search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.12k stars 907 forks source link

The [Entities - Individuals] information is not being deleted. #6871

Open misohouse opened 4 months ago

misohouse commented 4 months ago

OpenCTI version: 6.0.9

I have Individuals information that I don't remember how or when I created, and I'm trying to delete it, but I get an error and it won't delete. This is the screen for the [Entities - Individuals] menu. 44 11 1970/01/01 09:00AM ERR Cannot delete an individual corresponding to a user | category=APP errors=[{"attributes":{"genre":"BUSINESS","http_status":400},"message":"Cannot delete an individual corresponding to a user","name":"FUNCTIONAL_ERROR","stack":"FUNCTIONAL_ERROR: Cannot delete an individual corresponding to a user\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at FunctionalError (/opt/opencti/build/src/config/errors.js:89:50)\n at internalDeleteElementById (/opt/opencti/build/src/database/middleware.js:3302:13)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at deleteElementById (/opt/opencti/build/src/database/middleware.js:3378:32)\n at stixDomainObjectDelete (/opt/opencti/build/src/domain/stixDomainObject.js:177:3)"}] inner_relation_creation=0 operation=IndividualPopoverDeletionMutation operation_query=mutation IndividualPopoverDeletionMutation($id:ID!){individualEdit(id:$id){delete}} size=45 timestamp=2024-05-03T04:42:59.722Z type=WRITE_ERROR user={"group_ids":["e378406a-d093-4cc1-b8c9-788e67641ddc","eee3b034-1ea2-4281-884c-337697819212"],"ip":"::ffff:192.168.200.162","organization_ids":["91416770-beef-438c-9405-0162735728f4"],"referer":"http://192.168.200.211:8080/dashboard/entities/individuals/ca84bdec-a854-4212-989f-eafa5bae89db?viewAs=knowledge","socket":"query","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","user_metadata":{}} variables={"id":"ca84bdec-a854-4212-989f-eafa5bae89db"} version=6.0.9

