[Playbook] "Promote observable to indicator" component doesn't work

[Lhorus6]

Description

When I use the component "Promote observable to indicator", it creates only one indicator for one observable, and doesn't even generate the relationship between the two.

For example, if I have a report with 3 observables, my playbook will:

• Create an indicator for just one observable,
• Not create the "based on" relationship between my observable and the indicator it has just created.

Environment

OCTI 6.0.3

Reproducible Steps

You can find the playbook in the private demo instance. It is called "Issue/6266 DO NOT DELETE"

Steps to create the smallest reproducible scenario:

1. Create a playbook with

   • Listener on "update" event with filters: "entity type:Report AND assignee: [you]" (it will allow you to trigger the playbook when you want)
   • Apply predefined rule : resolve container ref
   • Promote observable to indicator (and turn on the toggle "Create indicator from all observables in the bundle")
   • Send for ingestion

2. Create a report with several observables that don't have indicator linked to them. Then assign you to the report to trigger the playbook.
   -> You will find only one indicator created and it is not even linked to the observable

Expected Output

Generation of one indicator per observable and a relation "based on" between each observable and its indicator.

Screenshots

My playbook

[SouadHadjiat]

@Lhorus6 the main issue (only one indicator created) should be fixed by this PR : #6271

The other issue about the relationship is due to a validation error, because "markings" have been set mandatory for relationships (https://demo.octi.filigran.io/dashboard/settings/customization/entity_types/stix-core-relationship), and since there is no marking on the relationship based on that we are trying to create, it throws an error :

{
  "timestamp": "2024-03-04T10:03:19.232940Z",
  "level": "ERROR",
  "name": "worker",
  "message": "{'name': 'VALIDATION_ERROR', 'message': 'Validation error'}",
  "exc_info": "Traceback (most recent call last):\n  File \"/opt/opencti-worker/worker.py\", line 268, in data_handler\n    self.api.stix2.import_bundle_from_json(\n  File \"/usr/local/lib/python3.12/site-packages/pycti/utils/opencti_stix2.py\", line 215, in import_bundle_from_json\n    return self.import_bundle(\n           ^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/pycti/utils/opencti_stix2.py\", line 2345, in import_bundle\n    self.import_relationship(item, update, types)\n  File \"/usr/local/lib/python3.12/site-packages/pycti/utils/opencti_stix2.py\", line 1211, in import_relationship\n    stix_relation_result = self.opencti.stix_core_relationship.import_from_stix2(\n                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/pycti/entities/opencti_stix_core_relationship.py\", line 1132, in import_from_stix2\n    return self.create(\n           ^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/pycti/entities/opencti_stix_core_relationship.py\", line 611, in create\n    result = self.opencti.query(\n             ^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/pycti/api/opencti_api_client.py\", line 351, in query\n    raise ValueError(\nValueError: {'name': 'VALIDATION_ERROR', 'message': 'Validation error'}",
  "taskName": null
}

[Lhorus6]

Great, thank you