Mandiant connector
2. Look for Report containing Indicator

Expected Output

Include in my report the Indicators + the Observables + the relationships between them

Actual Output

I have only the Indicators in my Report and it seems to me that we don't have at all the Observables and the relationship in the database EDIT: They are created by the connector but not added to the report

[Lhorus6]

Wrong repo, sorry ;)
Here we go: OpenCTI-Platform/connectors#3125