New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when merging imported entities #6559
Comments
Since I don't know how directly call the API, I've made a test using the workbench, and I have some similar issues: Additionally, this is what is found when uploading the file to the workbench:
I need help to reproduce @yassine-ouaamou |
Could not reproduce given I do not have a dev nor python client installed. |
If anyone wants to work on this and needs help reproducing, ping me please |
after setting the confidence to 100 in the bundle, the merge was done correctly and the relationships were created without error.
|
Ouput:
The question is:
|
@richard-julien given this is rather a technical question that could you have a look and let us what you think? |
stix_ids must be cumulated independently of the confidence level, there is clearly a problem here. Blind change proposal in upsertElement function
A specific backend test must also be added. |
@Kedae @richard-julien @marieflorescontact @nino-filigran: this is critical indeed.
|
The code has been changed last month with this commit @richard-julien 8733303#diff-ad0de0206f921a6f08856e3f7b7f4384921bbd62a64c290fb6b8610140784a64 and it was almost the same as your proposal. |
I've tested on my side and IDs seem to be cumulated properly: Creation
Result:
Second creation with a lower confidence level
Result:
So not really sure what we are talking about here. |
Also, I did the same queries but using |
Ok, after digging in a little more, I understand this is a edge case. Less critical than expected but still very important. |
More details about the issue @SamuelHassine :
We found the part of the code that needs to change, but this has been changed recently to avoid accumulating standard ids in |
@SouadHadjiat Let's discuss this tomorrow, we have to keep the behaviour as it is, we took a lot of time to made this change. But this is something else I think. |
Description
When importing a bundle with an intrusion set having an alias which is similar to an existing one. The name of imported Intrusion Set is ignored (instead of being merged and used as an alias) and the id is also lost (instead of being added to STIX IDs)
Environment
Testing
Reproducible Steps
Steps to create the smallest reproducible scenario:
json-import.json
Expected Output
Intrusion Set names, aliases and IDs should be merged.
Actual Output
The name of imported Intrusion Set is ignored (instead of being merged and used as an alias) and the id is also lost (instead of being added to STIX IDs).
MISSING_REFERENCE_ERROR because the bundle contains a relationship between the concerned IS and a malware and the STIX is not recognized (because it was not merged)
Additional information
Screenshots (optional)
The text was updated successfully, but these errors were encountered: