Comments (3)
SamuelHassine
commented on July 22, 2024
1
Hello @Fred-certeu,
As wrote here: https://opencti-platform.github.io/docs/usage/knowledge-import, if you want the observables to be associated to a report, you have to create the report and import the file directly from it. Using the "general upload" will conduct to create atomic entities. If it is a STIX2 containing a report, that's not a problem, it if is a PDF (or a CSV in the future), the best is to create the report, upload the file in this report and start the import from it.
from connectors.
Fred-certeu
commented on July 22, 2024
Indeed, it is much better like this ;)
Thank you for the clarification.
One remark however:
The observables are attached to the report.
But no indicator is created for them.
So, when the user attached some knowledge to the report (e.g. an intrusion set or a malware), it is not possible - apparently - to record that these observables "indicate" an intrusion set or a malware...
from connectors.
SamuelHassine
commented on July 22, 2024
If you want to create indicators from the observables with this connector, as you can see in the default configuration file, you just have to set create_indicator to True.
from connectors.
Related Issues (20)
- Export PDF of Cases when it has tasks HOT 3
- TheHive connector does not work HOT 3
- Enhanced pdfs generated by the import-external-reference enrichment connector
- [YARA] Error in message processing HOT 4
- MISP_FEED_CONNECTOR_Failure HOT 1
- [URLHAUS RECENT PAYLOADS] Rework urlhaus-recent-payloads connector
- [external-import][crtsh] duplicates imports HOT 3
- RabbitMQ Connection fails when trying local developped connector HOT 11
- Enhanced pdfs generated by the import-external-reference enrichment connector again
- Error creating an observable with SHA256 hash (instead of SHA-256) from specific connectors
- Virustotal Connector Error HOT 7
- [Sentinel] Stream Connector is giving me an error
- Error handling in main.py abuseipdb-connector is bad
- [Sentinel] Sentinel Connector having issues with connecting to OpenCTI GraphQL HOT 3
- Some enrichment connectors are not working if labels creation is forbidden
- CSV export is broken in some cases (filters) HOT 1
- OpenCTI's documentation on notion not accessible HOT 1
- [harfanglab] Error while processing data: list index out of range
- [Elastic] Upgrade Sightings for Elastic connector
- URLSCAN url enrichment HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connectors.