You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Error when using Hybrid-Analysis-Sandbox to enrich a URL.
Environment
OS Windows 10
OpenCTI version: 5.7.6
OpenCTI client: frontend
Other environment details:
Reproducible Steps
Steps to create the smallest reproducible scenario:
Enrich a URL using hybrid-analysis-sandbox. The URL report must generate IPv4 adresses and Domain names
Expected Output
Actual Output
"errors": [
{
"timestamp": "2023-05-29T08:59:59.939Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.098Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.198Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.275Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.299Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.351Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.464Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and Domain-Name'}"
},
{
"timestamp": "2023-05-29T09:00:00.487Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
},
{
"timestamp": "2023-05-29T09:00:00.514Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
},
{
"timestamp": "2023-05-29T09:00:00.626Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
},
{
"timestamp": "2023-05-29T09:00:00.641Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
},
{
"timestamp": "2023-05-29T09:00:00.678Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
},
{
"timestamp": "2023-05-29T09:00:00.800Z",
"message": "{'name': 'FunctionalError', 'message': 'The relationship type communicates-with is not allowed between Url and IPv4-Addr'}"
}
]
Additional information
Screenshots (optional)
The text was updated successfully, but these errors were encountered:
"Communicates-with" is a relation used in the context of the "Infrastructure" SDO that we will not use for the moment here.
An URL should be associated to a domain-name (possibly the related-to relationship, as I do not see specific one). And a domaine-name can be associated with multiple SCO like IP adresses with "resolve-to" relationship.
There is no direct relation between URL and IPv4 or v6.
Attack-pattern is a high level concept. Linking directly an URL and an Attack-pattern doesn't make sense because an URL cannot be observe in every instance of an Attack-pattern (malicious.com/something is not use in every Spear-Phishing).
Description
Error when using Hybrid-Analysis-Sandbox to enrich a URL.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
Actual Output
Additional information
Screenshots (optional)
The text was updated successfully, but these errors were encountered: