DFIQ UI Bug

[RoemIko]

Describe the bug DFIQ templates do not display anything if saved searches are added

To Reproduce Steps to reproduce the behavior:

1. Have the following DFIQ template

   display_name: Sharepoint exfiltration from auditlogs
   description:
   summary:
   details:
   references:
   -
   type: approach
   id: Q0001.01
   tags:
   - microsoft365
   view:
   analysis:
   - name: OpenSearch
   steps:
   - description: &filter-desc Filter Sharepoint events that may indicate exfiltration attempts.
     type: opensearch-query
     value: 'data_type:"auditlogs" AND (workload:"SharePoint" AND recordtype:("SharePoint" OR 4 OR 6 OR 14 OR 33)) AND operation:("FileDownloaded" OR "AnonymousLinkCreated" OR "SecureLinkCreated" OR "FileSyncDownloadedFull" OR "FileSyncDownloadedPartial")'

I keep getting No question found with this ID when i remove the analysis: yaml entry it gets fixed and the question can be added. I have no error logs in wsgi.log or in worker.log

Expected behavior I expect the UI to show me questions and saved searches related to a question i am trying to answer

Desktop (please complete the following information):

• OS: 5.15.146.1-microsoft-standard-WSL2
• Browser Tried Chrome and Edge
• Version 123.0.6312.122 123.0.2420.81

[RoemIko]

i tried adding the dfiq folder that is in this project i also tried the dfiq folder from the original dfiq repo but both result in No question found with this ID"question

[RoemIko]

Ok i found the issue before you do anything you have to share your sketch and then upload data, then it works

[jkppr]

Thanks for reporting this issue and sharing the possible workaround. In theory the DFIQ feature should not be linked to the sharing settings.

Does this only happen with custom DFIQ templates or also with the ones from dfiq.org ?

[RoemIko]

It happens with both

[RoemIko]

it seems some extension is blocking the dfiq questions, when i use the incognito mode it starts working

[jkppr]

I tried to reproduce the issue on a fresh dev setup following your steps in the initial comment and I am not running into the issue. Neither with your template nor the official DFIQ provided data.

What setup are you testing with? Normal installation or via a development setup? Can you please test if the same issue happens with a fresh browser without any extensions or modifications? If you continue to run into the error, can you share more detailed steps on how to reproduce it?

Thanks

[RoemIko]

Yea, so using an incognito browser works. So there is an extension blocking the dfiq questions. Ill mark this issue as closed as i dont know which extension it is. I have disabled adblocker, but the issue persists. I used the normal installation. Thank you for your time @jkppr!