Open dominictory opened 3 days ago
@dominictory we know that this area of the app does not work well, that is why we are currentlyworking on a task to align the graph & the data contained in the container overview. https://github.com/OpenCTI-Platform/opencti/issues/3227. In short, the 2 queries are different, resulting in a different view, as you have rightfully pointed. Therefore, the feature should fix your bug cc @romain-filigran FYI
I think that I have noticed this on graphs with a large number of correlations. I don't know what, if any, limit we might be running into. I suspect that one of the filters applied in the buildCorrelationData
function has a logic flaw in it.
So I added some instrumentation to my deployment and it seems like when the number of relationships goes above 500, this behavior starts to manifest. I suspect that the hard-coded first: 500
and similar 500-entry limits is being hit somewhere along the way such that the function linked below only gets the first 500 items from the "total objects" list and it ends up not pivoting into ones with related items:
Description
We have a report created by the CIRCL MISP feed connector. On the Overview page, we see multiple correlated reports:
On the Knowledge tab, we see a graph. However, when attempting to use
Correlation view
, no graph is produced:Environment
6.4.0
Reproducible Steps
Correlation view
for that reportExpected Output
Graph is produced in
Correlation view
showing correlationsActual Output
No graph produced in
Correlation view
. This occurs for other reports as well.