Skip to content

Error when merging imported entities #6559

New issue
New issue
Closed
#6683
Closed
Error when merging imported entities#6559
#6683

Description

@yassine-ouaamou

yassine-ouaamou
openedon Apr 3, 2024

Description

When importing a bundle with an intrusion set having an alias which is similar to an existing one. The name of imported Intrusion Set is ignored (instead of being merged and used as an alias) and the id is also lost (instead of being added to STIX IDs)

Environment

Testing

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create an intrusion set called "ccccccccccccccc"
  2. Import the following bundle using the API (import_bundle_from_file). For this, I used the following script: https://github.com/OpenCTI-Platform/client-python/blob/master/examples/import_stix2_file.py

json-import.json

Expected Output

Intrusion Set names, aliases and IDs should be merged.

Actual Output

The name of imported Intrusion Set is ignored (instead of being merged and used as an alias) and the id is also lost (instead of being added to STIX IDs).
MISSING_REFERENCE_ERROR because the bundle contains a relationship between the concerned IS and a malware and the STIX is not recognized (because it was not merged)

Additional information

Screenshots (optional)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

buguse for describing something not working as expectedsolveduse to identify issue that has been solved (must be linked to the solving PR)upsert & deduplicationLinked to system aiming to keep most qualified data

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions