Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Export full indicator via SSE upon deletion #1302

Closed
0snap opened this issue Apr 27, 2021 · 1 comment
Closed

Export full indicator via SSE upon deletion #1302

0snap opened this issue Apr 27, 2021 · 1 comment
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 4.5.1

Comments

@0snap
Copy link

0snap commented Apr 27, 2021

Problem to Solve

When a user deletes an indicator (e.g., in the web UI), OpenCTI only exports the opencti_id alongside some other metadata to connectors via SSE. Once deleted, one cannot query that indicator anymore via the API. Connectors/tools that want to work with the deleted indicator are left dangling because it is impossible to find out details about the deleted indicator (i.e., the pattern).

It would be great if OpenCTI could export the entire indicator via SSE and flag it as deleted.

Current Workaround

There is none to my knowledge

Proposed Solution

OpenCTI pushes the full indicator into the SSE stream upon deletion instead of just some metadata.

Additional Information

This slack question and the following 4 comments.
@richard-julien richard-julien added the feature use for describing a new feature to develop label Apr 27, 2021
@richard-julien
Copy link
Member

Handled in 0a1b923
Will be available in the next release.

@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label May 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 4.5.1
Development

No branches or pull requests
3 participants
@richard-julien @SamuelHassine @0snap