Add new sources to Recorded Future external-import #2142
Labels
feature
use for describing a new feature to develop
needs triage
use to identify issue needing triage from Filigran Product team
solved
use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Use case
We would like to add a new source of analyst note topics to the analyst note import that have recently came available. Currently if you do not specify the RF Topics to include all ids except the two undefined source, the connector will throw errors when trying to convert to stix format.
{ "timestamp": "2024-05-08T17:38:40.817916Z", "level": "ERROR", "name": "Recorded Future", "message": "No values for required properties for Report: (object_refs).", "exc_info": "Traceback (most recent call last):\n File \"/opt/opencti-connector-recorded-future/main.py\", line 176, in run\n self.convert_and_send(published, tas, work_id)\n File \"/opt/opencti-connector-recorded-future/main.py\", line 222, in convert_and_send\n bundle = stixnote.to_stix_bundle()\n ^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-recorded-future/rflib/rf_to_stix2.py\", line 1115, in to_stix_bundle\n return stix2.Bundle(objects=self.to_stix_objects(), allow_custom=True)\n ^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-recorded-future/rflib/rf_to_stix2.py\", line 1099, in to_stix_objects\n report = stix2.Report(\n ^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/stix2/base.py\", line 215, in __init__\n raise MissingPropertiesError(cls, missing_kwargs)\nstix2.exceptions.MissingPropertiesError: No values for required properties for Report: (object_refs)." }
New sources:
Executive Insights
The current list of notes can be seen on our support site:
https://support.recordedfuture.com/hc/en-us/articles/115009508148-Insikt-Group-Notes
Current Workaround
None
Proposed Solution
Adding the new source topic to the report_type_mapper
connectors/external-import/recorded-future/src/rflib/rf_to_stix2.py
Line 896 in 3c775c4
"Executive Insights": "Threat-Actor"
The text was updated successfully, but these errors were encountered: