Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Network Traffic Object][Missing STIX field][Frontend] #6281

Closed
R3dHash opened this issue Mar 6, 2024 · 7 comments · Fixed by #7133
Closed

[Network Traffic Object][Missing STIX field][Frontend] #6281

R3dHash opened this issue Mar 6, 2024 · 7 comments · Fixed by #7133
Assignees
@lndrtrbn
Labels
bug use for describing something not working as expected datamodel Linked to any change in the data model solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.1.9

Comments

@R3dHash
Copy link

R3dHash commented Mar 6, 2024
edited
Loading

Description

I'd like to ingest a CSV feed into opencti where dest_IP,dst_port is provided as input for detection purposes. The best suited entity type seem to be Traffic Network Object. However, two fields are missing in the frontend, which hinders to use this type of entity. As such, we loose the information of the port number as we are coerced to use IP entities.

Environment

  1. OS (where OpenCTI server runs): Ubuntu 16.4
  2. OpenCTI version: OpenCTI 6.0.4
image image

ref: https://docs.oasis-open.org/cti/stix/v2.0/cs01/part4-cyber-observable-objects/stix-v2.0-cs01-part4-cyber-observable-objects.html#_Toc496716259
@R3dHash R3dHash added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Mar 6, 2024
@jborozco jborozco added feature use for describing a new feature to develop and removed bug use for describing something not working as expected labels Mar 7, 2024
@jborozco jborozco added this to the Short-term candidates milestone Mar 7, 2024
@jborozco
Copy link
Member

jborozco commented Mar 7, 2024

Related to #6270

@R3dHash thanks for the info, fyi improving the CSV mapping capacity is one of short term goals.

@R3dHash
Copy link
Author

R3dHash commented Mar 7, 2024

Thanks for the reply. Actually it goes beyond the CSV mapping as it's missing from the frontend also if you want to add an observable of type 'network traffic'.
Best,

@Jipegien
Copy link
Member

Also linked to this: #5293

@jborozco
Copy link
Member

Hi @R3dHash, we digged a little bit this issue, src_ref and dst_ref are nested objects, you can manually create them in the interface via the knowledge panel.
image

That being said...

  1. the CSV mapper is indeed not working, step to reproduce:
  • Go to the CSV mappers page
  • Create an entity "IPv6 address"
  • Create an entity "Network traffic"
  • When trying to map "src and "dst" we should be able to select the IPv6 address object instead of "no options"

Capture d'écran 2024-03-14 112831

  1. It is not possible to setup src_ref and dst_ref during manual Traffic Network Object creation.

I'm putting back this ticket in bug.

@jborozco jborozco added bug use for describing something not working as expected and removed feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team labels Mar 14, 2024
@SamuelHassine SamuelHassine modified the milestones: Short-term candidates, Release 6.0.9 Mar 22, 2024
@lndrtrbn
Copy link
Member

@jborozco reading the several messages of this issue, it appears unclear to me what has to be done here to close it. What is the scope / expected fix ?

@SamuelHassine SamuelHassine modified the milestones: Release 6.0.9, Release 6.0.10, Release 6.1.0 Apr 3, 2024
@Kedae Kedae added the needs more info Intel needed about the use case label Apr 17, 2024
@Jipegien
Copy link
Member

@lndrtrbn In the fields src and dst of a Network traffic representation, ability to fill already created representation of ipv4, ipv6, mac address, domain name to create the ref between the 2.

@nino-filigran
Copy link

Removing the need for info as the bug seems clear so as the fix.

@nino-filigran nino-filigran removed the needs more info Intel needed about the use case label Apr 18, 2024
@lndrtrbn lndrtrbn self-assigned this Apr 23, 2024
@Kedae Kedae modified the milestones: Bugs backlog, Release 6.2.0 May 20, 2024
@lndrtrbn lndrtrbn linked a pull request May 27, 2024 that will close this issue
[backend/frontend] API types ref mapping completed (#6281) #7133
Merged
5 tasks
@lndrtrbn lndrtrbn mentioned this issue May 31, 2024
Merged
5 tasks
lndrtrbn added a commit that referenced this issue Jun 3, 2024
@lndrtrbn
[backend/frontend] API types ref mapping completed (#6281)
17f3108
@lndrtrbn lndrtrbn added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jun 3, 2024
@Jipegien Jipegien modified the milestones: Release 6.2.0, Release 6.1.9 Jun 3, 2024
daimyo007 pushed a commit to fbicyber/opencti__opencti that referenced this issue Jun 4, 2024
@lndrtrbn @daimyo007
[backend/frontend] API types ref mapping completed (OpenCTI-Platform#…
4d29ffe 
…6281)
Goumies pushed a commit that referenced this issue Jun 25, 2024
@lndrtrbn @Goumies
[backend/frontend] API types ref mapping completed (#6281)
bcc3dc1
@Jipegien Jipegien added the datamodel Linked to any change in the data model label Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lndrtrbn lndrtrbn

Labels
bug use for describing something not working as expected datamodel Linked to any change in the data model solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.1.9
Development

Successfully merging a pull request may close this issue.

[backend/frontend] API types ref mapping completed (#6281) OpenCTI-Platform/opencti
7 participants
@SamuelHassine @lndrtrbn @jborozco @Kedae @R3dHash @Jipegien @nino-filigran