The format of the attack-pattern tags has changed. Before it was the MITRE ID (e.g. T1204.002), and now it is the MITRE ID and the name (e.g. T1204.002 - Malicious File).
The pycti query to retrieve attack-pattern on opencti does not work anymore and always return an empty list.
Environment
OS (where OpenCTI server runs): Ubuntu 22.04
OpenCTI version: OpenCTI 6.2.15
OpenCTI client: python
Other environment details:
Reproducible Steps
Steps to create the smallest reproducible scenario:
Import RiskIQ recent article with attack-pattern tag
Open the imported report in OpenCTI, check the related attack-pattern
The attack-pattern is not linked to the report
Expected Output
The attack-pattern which corresponds to the tag should be linked to the report.
Actual Output
The attack-pattern which corresponds to the tag is not linked to the report.
Additional information
Screenshots (optional)
A RiskIQ report with attack-pattern tags but no linked attack-pattern entities.
Description
The format of the attack-pattern tags has changed. Before it was the MITRE ID (e.g. T1204.002), and now it is the MITRE ID and the name (e.g. T1204.002 - Malicious File). The pycti query to retrieve attack-pattern on opencti does not work anymore and always return an empty list.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
The attack-pattern which corresponds to the tag should be linked to the report.
Actual Output
The attack-pattern which corresponds to the tag is not linked to the report.
Additional information
Screenshots (optional)
A RiskIQ report with attack-pattern tags but no linked attack-pattern entities.