[backend] Fix upsert indicator score since decay (#2859)

opencti-platform/opencti-graphql/src/database/middleware.js

@@ -2379,6 +2379,10 @@ const upsertElement = async (context, user, element, type, basePatch, opts = {})
   if (type === ENTITY_TYPE_INDICATOR) {
     if (updatePatch.decay_applied_rule && updatePatch.decay_base_score === element.decay_base_score) {
       logApp.debug('UPSERT INDICATOR -- no decay reset because no score change', { element, basePatch });
+      updatePatch.x_opencti_score = element.x_opencti_score; // don't change the score
+      // don't reset valid_from & valid_until TODO how do we know if valid_from / valid_until changed ?
+      updatePatch.valid_from = element.valid_from;
+      updatePatch.valid_until = element.valid_until;
       // Do not compute decay again when base score does not change
       updatePatch.decay_base_score_date = element.decay_base_score_date;
       updatePatch.decay_applied_rule = element.decay_applied_rule;

opencti-platform/opencti-graphql/src/manager/indicatorDecayManager.ts

@@ -1,6 +1,6 @@
 import { type ManagerDefinition, registerManager } from './managerModule';
 import conf, { booleanConf, logApp } from '../config/conf';
-import { executionContext, SYSTEM_USER } from '../utils/access';
+import { DECAY_MANAGER_USER, executionContext } from '../utils/access';
 import { findIndicatorsForDecay, updateIndicatorDecayScore } from '../modules/indicator/indicator-domain';
 
 const INDICATOR_DECAY_MANAGER_ENABLED = booleanConf('indicator_decay_manager:enabled', true);
@@ -15,12 +15,12 @@ const BATCH_SIZE = conf.get('indicator_decay_manager:batch_size') || 10000;
  */
 export const indicatorDecayHandler = async () => {
   const context = executionContext('indicator_decay_manager');
-  const indicatorsToUpdate = await findIndicatorsForDecay(context, SYSTEM_USER, BATCH_SIZE);
+  const indicatorsToUpdate = await findIndicatorsForDecay(context, DECAY_MANAGER_USER, BATCH_SIZE);
   let errorCount = 0;
   for (let i = 0; i < indicatorsToUpdate.length; i += 1) {
     try {
       const indicator = indicatorsToUpdate[i];
-      await updateIndicatorDecayScore(context, SYSTEM_USER, indicator);
+      await updateIndicatorDecayScore(context, DECAY_MANAGER_USER, indicator);
     } catch (e) {
       logApp.warn(e, `[OPENCTI-MODULE] Error when processing decay for ${indicatorsToUpdate[i].id}, skipping.`);
       errorCount += 1;

opencti-platform/opencti-graphql/src/utils/access.ts

@@ -33,6 +33,7 @@ export const ROLE_ADMINISTRATOR = 'Administrator';
 const RETENTION_MANAGER_USER_UUID = '82ed2c6c-eb27-498e-b904-4f2abc04e05f';
 export const RULE_MANAGER_USER_UUID = 'f9d7b43f-b208-4c56-8637-375a1ce84943';
 export const AUTOMATION_MANAGER_USER_UUID = 'c49fe040-2dad-412d-af07-ce639204ad55';
+export const DECAY_MANAGER_USER_UUID = '7f176d74-9084-4d23-8138-22ac78549547';
 export const REDACTED_USER_UUID = '31afac4e-6b99-44a0-b91b-e04738d31461';
 
 export const MEMBER_ACCESS_ALL = 'ALL';
@@ -180,6 +181,37 @@ export const AUTOMATION_MANAGER_USER: AuthUser = {
   },
 };
 
+export const DECAY_MANAGER_USER: AuthUser = {
+  entity_type: 'User',
+  id: DECAY_MANAGER_USER_UUID,
+  internal_id: DECAY_MANAGER_USER_UUID,
+  individual_id: undefined,
+  name: 'DECAY MANAGER',
+  user_email: 'DECAY MANAGER',
+  inside_platform_organization: true,
+  origin: { user_id: DECAY_MANAGER_USER_UUID, socket: 'internal' },
+  roles: [ADMINISTRATOR_ROLE],
+  groups: [],
+  capabilities: [{ name: BYPASS }],
+  organizations: [],
+  allowed_organizations: [],
+  allowed_marking: [],
+  default_marking: [],
+  all_marking: [],
+  api_token: '',
+  account_lock_after_date: undefined,
+  account_status: ACCOUNT_STATUS_ACTIVE,
+  administrated_organizations: [],
+  effective_confidence_level: {
+    max_confidence: 100,
+    overrides: [],
+  },
+  user_confidence_level: {
+    max_confidence: 100,
+    overrides: [],
+  },
+};
+
 export const REDACTED_USER: AuthUser = {
   administrated_organizations: [],
   entity_type: 'User',
@@ -241,6 +273,7 @@ export const INTERNAL_USERS = {
   [RETENTION_MANAGER_USER.id]: RETENTION_MANAGER_USER,
   [RULE_MANAGER_USER.id]: RULE_MANAGER_USER,
   [AUTOMATION_MANAGER_USER.id]: AUTOMATION_MANAGER_USER,
+  [DECAY_MANAGER_USER.id]: DECAY_MANAGER_USER,
   [REDACTED_USER.id]: REDACTED_USER
 };