nino-filigran
commented
2 weeks ago @EinatAR I've marked this as a bug even if it's not a "real" one, rather a whole in the code I would say. Currently, what's happening is that your entities are created but not linked to the report since you did not select the option to add them in the container. Therefore, the fix should be to automatically add any manually added entity in the given container.
Now let me explain how you can manually overcome this issue for now:
- Add your entity (in the example below, I've imported your file, and added a country "France", in the container)
- Then, go to your container and click on it
- Click on Add and complete
- You will notice that your manually added entity are not selected. Select them
- Validate your workbench
- The container is created & the entities you added manually have also been added.
That is why I mentionned to you we will still consider this as a bug, because if you don't know the trick, it's quite difficult for you to understand the issue.
Description
When importing a document in Data > Import In the case that some entities don't come up and I want to add it manually, after validating the workbench the entities don't show up.
If I validate the workbench the way it is, then go to the report > analyst workbench > add the missing entities and validate -> it does show up.
Environment
OpenCTI version: 6.3.11
Reproducible Steps
Steps to create the smallest reproducible scenario:
In the workbench South Korea (country) and Noname057(16)(Intrusion set) do not come up
Expected Output
I would expect to see the added entities listed under Entities tab and see them in the Knowledge tab in both scenarios:
Actual Output
When adding the entities in Data > Import > Analyst workbench : The two entities are nowhere to be found
Screenshots (optional)