Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Playbooks] Entities linked with inferred relationships missed by "resolve container references" rule #5991

Closed
Lhorus6 opened this issue Feb 15, 2024 · 1 comment
Closed

[Playbooks] Entities linked with inferred relationships missed by "resolve container references" rule #5991

Lhorus6 opened this issue Feb 15, 2024 · 1 comment
Assignees
@SamuelHassine
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.2

Comments

@Lhorus6
Copy link

Lhorus6 commented Feb 15, 2024

Description

When I want to retrieve the entities contained in a report using the component "Apply predefined rule : resolve container references", objects contained following the application of an inference rule (e.g. Indicators propagation in reports) are not retrieved.

My guess is that "Apply predefined rule : resolve container references" (and maybe "Apply predefined rule : resolve neighbors relation") doesn't take inferred relationships into account when solving linked objects.

Environment

OCTI 5.12.31
filigran prod instance

Reproducible Steps

The playbooks to create:

  1. Listener on modification event, with filters "entity:report + label:test"
  2. Apply predefined rule : resolve container references
  3. Log data in standard output

(nb: you can use the playbook "Bug retrieve inferred entities" on the filigran prod instance)

Steps to create the smallest reproducible scenario:

  1. Create the above playbook
  2. Find a report with entities contained thanks to inference rule (nb: you can use the report "Debug retrieve inferred entities" on the filigran prod instance) and add the label "test"
  3. Look inside the log of the playbook. You will not find the infered entities
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Feb 15, 2024
@Jipegien Jipegien removed the needs triage use to identify issue needing triage from Filigran Product team label Feb 16, 2024
@Kedae Kedae added this to the Release 6.0.1 milestone Feb 16, 2024
@Jipegien Jipegien modified the milestones: Release 6.0.1, Release 6.0.2 Feb 29, 2024
@SamuelHassine SamuelHassine self-assigned this Mar 1, 2024
@SamuelHassine
Copy link
Member

Option added:
image

SamuelHassine added a commit that referenced this issue Mar 1, 2024
@SamuelHassine
[backend] Add an option to include inferences in resolving (#5991)
04547bc
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Mar 1, 2024
SamuelHassine added a commit that referenced this issue Mar 1, 2024
@SamuelHassine
[backend] Add an option to include inferences in resolving (#5991)
997bfac
Goumies pushed a commit that referenced this issue Mar 13, 2024
@SamuelHassine @Goumies
[backend] Add an option to include inferences in resolving (#5991)
2e0d2ac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamuelHassine SamuelHassine

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.2
Development

No branches or pull requests
4 participants
@SamuelHassine @Kedae @Lhorus6 @Jipegien