Closed himynamesdave closed 4 weeks ago
Okay, this shouldn't be happening as I made the key to always be id+timestamp
... Can I have a link to the insert_archive_attack_enterprise.sh
file?
Check this: https://github.com/muchdogesec/stix2arango/tree/optimizations?tab=readme-ov-file#quickstart
I detail how to get the script there
Alright, I'll fix it tomorrow morning...
Okay, what I'm seeing from the key in the error is that there's another object with the same modified
value but different hash (probably different _stix2arango_note
) in the DB before this import
I'm thinking of just appending _record_modified_time
instead of doc.modified
time, this way that kind of collision will never happen again.
Also, I just concatenated without using a "+" to separate the id
and the timestamp
Great. Just remember to observe the _is_latest behaviour in docs (not all newly imported objects are _is_latest == true
, e.g. if newly imported modified
time is less than existing modified
time
I've added a quickstart guide that will give you a load of scripts to recreate. Follow instructions here:
https://github.com/muchdogesec/stix2arango/tree/optimizations?tab=readme-ov-file#quickstart
If I run
sh insert_archive_attack_enterprise.sh
The end of the error shows
It seems the update key logic has been changed in the optimizations branch (which we did discuss).
Here is how the old code got around key conflict for each STIX object type
https://github.com/muchdogesec/stix2arango/tree/main/docs#update-existing-objects-in-vertex-collections
Note the way
+timestamp
is appended to_key