Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infrastructure Breaking Investigations #6801

Open
explorecti opened this issue Apr 24, 2024 · 3 comments
Open

Infrastructure Breaking Investigations #6801

explorecti opened this issue Apr 24, 2024 · 3 comments
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@explorecti
Copy link

Description

When selecting infrastructure(add only) from a created or existing investigation all targets are shown/expanded.

Environment

  1. OS: Ubuntu
  2. OpenCTI version: 6.0.10
  3. OpenCTI client: Frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a new investigation
  2. Add entities and select TYPE: INFRASTRUCTURE
  3. Select and click to expand
  4. Under "All types of target" select Infrastructure
  5. click EXPAND
  6. Results show ALL

Expected Output

Should only return Infrastructure target

Actual Output

Returns all targets

Additional information

None

Screenshots (optional)

None
@explorecti explorecti added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Apr 24, 2024
@Jipegien
Copy link
Member

Can't reproduce it.
MalwareA targeting multiple entities. MalwareA targeting Infra1. Creating investigation that contains MalwareA. Expand -> Infrastructure. Only Infra1 appears.
image

Do you have any additional information about your situation?

@Jipegien Jipegien added needs more info Intel needed about the use case and removed needs triage use to identify issue needing triage from Filigran Product team labels Apr 25, 2024
@explorecti
Copy link
Author

@Jipegien Please select Type "Infrastructure" when adding entities then expand just the "All types of targets" and choose "Infrastructure", then it displays all targets. Don't use Malware as the example because that doesn't expose the issue.

@nino-filigran
Copy link

nino-filigran commented Apr 25, 2024
edited

@explorecti I confirm, I've been able to reproduce, by first adding the entity type = infra in the graph, then choosing to expand only infra, resulting in having not only infrastructures but all other linked entities added to my graph.

@nino-filigran nino-filigran removed the needs more info Intel needed about the use case label Apr 25, 2024
@SamuelHassine SamuelHassine added this to the Release 6.0.11 milestone Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
4 participants
@SamuelHassine @Jipegien @explorecti @nino-filigran