Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing Sharing Organization removes relationships #4087

Closed
ristowee opened this issue Aug 17, 2023 · 2 comments · Fixed by #4154
Closed

Removing Sharing Organization removes relationships #4087

ristowee opened this issue Aug 17, 2023 · 2 comments · Fixed by #4154
Assignees
@richard-julien
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 5.10.0

Comments

@ristowee
Copy link

Description

There's something weird going on when streaming data with a user that has an organization attached to it (let's say OrgX in this case) and there's data that has has been shared with OrgX.

A relationship link between two things disappears in a certain condition. It cannot be found with the internal / standard ids after it has disappeared.

Environment

  1. OS (where OpenCTI server runs): Debian 10 (docker)
  2. OpenCTI version: 5.9.6
  3. OpenCTI client: frontend
  4. Other environment details:

Reproducible Steps

  1. Create an organization OrgX
  2. Add a user with streaming capabilities and add it to OrgX
  3. Create an observable, indicator and a relation (easiest to add e.g. a domain-name and then enable "Create an indicator from this observable")
  4. Share all 3 to OrgX ("Share with an organization" button). You should see all 3 in the stream now.
  5. Remove sharing to OrgX from the indicator. After this point the relationship should still exist.
  6. Stream the data using the abovementioned user.
  7. After this the relationship has disappeared from the system

Expected Output

Removing the sharing should not delete the relationship between the two objects.

Actual Output

The relationship has been removed. It cannot be found in the system with the internal ID or standard ID.

Additional information

Streaming at step 6. as an admin or another user, which has not OrgX affiliations does not have the effect and the relationship remains.

I tried searching the history index for deletions but it shows just some old stuff.

Screenshots (optional)
@ristowee ristowee added the bug use for describing something not working as expected label Aug 17, 2023
@SouadHadjiat SouadHadjiat self-assigned this Aug 17, 2023
@ristowee
Copy link
Author

Some clarifications:
I tested streaming with a browser to see the results easier–there wasn't another instance reading the data.
The relationship data had disappeared from the ElasticSearch (made queries with the id / standard_id)

@ristowee
Copy link
Author

With the "stream" in meant a "synchronization stream".
I did a test by running a live stream started as admin and I can see no deletion there regarding the relationship when this thing happens. I was able to see the other steps there.

@SamuelHassine SamuelHassine added this to the Release 5.10.0 milestone Aug 21, 2023
richard-julien added a commit that referenced this issue Aug 23, 2023
@richard-julien
[backend/frontend] Improve relationship resolution and auto purge mec…
476071a 
…hanism (#4087)
richard-julien added a commit that referenced this issue Aug 24, 2023
@richard-julien
[backend/frontend] Work on caching (#4087)
2e2c7dc
@richard-julien richard-julien linked a pull request Aug 24, 2023 that will close this issue
[backend] Improve stix loader and stream relation resolution #4154
Merged
richard-julien added a commit that referenced this issue Aug 24, 2023
@richard-julien
[backend] Bring back auto cleanup (#4087)
d32f1cf
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Aug 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richard-julien richard-julien

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 5.10.0
Development

Successfully merging a pull request may close this issue.

[backend] Improve stix loader and stream relation resolution OpenCTI-Platform/opencti
4 participants
@richard-julien @SouadHadjiat @SamuelHassine @ristowee