Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FLASHPOINT] Deprecate malware and APT mport options #2874

Merged
merged 7 commits into from
Nov 13, 2024
Merged

[FLASHPOINT] Deprecate malware and APT mport options #2874

merged 7 commits into from
Nov 13, 2024

Conversation

flavienSindou
Copy link
Contributor

Proposed changes

Flashpoint has deprecated its fp.tools API, resulting in the documents/malware/wiki and documents/apt/wiki endpoints no longer returning data. In response, we are deprecating these options, cleaning up unused code, and updating the documentation accordingly.

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality using different use cases
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

This deprecation will not be applied on previous image version : Users of previous versions will not be alerted of this deprecation.

@flavienSindou flavienSindou self-assigned this Oct 30, 2024
@flavienSindou flavienSindou linked an issue Oct 30, 2024 that may be closed by this pull request
[Flashpoint] Errors while adding the connector #2803
Closed
@flavienSindou flavienSindou changed the title [FLASHPOINT] Deprecate malware and APT retrieval options [FLASHPOINT] Deprecate malware and APT mport options Oct 30, 2024
@flavienSindou flavienSindou added the do not merge Do not merge this PR until this tag will be removed label Oct 30, 2024
@flavienSindou flavienSindou added the filigran team use to identify PR from the Filigran team label Oct 31, 2024
@helene-nguyen
Copy link
Member

@romain-filigran @Jipegien @SamuelHassine it may be a breaking change as we doesn't import malware and APT anymore, what do you think?

@SamuelHassine
Copy link
Member

I'm ok with this, this is a native limitation of the new Flashpoint API right?

@helene-nguyen
Copy link
Member

@SamuelHassine
Yes, those endpoints will no longer be exposed. Any attempts to activate these options will result in a 500 error status.

@Powlinett Powlinett mentioned this pull request Nov 6, 2024
Merged
4 tasks
Powlinett
Powlinett approved these changes Nov 6, 2024
View reviewed changes
Copy link
Member

@Powlinett Powlinett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested for antoher issue, works as intended 👍
Thanks for the README + DeprecationWarning example!

Megafredo
Megafredo reviewed Nov 7, 2024
View reviewed changes
external-import/flashpoint/src/flashpoint.py Outdated Show resolved Hide resolved
external-import/flashpoint/src/flashpoint.py
stacklevel=2,
)
self.helper.connector_logger.warning(msg) # warns connector user
self.helper.api.work.to_processed(work_id, msg) # warns OpenCTI user
Copy link
Member

@Megafredo Megafredo Nov 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you use to_processed() to close the job, it will appear as ‘complete’ on the frontend (for _import_apt and _import_malware). However, other imports such as import_report or import_community based on the same work_id will still be in progress. This can give the impression of a ‘completed’ job when the import is still running in the background. Otherwise the very cool warning (DeprecationWarning) !

external-import/flashpoint/src/flashpoint.py Outdated Show resolved Hide resolved
flavienSindou and others added 2 commits November 8, 2024 09:22
@flavienSindou @Megafredo
Update external-import/flashpoint/src/flashpoint.py
e1cf344 
Co-authored-by: Frédéric BASLER <14902945+Megafredo@users.noreply.github.com>
@flavienSindou @Megafredo
Update external-import/flashpoint/src/flashpoint.py
031e31b 
Co-authored-by: Frédéric BASLER <14902945+Megafredo@users.noreply.github.com>
@flavienSindou flavienSindou merged commit ecf50c5 into master Nov 13, 2024
3 checks passed
@flavienSindou flavienSindou deleted the issue/2803-flashpoint branch November 13, 2024 11:51
@helene-nguyen helene-nguyen removed the do not merge Do not merge this PR until this tag will be removed label Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Megafredo Megafredo Megafredo left review comments

@Powlinett Powlinett Powlinett approved these changes

@SamuelHassine SamuelHassine Awaiting requested review from SamuelHassine

@romain-filigran romain-filigran Awaiting requested review from romain-filigran

@helene-nguyen helene-nguyen Awaiting requested review from helene-nguyen

Assignees

@flavienSindou flavienSindou

Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Flashpoint] Errors while adding the connector
5 participants
@flavienSindou @helene-nguyen @SamuelHassine @Megafredo @Powlinett