New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sample ref not created when importing a bundle STIX #6275
Comments
@explorecti could you provide us this STIX Bundle so we can try to reproduce the issue ? |
Do to the nature of the STIX data that request is not possible. Please advise further steps if you cannot reproduce the issue, thank you. |
We created a STIX Bundle to reproduce the issue here: |
Perfect @jborozco thank you for taking the time to troubleshoot this issue further. Will this be corrected for the platform 6.0.6 release? |
@explorecti from the file we created, It seems that you need a proper SRO in your bundle to create a relationship. sample_ref is an SDO attribute proper to malwares, but it is not enough to create a relationship in the platform. |
@jborozco The "sample_ref": [ "file--9be6a529-5444-45e3-8f8c-dd173ca44be7" ] attribute was created and linked to "type": "malware" and "id": "malware--9gh7n530-5278-86e3-7g9b-gg375hj43be9". The issue still remains. |
Description
When a user manually ingests a STIX bundle containing a file SCO and a Malware SDO with a sample_refs property containing the STIX ID of the file SCO, a "sample" relationship is not created between the file SCO and Malware SDO.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
A "sample" relationship should be created between the file SCO and Malware SDO.
Actual Output
No relationship is created
Workaround
No work around.
The text was updated successfully, but these errors were encountered: