Currently, the connector imports with empty old report indicators. These reports are imported when the connector looks to see if a report is attached to the indicator it's importing (here).
The problems with importing these reports are as follows:
These reports are old (they are several years old),
We won't retrieve anything other than the report name. We end up with a report with no description, no entities (except the indicator) and no link/file attached.
@helene-nguyen and I worked out how to retrieve the report with all the context, but it doesn't make sense. The preferred solution would be not to import these reports. Here's why:
As they stand, these empty reports are of no interest.
If an indicator is contained in a recent report, it will be imported by the part of the connector that imports all reports regularly.
If an indicator is contained in an old report that is several years old, this context is no longer of any interest. The indicator most likely has more to do with the campaign/threat indicated in these old reports. So there's no point in cluttering up the platform with this information.
Description
Currently, the connector imports with empty old report indicators. These reports are imported when the connector looks to see if a report is attached to the indicator it's importing (here). The problems with importing these reports are as follows:
@helene-nguyen and I worked out how to retrieve the report with all the context, but it doesn't make sense. The preferred solution would be not to import these reports. Here's why:
Proposed Solution
In terms of workload, this seems very limited. From what we've seen with @helene-nguyen, all we need to do is delete this loop and we're done : https://github.com/OpenCTI-Platform/connectors/blob/777e71a9b7a8271c5be55421cec96fdb04ff44a4/external-import/mandiant/src/connector/indicators.py#L163