Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creation of an indicator without name #1912

Closed
2xyo opened this issue Feb 22, 2022 · 2 comments
Closed

Creation of an indicator without name #1912

2xyo opened this issue Feb 22, 2022 · 2 comments
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)

Comments

@2xyo
Copy link
Contributor

2xyo commented Feb 22, 2022

Description

Creation of an indicator without name is not possible as required in STIX™ Version 2.1 and in the STIX™ 2.1 Interoperability Test Document Version 1.0.

Environment

https://demo.opencti.io/dashboard/observations/indicators?

Reproducible Steps

  1. Create an Indicator with just a pattern and a pattern_type on https://demo.opencti.io/dashboard/observations/indicators?

Expected Output

Indicator is created.

Actual Output

Error "This field is required" for the name field.

Additional information

name field is optional for the Indicator SDO.

3.1.4.1 Add Context to Indicator

{
    "type": "identity",
    "id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
    "spec_version": "2.1",
    "identity_class": "organization",
    "name": "ACME Corp, Inc.",
    "created": "2018-01-17T11:11:13.000Z",
    "modified": "2018-01-17T11:11:13.000Z",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff"
},
{
    "type": "indicator",
    "spec_version": "2.1",
    "id": "indicator--0c7e22ad-b099-4dc3-b0df-2ea3f49ae2e6",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
    "created": "2019-05-12T08:17:27.000Z",
    "modified": "2019-05-12T08:17:27.000Z",
    "indicator_types": ["malicious-activity"],
    "pattern": "[url:value = 'http://badsite.com/foo' OR url:value = 'http://badsite.com/bar']"
    "pattern_type": "stix",
    "valid_from": "2019-01-01T00:00:00Z"
},
{
    "type": "attack-pattern",
    "spec_version": "2.1",
    "id": "attack-pattern--7e33a43e-e34b-40ec-89da-36c9bb2cacd5",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
    "created": "2019-05-12T08:17:27.000Z",
    "modified": "2019-05-12T08:17:27.000Z",
    "name": "Spear Phishing as Practiced by Adversary X",
    "description": "Spear phishing where the attacker includes personal details in the email and claims that the target had won a contest.",
    "external_references": [
        {
            "source_name": "capec",
            "external_id": "CAPEC-163"
        }
    ]
},
{
    "type": "relationship",
    "spec_version": "2.1",
    "id": "relationship--57b56a43-b8b0-4cba-9deb-34e3e1faed9e",
    "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
    "created": "2019-05-12T08:17:27.000Z",
    "modified": "2019-05-12T08:17:27.000Z",
    "relationship_type": "indicates",
    "source_ref": "indicator--0c7e22ad-b099-4dc3-b0df-2ea3f49ae2e6",
    "target_ref": "attack-pattern--7e33a43e-e34b-40ec-89da-36c9bb2cacd5"
}

It's not possible to validate this test case as no description is provided in the attack pattern SDO.
@SamuelHassine SamuelHassine added this to the Release 5.2.0 milestone Feb 25, 2022
@SamuelHassine SamuelHassine added the feature use for describing a new feature to develop label Feb 25, 2022
@SamuelHassine SamuelHassine self-assigned this Feb 25, 2022
@SamuelHassine
Copy link
Member

Automatically generate the name if not given from the indicator pattern.

@SamuelHassine SamuelHassine modified the milestones: Release 5.6.0, Release 5.10.0 Oct 2, 2022
@SamuelHassine SamuelHassine removed their assignment Feb 10, 2023
@Jipegien Jipegien modified the milestones: Release 5.13.0, Long-term candidates Jul 27, 2023
@SamuelHassine
Copy link
Member

Fixed this as name is automatically set to pattern if not provided.

@SamuelHassine SamuelHassine removed this from the Long-term candidates milestone Oct 28, 2023
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Oct 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@2xyo @SamuelHassine @Jipegien