search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.5k stars 958 forks source link

Error when trying to import 3160 entities that are sigma rules #7746

Open NLAfiligran opened 4 months ago

NLAfiligran commented 4 months ago

Description

Error when trying to import 3160 entities that are sigma rules "An unknown error occurred. Please provide a support package to your administrator or OpenCTI maintainers"

Reproducible Steps

I imported the json file from this link shared by the community https://pub-ce0133952c6947428e077da707513ff5.r2.dev/sigma-rules/sigma-rule-bundle-r2024-07-17.json The import was successful and ImportFileStix generated the bundle sent for validation In the workbench, I see the indicators for 5 seconds with the "already know in the platform" job running, then I get this error "An unknown error occurred. Please provide a support package to your administrator or OpenCTI maintainers"

ffc20784-7ced-4725-a2f8-a6cb000a2aac.zip

brett-fitz commented 4 months ago

I believe this issue is due to each entity making a graphql request to see if its already in the platform and because there are so many entities, and there for requests, it breaks the view. Need to confirm though.

nino-filigran commented 4 months ago

After an investigation done by @JeremyCloarec, it looks like a perf issue due to how workbench work. Given that we plan to replace workbenches with drafts in the coming months, let's see if we got more issues like these to know if need to prioritize a fix.