Open Lhorus6 opened 4 days ago
@Lhorus6 Does the element_id
that the connector is trying to update is an observable ?
@nino-filigran From my point of view, it's not a connector problem, but a platform problem. There is no confidence level on Observables, so why do we have this error?
Yes this is very strange indeed ; I'm investigating on the backend side.
I can confirm that the code is very clear about this: if the entity type has no confidence attribute in the data model (like Artifact), confidence check is always granted.
like Helene said, could we verify if the element id in the error corresponds really to an Artifact ?
I checked, this is the ID of the Indicator linked to the Artifact on which the connector is run 🤔
@Lhorus6 Ok, so when you enrich the artifact, there are 2 behaviors: you can create new related entities or update the existing one if it already exists. This error show us that it cannot update the related indicator but could you tell us if the artifact has new informations?
Yes, apparently he did two actions:
Description
When we run the JoeSandbox connector on an artifact, we get this error message:
"User max confidence level is insufficient to update this element"
Important information: there is no "confidence level" on Observables (and an Artifact is an Observable)...
However, some information was added on the Artefact. So it looks like the connector worked fine, but there's this error.
Environment
OCTI 6.2.0
Reproducible Steps
Steps to create the smallest reproducible scenario:
Screenshots