[Max confidence level] Error "confidence insufficient" on Observable

[Lhorus6]

Description

When we run the JoeSandbox connector on an artifact, we get this error message:

"User max confidence level is insufficient to update this element"

Important information: there is no "confidence level" on Observables (and an Artifact is an Observable)...

However, some information was added on the Artefact. So it looks like the connector worked fine, but there's this error.

Environment

OCTI 6.2.0

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Open an Artefact,
2. Run the Joe Sandbox connector.

Screenshots

[helene-nguyen]

@Lhorus6 Does the element_id that the connector is trying to update is an observable ?

[Lhorus6]

@nino-filigran From my point of view, it's not a connector problem, but a platform problem. There is no confidence level on Observables, so why do we have this error?

[labo-flg]

Yes this is very strange indeed ; I'm investigating on the backend side.

[labo-flg]

I can confirm that the code is very clear about this: if the entity type has no confidence attribute in the data model (like Artifact), confidence check is always granted.

[labo-flg]

like Helene said, could we verify if the element id in the error corresponds really to an Artifact ?

[Lhorus6]

I checked, this is the ID of the Indicator linked to the Artifact on which the connector is run 🤔

[helene-nguyen]

@Lhorus6 Ok, so when you enrich the artifact, there are 2 behaviors: you can create new related entities or update the existing one if it already exists. This error show us that it cannot update the related indicator but could you tell us if the artifact has new informations?

[Lhorus6]

Yes, apparently he did two actions:

• Replaced the score,
• Add external ref