In order to avoid a seemingly endless recursion of enrichment, this connector will by default refuse to enrich entities created by itself. The setting *label_ignore_list" is used for this, and the default behaviour is to produce the label "wazuh_ignore" for every enriched entity.
This shouldn't be necessary. Instead, the connector should be able to differentiate between an automatic enrichment call and a manual enrichment call. This is currently not possible. Either raise this as an issue with OpenCTI or find a better workaround.
Enrichment can always be performed by removing the label "wazuh_ignore" on the entity in question.
In order to avoid a seemingly endless recursion of enrichment, this connector will by default refuse to enrich entities created by itself. The setting *label_ignore_list" is used for this, and the default behaviour is to produce the label "wazuh_ignore" for every enriched entity.
This shouldn't be necessary. Instead, the connector should be able to differentiate between an automatic enrichment call and a manual enrichment call. This is currently not possible. Either raise this as an issue with OpenCTI or find a better workaround.
Enrichment can always be performed by removing the label "wazuh_ignore" on the entity in question.