Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User unable to export filtered indicators #8407

Closed
EinatAR opened this issue Sep 18, 2024 · 6 comments · Fixed by #8441
Closed

User unable to export filtered indicators #8407

EinatAR opened this issue Sep 18, 2024 · 6 comments · Fixed by #8441
Assignees
@JeremyCloarec
Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.3.3

Comments

@EinatAR
Copy link

EinatAR commented Sep 18, 2024

Description

Issue might be related to this issue: #8405

This is how the bug originally reported, on a user with the capabilities to Generate Knowledge Export, unable to export in txt/plain or csv/txt and receives an error message.

Reproducible Steps

  1. Created a user with the capabilities to Generate Knowledge Export:

image

Screenshot 2024-09-18 at 16 55 51
  1. Go to Indicators,

Filter on "In regards of" -> Malware -> Lumma

Screenshot 2024-09-18 at 17 18 44

  1. Pick a few from the list and check the boxes

  2. Click Open Export Panel

  3. Click +

To generate the export in plain/txt:

image

Expected Output

Generate an export

Actual Output

Receiving an error :

image
@EinatAR EinatAR added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Sep 18, 2024
@nino-filigran
Copy link

nino-filigran commented Sep 18, 2024
edited
Loading

At first, I did not reproduced. But then after syncing with @EinatAR I reproduced. It's important to note that Allowed markings for the repro cases are TLP:AMBER, TLP:AMBER+STRICT, TLP:GREEN, TLP:CLEAR and Maximum Shareable marking TLP = no restriction
Import is only on TLP:clear entities (IOCs).

However, it's important to note that:

  • if my user has TLP:RED and:
    • max shareable marking = TLP: RED & I create an export of the file without specifying a marking, it works.
    • max shareable marking = TLP:RED & I create an export of the file with a specific TLP markingon the file, it works
    • max shareable marking = no restriction & I create an export of the file without specifying a marking, it works.
    • max shareable marking = no restriction & I create an export of the file with a specific TLP markingon the file, it works
  • If my user has all TLP except TLP RED and :
    • max shareable marking = TLP: AMBER & I create an export of the file without specifying a marking, it fails.
    • max shareable marking = TLP:AMBER & I create an export of the file with a specific TLP markingon the file, it fails
    • max shareable marking = no restriction & I create an export of the file without specifying a marking, it fails.
    • max shareable marking = no restriction & I create an export of the file with a specific TLP markingon the file, it fails

@nino-filigran nino-filigran added critical use to identify critical bug to fix ASAP and removed needs triage use to identify issue needing triage from Filigran Product team labels Sep 18, 2024
@nino-filigran nino-filigran added this to the Bugs backlog milestone Sep 18, 2024
@Kedae
Copy link
Member

Kedae commented Sep 19, 2024

image

@Kedae
Copy link
Member

Kedae commented Sep 19, 2024

We should also try to fix : the export button is available even if you do not have the capability

@JeremyCloarec JeremyCloarec self-assigned this Sep 19, 2024
@nino-filigran
Copy link

@JeremyCloarec Important to note that it seems to happen only on testing for me

@JeremyCloarec
Copy link
Contributor

The bug comes from the fact that the indicators have an Author that is not accessible by the user, and the connector trying to access the standard_id of the Author. The bug can be reproduced using this query with the user not having access to TLP:RED :
query indicator { indicators { edges{ node{ id entity_type name createdBy { id name standard_id } } } } }

I'm not entirely sure how to fix it for now though

@richard-julien
Copy link
Member

As the logic for now of the export do not use the stix generation from the API, i think we need to modify the export connector code to ignore the error when the creator is not accessible, and so export the indicator without his organization

@labo-flg labo-flg changed the title User unable to export filtered indicators (related to issue #8405) User unable to export filtered indicators Sep 20, 2024
@JeremyCloarec JeremyCloarec mentioned this issue Sep 20, 2024
Merged
5 tasks
@JeremyCloarec JeremyCloarec linked a pull request Sep 20, 2024 that will close this issue
[backend] change the way restricted entities are built (#8407) #8441
Merged
5 tasks
JeremyCloarec added a commit that referenced this issue Sep 23, 2024
@JeremyCloarec
[backend] change the way restricted entities are built (#8407)
e76980a
@JeremyCloarec JeremyCloarec added the solved use to identify issue that has been solved (must be linked to the solving PR) label Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JeremyCloarec JeremyCloarec

Labels
bug use for describing something not working as expected critical use to identify critical bug to fix ASAP solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.3.3
Development

Successfully merging a pull request may close this issue.

[backend] change the way restricted entities are built (#8407) OpenCTI-Platform/opencti
6 participants
@richard-julien @SamuelHassine @Kedae @nino-filigran @JeremyCloarec @EinatAR