Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Marking of an observable imported into a Grouping via the datatab and importdoc connector will to reflect overall marking of the Grouping #3281

Open
nhuber0724 opened this issue Jan 15, 2025 · 1 comment
Open

Marking of an observable imported into a Grouping via the datatab and importdoc connector will to reflect overall marking of the Grouping #3281

nhuber0724 opened this issue Jan 15, 2025 · 1 comment
Labels
bug use for describing something not working as expected needs more info Intel needed about the use case

Comments

@nhuber0724
Copy link

Description

When importing an entity (e.g. observable) using the datatab of a Grouping, the observable's marking will change to reflect the overall marking of the Grouping, unless the observable has the same or more restrictive level marking than the Grouping.

Environment

OpenCTI v6.4.7

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Select a Grouping with an overall marking
  2. Go into the datatab of a grouping
  3. Import an observable (that has a less restrictive TLP marking than the overall Grouping Marking) that already exists within the platform using TXT.
  4. Import the observable using the importdoc connector
  5. Review the observable on the observable tab. The observable's marking will change to reflect the overall group marking

Expected Output

The observable marking should maintain its original marking and not take on the overall group marking.

Actual Output

The observable marking changes to reflect the overall group marking if the observable has a less restrictive TLP marking.

Additional information

Screenshots (optional)
@nhuber0724 nhuber0724 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 15, 2025
@nino-filigran
Copy link

@nhuber0724 could you provide me your file please so that I can reproduce?

@nino-filigran nino-filigran added needs more info Intel needed about the use case and removed needs triage use to identify issue needing triage from Filigran Product team labels Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected needs more info Intel needed about the use case
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nino-filigran @nhuber0724