Open Lhorus6 opened 1 year ago
yassine-ouaamou
commented
1 year ago Hi Lucas! Did you put a hash or url before creating the artifact or did you just insert the associated file without any other information? Because it is mandatory to have at least one of them (md5, sha1, sha265 or url)
Lhorus6
commented
1 year ago Nothing, just the description and the file. Why is it mandatory ? Perhaps we can think about automatic completion of the hash fields by the platform (by calculating the hash of the file inserted) if it's really needed data for some reason I don't know
yassine-ouaamou
commented
1 year ago As of today, we have two distinct forms to create an artifact:
One from the Observables view which includes many fields (at least one of the hashes or the url are necessary to validate the form)
One from the Artifacts view which includes less fields and only one mandatory field (the file)
The one used in your use case (Incident Response -> Observable -> create Artifact) is the same as the first one.
So the goal is that all the forms should be similar to the second screenshot:
Seen with @Jipegien
When creating an artefact, an error appears telling me that a required element is missing.
Situation: I'm in the "Observables" tab of an Incident Response. To create an artefact, I use the "+" to add an Observable and then press the "+" to create one instead of adding an existing one. I choose 'artefact' and add my file using the 'Browse' button. I then try to create it and the error appears.
Here is the error retrieve in the Web Developer Tool > Network :
{ "errors": [ { "message": "Unsupported operation", "name": "UnsupportedError", "time_thrown": "2023-08-16T15:48:35.698Z", "data": { "reason": "Missing required elements for Artifact creation ( - )", "http_status": 500, "category": "business", "data": { "_index": "opencti_stix_cyber_observables", "x_opencti_score": 55, "x_opencti_description": "File found in a phishing email", "createdBy": { "_index": "opencti_stix_domain_objects-000002", "id": "28bc2038-e71d-42f8-9506-676427193203", "name": "[EMAIL_REDACTED]", "contact_information": "[EMAIL_REDACTED]", "identity_class": "individual", "entity_type": "Individual", "internal_id": "28bc2038-e71d-42f8-9506-676427193203", "standard_id": "identity--2d79087c-3660-5691-b2b2-bc21359fb425", "creator_id": [ "22f174c3-ea6a-4cb9-ae44-282ac4d33a7a" ], "x_opencti_stix_ids": [], "spec_version": "2.1", "created_at": "2023-07-13T08:50:16.318Z", "updated_at": "2023-07-13T08:50:16.318Z", "revoked": false, "confidence": 15, "lang": "en", "created": "2023-07-13T08:50:16.318Z", "modified": "2023-07-13T08:50:16.318Z", "i_aliases_ids": [ "aliases--a8b2bd43-34c1-5b01-a99b-4d7a8a7d737b" ], "base_type": "ENTITY", "parent_types": [ "Basic-Object", "Stix-Object", "Stix-Core-Object", "Stix-Domain-Object", "Identity" ], "i_group": { "id": "28bc2038-e71d-42f8-9506-676427193203", "destKey": "createdBy", "multiple": false } }, "objectMarking": [ { "_index": "opencti_stix_meta_objects-000001", "id": "464da390-bdf2-47cc-b190-378f7249ce41", "definition_type": "TLP", "definition": "TLP:AMBER", "x_opencti_color": "#d84315", "x_opencti_order": 3, "entity_type": "Marking-Definition", "internal_id": "464da390-bdf2-47cc-b190-378f7249ce41", "standard_id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "x_opencti_stix_ids": [], "spec_version": "2.1", "created_at": "2022-05-22T08:35:18.602Z", "updated_at": "2023-08-09T16:09:44.496Z", "created": "2022-05-22T08:35:18.602Z", "modified": "2023-08-09T16:09:44.496Z", "i_created_at_day": "2022-05-22", "i_created_at_month": "2022-05", "i_created_at_year": "2022", "base_type": "ENTITY", "parent_types": [ "Basic-Object", "Stix-Object", "Stix-Meta-Object" ], "rel_accesses-to.internal_id": [ "a8e5f48e-29bf-4c64-bc2b-d73c8e089a05", "822ecbae-3716-4888-abc1-e67e5bff8c8f", "f128bc79-76bf-4582-a5fe-e7414da479c5" ], "rel_has-reference.internal_id": [ "91a8198d-dbf2-456d-94a3-62f5aacd6b74" ], "creator_id": [ "48ac52d0-6541-4af8-ab9b-b1a6175fd3cb", "5f66a27c-5549-4cb6-a068-36444e780d77", "d49869a5-55f3-450b-ade2-996d036522a6" ], "rel_object.internal_id": [ "e36230ce-410e-418d-acda-2145086c00b2" ], "accesses-to": [ "a8e5f48e-29bf-4c64-bc2b-d73c8e089a05", "822ecbae-3716-4888-abc1-e67e5bff8c8f", "f128bc79-76bf-4582-a5fe-e7414da479c5" ], "has-reference": [ "91a8198d-dbf2-456d-94a3-62f5aacd6b74" ], "object": "e36230ce-410e-418d-acda-2145086c00b2", "i_group": { "id": "464da390-bdf2-47cc-b190-378f7249ce41", "destKey": "objectMarking", "multiple": true } } ], "objectLabel": [], "externalReferences": [], "mime_type": "", "payload_bin": "", "url": "", "encryption_algorithm": "", "decryption_key": "", "x_opencti_additional_names": null, "file": {}, "entity_type": "Artifact" }, "properties": [ [ { "src": "hashes" } ], [ { "src": "url" } ] ] } } ] }