Report->Knowledge->Correlation view missing data and inconsistent

## Description

Using the "Correlation View" in the Knowledge Graphs (I tried Analysis Reports, not sure if this problem is across all data types with these graphs), multiple reports I have that show "Correlated reports" in the Overview no longer render these correlations in the Knowledge->Correlation View visualization. Not sure why, but it appears some data is missing from the data selection. I did find one report that does show *a single correlating observable* with two reports, but Overview for that one lists multiple correlations. Additionally, when viewing the correlated report shown in that graph, its knowledge->correlation graph is empty.

## Environment

1. OS (where OpenCTI server runs): Linux w/ Docker
2. OpenCTI version: 5.12.31
3. OpenCTI client: Frontend
4. Other environment details: Docker-compose - https://github.com/ckane/opencti-docker/tree/tf-main

## Reproducible Steps

Look at overview in analysis reports, find one with correlated reports, view knowledge->correlation, see no graph linking the correlations

## Expected Output

Display of graph linking correlations as shown on Overview page

## Actual Output

Nothing, or very sparse information. Inconsistency between reports where one shows a rendered correlation, but visiting its correlating report shows an empty graph.

Verified that the normal "Graph view" does render entities

## Screenshots (optional)

**Example 1:**
One report with two correlations listed:
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/82185109-aa84-4fa0-8588-9cdc7717bb32)

Looking at its Knowledge->Correlation view - nothing:
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/0baaff23-129c-48c7-a791-f81e5ee9ec65)


**Example 2**:
Shows 2 correlations, but nothing in the Knowledge->Correlation view:
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/0e64a254-33e5-4a0b-bea2-638736524766)
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/2d37926f-384d-41df-a546-c250c64b1810)

If I click on the report above from **AhnLab**, I also see correlations, one of which is the report from the above screenshot:
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/60f2b57a-d646-423f-973e-dbcba787b35f)

Looking at the AhnLab report's correlation view, you can see that the CUDESO report (*Zip uploaded...*) is rendered, but none of the DIGITALSIDE.IT malware report links are rendered in this chart:
![image](https://github.com/OpenCTI-Platform/opencti/assets/3454769/ae4b14ca-83e5-4730-89c5-c25824d6f0f7)

So, the behavior appears to be missing data, but also seems to inconsistently be working (because it shows one other correlation from one report, but none when viewing from the same correlated report that is displayed here).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Report->Knowledge->Correlation view missing data and inconsistent #5996

ckane
openedon Feb 15, 2024

Description

Environment

Reproducible Steps

Expected Output

Actual Output

Screenshots (optional)

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Report->Knowledge->Correlation view missing data and inconsistent #5996

Description

ckaneopenedon Feb 15, 2024

Description

Environment

Reproducible Steps

Expected Output

Actual Output

Screenshots (optional)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

ckane
openedon Feb 15, 2024