Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TTPs export from knowledge tab does not work as expected #6824

Open
Lhorus6 opened this issue Apr 26, 2024 · 5 comments
Open

TTPs export from knowledge tab does not work as expected #6824

Lhorus6 opened this issue Apr 26, 2024 · 5 comments
Assignees
@ValentinBouzinFiligran
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@Lhorus6
Copy link

Lhorus6 commented Apr 26, 2024

Description

When we export TTPs from a knowledge tab, we notice that we are exporting relationships. we would expect to export the list of TTPs linked to the intrusion set (so entities, not relations).

Screenshot 2024-04-26 121654

Moreover, given the time it takes to export (it never ends), I wonder which list of relations we're actually exporting. All the platform's relationships?

Environment

OCTI 6.0.10

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Go on an Intrusion set (that have TTPs related)
  2. Go on knowledge tab then Attack pattern
  3. Export

Screenshot 2024-04-26 120600

Expected Output

Export list of linked TTPs

Actual Output

I don't know
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Apr 26, 2024
@SamuelHassine SamuelHassine added this to the Release 6.0.11 milestone Apr 26, 2024
@nino-filigran
Copy link

I can reproduce. To be clear, the bug consists of 2 things:

  1. The JSON export takes ages, to the point that we can consider it non-functional.
  2. When trying a JSON export of malware, the file is called "date.xxxZ_Marking_(typeOfEpxort)stix_Core_Objects_full " and not date.xxxZ_Marking(typeOfEpxort)_stix_Core_Relationship_full

@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Apr 29, 2024
@nino-filigran
Copy link

If I go into a malware view, and click export:

  • if you're on a "entity list view", you would export the list of malware (at least it's my assumption since the file is called date.xxxZ_Marking_(typeOfEpxort)stix_Core_Objects_full)
  • if you're on a "relation view" you would export the list of malware linked to the intrusion set (at least it's my assumption since the file is called date.xxxZ_Marking(typeOfEpxort)_stix_Core_Relationship_full)

As a result, in the panel Attack Pattern, I would expect that:

  • you export the list of attack patterns linked to the intrusion set (entities and not relations).

@Lhorus6
Copy link
Author

Lhorus6 commented May 3, 2024

"you export the list of attack patterns linked to the intrusion set (entities and not relations)."
-> This is what I'm expecting yes

@SouadHadjiat SouadHadjiat self-assigned this May 13, 2024
@SouadHadjiat
Copy link
Member

SouadHadjiat commented May 13, 2024
edited

When trying to reproduce, I have now this error :

image

is it another issue ?

Detailed error when running locally :
export-file-stix.py\", line 138, in _process_message\n list_params[\"orderBy\"],\nKeyError: 'orderBy'"}

@Lhorus6
Copy link
Author

Lhorus6 commented May 13, 2024

Hi @SouadHadjiat,
Indeed, I tried on demo and testing, and got the same error. It wasn't there before.

Closed
4 tasks
This was referenced May 14, 2024
Closed
Merged
ValentinBouzinFiligran added a commit that referenced this issue May 16, 2024
@ValentinBouzinFiligran
[frontend] new attack pattern export filter on stix core objects expo…
7aefada 
…rt query (#6824)
Open
5 tasks
ValentinBouzinFiligran added a commit that referenced this issue May 16, 2024
@ValentinBouzinFiligran
[frontend] useless import removed (#6824)
a072b05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ValentinBouzinFiligran ValentinBouzinFiligran

Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
5 participants
@SouadHadjiat @SamuelHassine @Lhorus6 @nino-filigran @ValentinBouzinFiligran