Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infrastructure Breaking Investigations #6801

Closed
explorecti opened this issue Apr 24, 2024 · 6 comments
Closed

Infrastructure Breaking Investigations #6801

explorecti opened this issue Apr 24, 2024 · 6 comments
Assignees
@SarahBocognano
Labels
bug use for describing something not working as expected graph linked to graph display and manipulation solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.1.11

Comments

@explorecti
Copy link

Description

When selecting infrastructure(add only) from a created or existing investigation all targets are shown/expanded.

Environment

  1. OS: Ubuntu
  2. OpenCTI version: 6.0.10
  3. OpenCTI client: Frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a new investigation
  2. Add entities and select TYPE: INFRASTRUCTURE
  3. Select and click to expand
  4. Under "All types of target" select Infrastructure
  5. click EXPAND
  6. Results show ALL

Expected Output

Should only return Infrastructure target

Actual Output

Returns all targets

Additional information

None

Screenshots (optional)

None
@explorecti explorecti added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Apr 24, 2024
@Jipegien
Copy link
Member

Can't reproduce it.
MalwareA targeting multiple entities. MalwareA targeting Infra1. Creating investigation that contains MalwareA. Expand -> Infrastructure. Only Infra1 appears.
image

Do you have any additional information about your situation?

@Jipegien Jipegien added needs more info Intel needed about the use case and removed needs triage use to identify issue needing triage from Filigran Product team labels Apr 25, 2024
@explorecti
Copy link
Author

@Jipegien Please select Type "Infrastructure" when adding entities then expand just the "All types of targets" and choose "Infrastructure", then it displays all targets. Don't use Malware as the example because that doesn't expose the issue.

@nino-filigran
Copy link

nino-filigran commented Apr 25, 2024
edited
Loading

@explorecti I confirm, I've been able to reproduce, by first adding the entity type = infra in the graph, then choosing to expand only infra, resulting in having not only infrastructures but all other linked entities added to my graph.

@nino-filigran nino-filigran removed the needs more info Intel needed about the use case label Apr 25, 2024
@SamuelHassine SamuelHassine added this to the Release 6.0.11 milestone Apr 26, 2024
@SarahBocognano SarahBocognano self-assigned this May 21, 2024
@explorecti
Copy link
Author

Is there an update when this will be fixed?

@nino-filigran
Copy link

Hi @explorecti as you can see @SarahBocognano assigned herself on the ticket. Before, nobody did work on this. Therefore, this will be fixed soon. The ticket will be updated once done.

@SarahBocognano
Copy link
Member

Update: This issue is applicable to all entities, example :

  • I add a threat Actor in investigation
  • I select this threat actor
  • I select "Threat Actor" to expand only
    Result : Every other relationships of this entity if expanded too

@Kedae Kedae modified the milestones: Bugs backlog, Release 6.2.0 May 29, 2024
@SarahBocognano SarahBocognano mentioned this issue Jun 3, 2024
Closed
@SarahBocognano SarahBocognano mentioned this issue Jun 11, 2024
Merged
SarahBocognano added a commit that referenced this issue Jun 11, 2024
@SarahBocognano
[frontend] Fix Expand on Investigation (#6801)
3721de2
@SarahBocognano SarahBocognano added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jun 11, 2024
aHenryJard pushed a commit that referenced this issue Jun 12, 2024
@SarahBocognano @aHenryJard
[frontend] Fix Expand on Investigation (#6801)
f439e48
daimyo007 pushed a commit to fbicyber/opencti__opencti that referenced this issue Jun 24, 2024
@SarahBocognano @daimyo007
[frontend] Fix Expand on Investigation (OpenCTI-Platform#6801)
f354b01
Goumies pushed a commit that referenced this issue Jun 25, 2024
@SarahBocognano @Goumies
[frontend] Fix Expand on Investigation (#6801)
780b213
@Jipegien Jipegien added the graph linked to graph display and manipulation label Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SarahBocognano SarahBocognano

Labels
bug use for describing something not working as expected graph linked to graph display and manipulation solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.1.11
Development

No branches or pull requests
6 participants
@SamuelHassine @Kedae @SarahBocognano @Jipegien @explorecti @nino-filigran