search

MISP / MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform
https://www.misp-project.org/
GNU Affero General Public License v3.0
5.25k stars 1.38k forks source link

Bug: Galaxy items are duplicated in Event after using Entity Extraction featire on MISP Reports. #9648

Open packet-rat opened 5 months ago

packet-rat commented 5 months ago

Actual behavior

After applying Entity Extraction, MISP Galaxies are duplicated

Expected behavior

After applying Entity Extraction, only new Galaxy items would be added to the existing set.

Steps to reproduce

(1) Load Event Narrative as a MISP Report (2) Open MISP Report (3) Select [Menu/Extract entities/Automatic Extraction. (4) Select add tags (don't thinks this changes outcome in regards to issue, but see note) (5) View Event when completed. Several Galaxy items are duplicated. 2024-03-28_15-19-51

Version

2.4.183

Operating System

Ubuntu

Operating System version

20.0.4

PHP version

7.4.33

Browser

Any Browser

Browser version

No response

Relevant log output

No response

Extra attachments

No response

Code of Conduct

packet-rat commented 5 months ago

Presuming you have access to DHS HSIN Reports: IB-24-10032 PikaBot Malware Campaign Observed in the Financial Services Sector

Note that the Entity Extraction is pulling out and asserting the same Tags for TLP-Amber(one Green, one Amber). Results in error message re: TLP.

image