Comments (3)
Hello @Fred-certeu,
As wrote here: https://opencti-platform.github.io/docs/usage/knowledge-import, if you want the observables to be associated to a report, you have to create the report and import the file directly from it. Using the "general upload" will conduct to create atomic entities. If it is a STIX2 containing a report, that's not a problem, it if is a PDF (or a CSV in the future), the best is to create the report, upload the file in this report and start the import from it.
from connectors.
Indeed, it is much better like this ;)
Thank you for the clarification.
One remark however:
The observables are attached to the report.
But no indicator is created for them.
So, when the user attached some knowledge to the report (e.g. an intrusion set or a malware), it is not possible - apparently - to record that these observables "indicate" an intrusion set or a malware...
from connectors.
If you want to create indicators from the observables with this connector, as you can see in the default configuration file, you just have to set create_indicator
to True
.
from connectors.
Related Issues (20)
- Issues Integrating OpenCTI with IBM QRadar for Threat Intelligence HOT 8
- [infoblox] Connector fails to start with 'datetime.datetime' has no attribute 'datetime'
- [mandiant] In some cases, relationships are not created in reports
- [infoblox] Processing fails with KeyError: 'notes'
- [Recorded Future Enrichment] Add score on Indicator
- Improve Ransomware Live connector
- [Recorded Future] Ability to activate/deactivate Reports ingestion in config file HOT 1
- [Cape Sandbox] Cape URL variable not being utilised HOT 2
- [Cape sandbox] Analysis failing due to incompatable attributes
- Speed up connector builds by caching container layers
- [Flashpoint] Alerts on communities are not ingested properly
- [Crowdstrike] Add scheduler to align with the new way to handle interval (opencti/issue/6325)
- [Mandiant] Add scheduler to align with the new way to handle interval (opencti/issue/6325)
- [Sekoia] Add scheduler to align with the new way to handle interval (opencti/issue/6325)
- [WIZ] Create the connector feature
- [AlienVault] Add scheduler to align with the new way to handle interval (opencti/issue/6325)
- [Mandiant] Connectors exceptions are not logged (only "Terminated")
- [splunk] Connection errors are not logged HOT 2
- [Recorded Future] Add scheduler to align with the new way to handle interval (opencti/issue/6325)
- [urlscan-enrichment] API key error lead to cryptic error messages
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connectors.