search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.16k stars 911 forks source link

Created User vanish from UI and Elasticsearch Database when using them for Connectors #8025

Open savvy1337 opened 1 month ago

savvy1337 commented 1 month ago

Description

Following the usual procedure to create a user for example called [C] mitre. Then starting the mitre connector yields the result of the "[C] mitre" user vanishing from the User dashboard for some reason. I also checked the elasticsearch index and the user even vanishes from there. The connector seems to work though. I remember it wasn't like this in previous version.

Or is this intended behaviour?

Environment

  1. OS (where OpenCTI server runs): Debian 12
  2. OpenCTI version: OpenCTI 6.2.12
  3. ES Version: 8.13.4
  4. Other environment details: Everything run in docker containers following the official example

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create user "[C] mitre" (user exists in UI and in Elasticsearch index)
  2. Copy Connector ID and Token
  3. Start the connector container with the supplied values from step 2
  4. Shortly after the connector container is successfully started and fully working the user vanishes from the UI and Elasticsearch

Expected Output

User stays in UI and Elasticsearch

Actual Output

User vanished

romain-filigran commented 1 month ago

Hello @savvy1337. Thanks for your comments. If I understand correctly, you are configuring the env CONNECTOR_ID variable with the previously created USER_ID? There is no link between the CONNECTOR and the dedicated user apart from configuring the CONNECTOR to use the TOKEN_ID of your dedicated user. The connector_ID value must be a different, unique generic UUID value. It is only used to uniquely identify a connector instance. Can you replace the CONNECTOR_ID with a newly generated UUID value and try again? You may also need to delete the connector graphically before configuring a new CONNECTOR_ID.

But I can confirm that this is causing an unexpected behavior. We will investigate.

savvy1337 commented 1 month ago

You are describing my error. I was using the uuid of the created user as the CONNECTOR_ID which is obviously wrong, my bad.

Using a custom generated uuid using uuidgen works and the user is still there. Nevertheless if the uuid for some reason of a existing user matches the CONNECTOR_ID then the things described at the top happen.

romain-filigran commented 1 month ago

Reopening it to continue behavioral investigation