Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new sources to Recorded Future external-import #2142

Closed
ryano-recordedfuture opened this issue May 17, 2024 · 1 comment
Closed

Add new sources to Recorded Future external-import #2142

ryano-recordedfuture opened this issue May 17, 2024 · 1 comment
Assignees
@helene-nguyen
Labels
feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.1.4

Comments

@ryano-recordedfuture
Copy link

Use case

We would like to add a new source of analyst note topics to the analyst note import that have recently came available. Currently if you do not specify the RF Topics to include all ids except the two undefined source, the connector will throw errors when trying to convert to stix format.

{ "timestamp": "2024-05-08T17:38:40.817916Z", "level": "ERROR", "name": "Recorded Future", "message": "No values for required properties for Report: (object_refs).", "exc_info": "Traceback (most recent call last):\n File \"/opt/opencti-connector-recorded-future/main.py\", line 176, in run\n self.convert_and_send(published, tas, work_id)\n File \"/opt/opencti-connector-recorded-future/main.py\", line 222, in convert_and_send\n bundle = stixnote.to_stix_bundle()\n ^^^^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-recorded-future/rflib/rf_to_stix2.py\", line 1115, in to_stix_bundle\n return stix2.Bundle(objects=self.to_stix_objects(), allow_custom=True)\n ^^^^^^^^^^^^^^^^^^^^^^\n File \"/opt/opencti-connector-recorded-future/rflib/rf_to_stix2.py\", line 1099, in to_stix_objects\n report = stix2.Report(\n ^^^^^^^^^^^^^\n File \"/usr/local/lib/python3.11/site-packages/stix2/base.py\", line 215, in __init__\n raise MissingPropertiesError(cls, missing_kwargs)\nstix2.exceptions.MissingPropertiesError: No values for required properties for Report: (object_refs)." }

New sources:
Executive Insights

The current list of notes can be seen on our support site:
https://support.recordedfuture.com/hc/en-us/articles/115009508148-Insikt-Group-Notes

Current Workaround

None

Proposed Solution

Adding the new source topic to the report_type_mapper

connectors/external-import/recorded-future/src/rflib/rf_to_stix2.py

Line 896 in 3c775c4

report_type_mapper = {

"Executive Insights": "Threat-Actor"
@ryano-recordedfuture ryano-recordedfuture added feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team labels May 17, 2024
@Jipegien
Copy link
Member

Based on example received, must be imported as Reports with external references. context_entities are too generic to be included.

@helene-nguyen helene-nguyen self-assigned this May 22, 2024
@helene-nguyen helene-nguyen mentioned this issue May 22, 2024
Merged
4 tasks
@helene-nguyen helene-nguyen added the solved use to identify issue that has been solved (must be linked to the solving PR) label May 23, 2024
@richard-julien richard-julien added this to the Release 6.1.4 milestone May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@helene-nguyen helene-nguyen

Labels
feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.1.4
Development

No branches or pull requests
4 participants
@richard-julien @helene-nguyen @ryano-recordedfuture @Jipegien