It doesn't even update the data. 1970/01/01 09:00AM ERR Cannot update an individual corresponding to a user | category=APP errors=[{"attributes":{"genre":"BUSINESS","http_status":400},"message":"Cannot update an individual corresponding to a user","name":"FUNCTIONAL_ERROR","stack":"FUNCTIONAL_ERROR: Cannot update an individual corresponding to a user\n at error (/opt/opencti/build/src/config/errors.js:8:10)\n at FunctionalError (/opt/opencti/build/src/config/errors.js:89:50)\n at updateAttributeMetaResolved (/opt/opencti/build/src/database/middleware.js:1763:13)\n at processTicksAndRejections (node:internal/process/task_queues:95:5)\n at patchElementWithRefRelationships (/opt/opencti/build/src/domain/stixObjectOrStixRelationship.ts:37:36)\n at stixObjectOrRelationshipAddRefRelation (/opt/opencti/build/src/domain/stixObjectOrStixRelationship.ts:55:23)"}] inner_relation_creation=0 operation=IndividualEditionOverviewRelationAddMutation operation_query=mutation IndividualEditionOverviewRelationAddMutation($id:ID!$input:StixRefRelationshipAddInput!){individualEdit(id:$id){relationAdd(input:$input){from{__typename ...IndividualEditionOverview_individual ...on AdministrativeArea{id}...on Artifact{id}...on AttackPattern{id}...on AutonomousSystem{id}...on BankAccount{id}...on Campaign{id}...on CaseIncident{id}...on CaseRfi{id}...on CaseRft{id}...on CaseTemplate{id}...on Channel{id}...on City{id}...on Country{id}...on CourseOfAction{id}...on Creator{id}...on CryptocurrencyWallet{id}...on CryptographicKey{id}...on CsvMapper{id}...on DataComponent{id}...on DataSource{id}...on Directory{id}...on DomainName{id}...on EmailAddr{id}...on EmailMessage{id}...on EmailMimePartType{id}...on EntitySetting{id}...on Event{id}...on ExternalReference{id}...on Feedback{id}...on Group{id}...on Grouping{id}...on Hostname{id}...on IPv4Addr{id}...on IPv6Addr{id}...on Incident{id}...on Indicator{id}...on Individual{id}...on Infrastructure{id}...on IntrusionSet{id}...on KillChainPhase{id}...on Label{id}...on Language{id}...on MacAddr{id}...on Malware{id}...on MalwareAnalysis{id}...on ManagerConfiguration{id}...on MarkingDefinition{id}...on MediaContent{id}...on Mutex{id}...on Narrative{id}...on NetworkTraffic{id}...on Note{id}...on ObservedData{id}...on Opinion{id}...on Organization{id}...on PaymentCard{id}...on PhoneNumber{id}...on Position{id}...on Process{id}...on PublicDashboard{id}...on Region{id}...on Report{id}...on Sector{id}...on Software{id}...on Status{id}...on StixCoreRelationship{id}...on StixFile{id}...on StixRefRelationship{id}...on StixSightingRelationship{id}...on System{id}...on Task{id}...on Text{id}...on ThreatActorGroup{id}...on ThreatActorIndividual{id}...on Tool{id}...on Url{id}...on UserAccount{id}...on UserAgent{id}...on Vulnerability{id}...on WindowsRegistryKey{id}...on WindowsRegistryValueType{id}...on Workspace{id}...on X509Certificate{id}}id}}}fragment IndividualEditionOverview_individual on Individual{id name description contact_information confidence x_opencti_reliability createdBy{__typename __isIdentity:__typename id name entity_type}objectMarking{id definition_type definition x_opencti_order x_opencti_color}status{id order template{name color id}}workflowEnabled} size=138 timestamp=2024-05-03T04:39:24.843Z type=WRITE_ERROR user={"group_ids":["e378406a-d093-4cc1-b8c9-788e67641ddc","eee3b034-1ea2-4281-884c-337697819212"],"ip":"::ffff:192.168.200.162","organization_ids":["91416770-beef-438c-9405-0162735728f4"],"referer":"http://192.168.200.211:8080/dashboard/entities/individuals/ca84bdec-a854-4212-989f-eafa5bae89db?viewAs=knowledge","socket":"query","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","user_metadata":{}} variables={"id":"ca84bdec-a854-4212-989f-eafa5bae89db","input":{"relationship_type":"object-marking","toId":"95383cd3-0487-423f-a5ba-bf84b4cc7394"}} version=6.0.9

If I click on the Knowledges tab, the Individuals don't have any relationships, so I don't know why I'm getting the error pictured. 22

Please let me know how to fix it.

nino-filigran commented 4 months ago

@misohouse I cannot reproduce your error. I'm going to share this with some devs to see if they might have a clue of what's happening, but in the meantime, could you check if that happens with the most up to date version (6.0.10)? I would also assume that you're trying to delete them with a user with sufficient rights (bypass capability)? Last but not least, in the same way, I guess these users are not author of any entity, right?

nino-filigran commented 4 months ago

@misohouse Can you check if for these individuals, an email is registered as contact information? If so, could you check that you don't have any user using this email adress?

misohouse commented 4 months ago

@nino-filigran

I did what you said, changed the email address of the user in [Settings - Security - Users] to something different and deleted it, and it deleted fine.

The odd thing is that I don't remember creating Individuals myself, so I don't understand why the Individuals entity was existed.

nino-filigran commented 4 months ago

And are you the only user of your platform? Or the only one with the right to create users and/or individuals? I'm switching also the type of your ticket to question, since we do not have a bug at the moment on this topic.

misohouse commented 4 months ago

@nino-filigran

The platform is used by multiple people on the team.

However, it is mostly used to view reports, and a few people create reports, but none of them have entered Individuals directly (and I have not entered Individuals directly either).

I'm guessing that Individuals are created when building reports and creating related entities or observations.

Does Individuals data get created without the user having to create it?

For reference, we have about 20 registered users on the platform, and before this, we had about 10 data in Individuals (I've deleted them all).