Closed FIying-Scotsman closed 5 months ago
I can't reproduce the issue.
@FIying-Scotsman I noticed that you sent us only 2 out of the 3 PDF, the last one is actually a URL that I converted into a PDF and imported. Doing this, I was able to delete the 2 observables in their workbench without any error.
Do you have any other information that could help us reproduce ?
I can't reproduce the issue.
@FIying-Scotsman I noticed that you sent us only 2 out of the 3 PDF, the last one is actually a URL that I converted into a PDF and imported. Doing this, I was able to delete the 2 observables in their workbench without any error.
Do you have any other information that could help us reproduce ?
Apologies - the last URL was saved as a PDF and imported like the rest.
I made a new profile for the malware with near identical fields (description, and re-imported the same PDFs and for some reason it's no longer crashing the platform.
I then went back to the original profile and removed the single "Kill chain phase" associated and it's no longer crashing (this was the only field missing on the 2nd profile). Trying to view Attack Patterns now causes the platform to fail to load data so I believe the Kill chain Phase was the issue.
Quick testing shows all kill chain phases appear to crash the platform like before (DISARM, Mitre ATT&CK and Mitre-ics-att&ck). I've also found Attack Patterns and other pages which use ATT&CK (like tactic view on reports) fail to load on profiles and could be related.
I can't reproduce either, it works well on our demo environment
Since we can't reproduce, I'm closing the ticket, do not hesitate to reopen it if you have new information
Description
After importing 3 PDFs under a malware profile, viewing the Overview tab under Knowledge shows a "An unknown error occurred. Please contact your administrator or the OpenCTI maintainers." error after a couple of seconds.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
Knowledge page shouldn't cause the platform to crash and spam the container log file with the below log.
Actual Output
Knowledge overview page crashes the platform. All other tabs load fine - just the timeline section causes the crash.
Additional information
Sanitised log which is repeated over and over:-