Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Having Network Traffic observable with a dst ref makes the observable listing crash #6070

Closed
labo-flg opened this issue Feb 21, 2024 · 3 comments · Fixed by #6073
Closed

Having Network Traffic observable with a dst ref makes the observable listing crash #6070

labo-flg opened this issue Feb 21, 2024 · 3 comments · Fixed by #6073
Assignees
@SouadHadjiat
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.0

Comments

@labo-flg
Copy link
Member

labo-flg commented Feb 21, 2024
edited by SouadHadjiat
Loading

Description

Discovered while working on #6056
If a Network Traffic observable has a dst ref set, the pagination request in the observable list crashes.
=> Update : the bug happens is a network traffic has "dst_port" and we try to sort the observable list by "representative".

Environment

latest 5.12

Reproducible Steps

  1. create a network traffic observable
  2. from its knowledge tab, add a dst ref
  3. go to observables list and sort by observable value (dashboard/observations/observables?sortBy=observable_value&orderAsc=true)

Expected Output

no crash :)

Actual Output

crash :(
@labo-flg labo-flg added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Feb 21, 2024
@labo-flg
Copy link
Member Author

cc @SouadHadjiat I think you already made the root cause analysis for this one

@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Feb 22, 2024
@labo-flg
Copy link
Member Author

labo-flg commented Feb 22, 2024
edited
Loading

"failures":[{"index":"opencti_stix_cyber_observables-000001","node":"Ze8cuEaJT9Gd0Z1ilSybPA","reason":{"caused_by":{"reason":"No field found for [dst_port.keyword] in mapping","type":"illegal_argument_exception"}

dst_port is a numeric, so using keyword is an error I guess

@SamuelHassine SamuelHassine added this to the Release 6.0.0 milestone Feb 22, 2024
SouadHadjiat added a commit that referenced this issue Feb 22, 2024
@SouadHadjiat
[backend] Fix observables query for network traffic with dst_port (#6070
98b370e 
)
@SouadHadjiat SouadHadjiat mentioned this issue Feb 22, 2024
Merged
5 tasks
@SouadHadjiat SouadHadjiat linked a pull request Feb 22, 2024 that will close this issue
[backend] Fix observables query for network traffic with dst_port (#6070) #6073
Merged
5 tasks
@labo-flg labo-flg mentioned this issue Feb 23, 2024
Merged
5 tasks
SouadHadjiat added a commit that referenced this issue Feb 23, 2024
@SouadHadjiat
[backend] Fix observables query for network traffic with dst_port (#6070
42f9445 
)
@SouadHadjiat
Copy link
Member

Actually the bug happens only when we sort on "representative" and if we have at least one network traffic with "dst_port", it doesn't have any link to dst_ref

SouadHadjiat added a commit that referenced this issue Feb 23, 2024
@SouadHadjiat
[backend] Fix observables query for network traffic with dst_port (#6070
926e38e 
)
richard-julien pushed a commit that referenced this issue Feb 24, 2024
@SouadHadjiat
[backend] Improve observable runtime mapping to handle fields with no…
41650b9 
… keyword (#6070)
@richard-julien richard-julien added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 24, 2024
Archidoit pushed a commit that referenced this issue Jun 6, 2024
@SouadHadjiat @Archidoit
[backend] Improve observable runtime mapping to handle fields with no…
86e4288 
… keyword (#6070)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SouadHadjiat SouadHadjiat

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.0
Development

Successfully merging a pull request may close this issue.

[backend] Fix observables query for network traffic with dst_port (#6070) OpenCTI-Platform/opencti
5 participants
@richard-julien @SouadHadjiat @SamuelHassine @labo-flg @nino-filigran