-
Notifications
You must be signed in to change notification settings - Fork 806
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Playbook] Manipulating knowledge by replacing status does not work on all entities. #7114
Comments
Validated, the status of the relation does not get updated. Test automation: https://testing.octi.staging.filigran.io/dashboard/data/processing/automation/f24f9967-0bbc-421f-9e0d-98824f8af8a0 |
5 tasks
5 tasks
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Trying to automatically replace the status on an exploits relationship via Manipulate Knowledge does not work. The same behavior occurs on other entities such as request for takedown, for information, but works on others such as reports, incidents, Incident response, etc.
OK for:
Report
Malware Analysis
IR
Incident
Channel
Need to be fixed for:
relationship
grouping
note
case RFT
case RFI
feedback
observedData
campaign
tool
vulnerability
attackPattern
narrative
course of action
dataComponent
dataSource
Region
Area
Country
City
Position
Environment
OpenCTI 6.1.4
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
The status is automatically changed to the status defined in Manipulate Knowledge.
Actual Output
The status remains on the first step of the workflow and cannot be changed automatically.
Additional information
On entities such as relations, where this does not work for status, manipulate knowledge does manage to play on labels.
Screenshots (optional)
The text was updated successfully, but these errors were encountered: