Observable Value gets cleared when changing its type (importing it from an analyser result)

[3isenHeiM]

Observable Value gets cleared when changing its type (importing it from an analyser result)

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu 18.04 LTS
OS version (client)	Windows
TheHive version / git hash	3.12
Package Type	VM running the Hive provided at the Hack.lu training

Problem Description

When importing an observable extracted by an analyser, it may happen that the type of observable is wrong. For example filename.zip being treated as a domain instead of a filename. But when correcting this in the "Create new observable(s)" windows (by changing the type in the "Type" dropdown menu), the content of the "Value" field gets cleared. Thus, it's not possible to change correct any mis-parsed obervable type.

Steps to Reproduce

1. Have a Cortex analyser with "Extract observables" turned on
2. Analyse an observable with this analyser
3. Show the extracted observables
4. Tick one to import
5. Change the type of data (if the analyser wrongly parses the data)
   The "Value" field will be deleted

Possible Solutions

When changing the type of an observable (extracted from an analyser result), keep the value field that is created by the analyser export. This is already done for the fields Descriptions and tags, which are kept even when changing the observable type.

Complementary information

This is done live from the MISP/TheHive hack.lu workshop. I'm discovering this tool and it's pretty awesome. Great job !