Closed RyanOchieng closed 1 year ago
As reminder.
Connectors need to be adapted to cleanup this dates
Add missing cleanDate on different entitities
Hi @SamuelHassine and @richard-julien, thanks for correcting this issue. I have a question, should this also be changing the output of the file when it goes to a defined TAXII collection within OpenCTI? I have attached an image for reference
Yes @RyanOchieng, we need to also apply the filtering of empty dates to TAXII collections and streams.
Reopining the issue.
Description
Unable to remove first_seen and last_seen attributes from created events. When removed from the event in the UI, the event defaults to
1970-01-01T00:00:00.000Z
for first_seen and5138-11-16T09:46:40.000Z
for last_seenEnvironment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
When removing those attributes from the event in OpenCTI, I'd expect those attributes to not be present at all in the exported object
Actual Output
Exported STIX object
{"id":"incident--651309c2-2ddb-5fe6-93e7-1e015dcda3bb","spec_version":"2.1","type":"incident","extensions":{"extension-definition--ea279b3e-5c71-4632-ac08-831c66a786ba":{"extension_type":"new-sdo","id":"139d3bae-dfd2-4b1a-b40f-e269d7b1a0ca","type":"Incident","created_at":"2023-01-09T04:51:42.712Z","updated_at":"2023-01-09T04:57:39.786Z","is_inferred":false,"workflow_id":"a2e58e15-5099-497c-9472-2c445a5bc221"}},"created":"2023-01-09T04:51:42.712Z","modified":"2023-01-09T04:57:39.786Z","revoked":false,"confidence":75,"lang":"en","name":"Test Jan 2023","description":"1.2.3.4","first_seen":"1970-01-01T00:00:00.000Z","last_seen":"5138-11-16T09:46:40.000Z"}
When exporting the event as a STIX 2.1 object, the following error occurs when attempting to validate whether the object is a valid STIX2.1 Incident object.
stix2.exceptions.ExtraPropertiesError: Unexpected properties for Incident: (first_seen, last_seen)
Additional information
Screenshots (optional)