fqrious
commented
4 weeks ago Okay, this shouldn't be happening as I made the key to always be id+timestamp... Can I have a link to the insert_archive_attack_enterprise.sh file?
Closed himynamesdave closed 4 weeks ago
fqrious
commented
4 weeks ago Okay, this shouldn't be happening as I made the key to always be id+timestamp... Can I have a link to the insert_archive_attack_enterprise.sh file?
himynamesdave
commented
4 weeks ago Check this: https://github.com/muchdogesec/stix2arango/tree/optimizations?tab=readme-ov-file#quickstart
I detail how to get the script there
fqrious
commented
4 weeks ago Alright, I'll fix it tomorrow morning...
fqrious
commented
4 weeks ago Okay, what I'm seeing from the key in the error is that there's another object with the same modified value but different hash (probably different _stix2arango_note) in the DB before this import
I'm thinking of just appending _record_modified_time instead of doc.modified time, this way that kind of collision will never happen again.
Also, I just concatenated without using a "+" to separate the id and the timestamp
himynamesdave
commented
4 weeks ago Great. Just remember to observe the _is_latest behaviour in docs (not all newly imported objects are _is_latest == true, e.g. if newly imported modified time is less than existing modified time
I've added a quickstart guide that will give you a load of scripts to recreate. Follow instructions here:
https://github.com/muchdogesec/stix2arango/tree/optimizations?tab=readme-ov-file#quickstart
If I run
sh insert_archive_attack_enterprise.shThe end of the error shows
It seems the update key logic has been changed in the optimizations branch (which we did discuss).
Here is how the old code got around key conflict for each STIX object type
https://github.com/muchdogesec/stix2arango/tree/main/docs#update-existing-objects-in-vertex-collections
Note the way
+timestampis appended to_key