Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[mandiant] Open vocabularies very strange behaviour in production #2023

Closed
SamuelHassine opened this issue Apr 10, 2024 · 3 comments
Closed

[mandiant] Open vocabularies very strange behaviour in production #2023

SamuelHassine opened this issue Apr 10, 2024 · 3 comments
Assignees
@Megafredo
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.10

Comments

@SamuelHassine
Copy link
Member

Description

In the production instance of Filigran, which is 1.5 month old (so post 6.0), we have very odd open vocab with the full JSON (unparsed). No investigated yet but I think this might be critical (cc @Kedae @richard-julien):

https://filigran.octi.filigran.io/dashboard/settings/vocabularies/fields/attack_motivation_ov

image
@SamuelHassine SamuelHassine added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Apr 10, 2024
@nino-filigran
Copy link

nino-filigran commented Apr 11, 2024
edited

I cannot access this space within production, but I can at least reproduce on demo the fact copy/pasting a json in the attribute name within an open_vocab is possible .

@nino-filigran nino-filigran added critical use to identify critical bug to fix ASAP and removed needs triage use to identify issue needing triage from Filigran Product team labels Apr 11, 2024
@Megafredo Megafredo self-assigned this Apr 11, 2024
@Megafredo Megafredo mentioned this issue Apr 11, 2024
Merged
4 tasks
@SamuelHassine
Copy link
Member Author

@Megafredo @nino-filigran It seems to be linked to the Mandiant connector not parsing correctly the motivation. If this is just this, no problem it is not critical at all. Thanks @Megafredo for the quick fix.

@nino-filigran it is normal that you can put manually any kind of content in the open vocab, json is still a string. I was fearing more a global issue in the Python library when we create open vocabs. If it is limited to Mandiant I think we can remove the tag critical.

@nino-filigran nino-filigran removed the critical use to identify critical bug to fix ASAP label Apr 11, 2024
@nino-filigran
Copy link

nino-filigran commented Apr 11, 2024
edited

My bad, I thought that this was checked also!

@SamuelHassine SamuelHassine transferred this issue from OpenCTI-Platform/opencti Apr 11, 2024
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Apr 11, 2024
@SamuelHassine SamuelHassine added this to the Release 6.1.0 milestone Apr 11, 2024
@SamuelHassine SamuelHassine changed the title Open vocabularies very strange behaviour in production, can lead to critical issue [mandiant] Open vocabularies very strange behaviour in production Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Megafredo Megafredo

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.10
Development

No branches or pull requests
3 participants
@SamuelHassine @Megafredo @nino-filigran