client-python icon indicating copy to clipboard operation
client-python copied to clipboard
verified publisher icon OpenCTI-Platform

add_external_reference fails to add an external reference for a vulnerability entity

Open NathanC-TC opened this issue 10 months ago • 3 comments

Description

When using stix_domain_object.add_external_reference it fails to add an external reference for a vulnerability entity using the vulnerabiliy's ID. I have tested with other entities such as report, case_incident, malware. All were successful. The vulnerability entity is the only one that fails.

Error: ValueError: {'name': 'VALIDATION_ERROR', 'error_message': 'You must provide at least one external reference to update'}

Environment

  1. OS (where OpenCTI server runs): AlmaLinux 9.4
  2. OpenCTI version: OpenCTI 6.5.2
  3. pycti version: pycti 6.5.2; have tried using various versions to see if it resolves, but did not

Reproducible Steps

Steps to create the smallest reproducible scenario:

Use stix_domain_object.add_external_reference to add an external reference by it's id to a vulnerability by it's id.

Example: self._client.stix_domain_object.add_external_reference(id=entity_object_id, external_reference_id=external_reference['id'])

Expected Output

Add external reference to vulnerability entity.

Actual Output

Error: ValueError: {'name': 'VALIDATION_ERROR', 'error_message': 'You must provide at least one external reference to update'}

NathanC-TC avatar Feb 21 '25 16:02 NathanC-TC

Hello @NathanC-TC : I couldn't reproduce your issue. Have you enabled some specific settings on the "Vulnerability" entity in "Settings--> Customization --> Vulnerability" ?

romain-filigran avatar Feb 24 '25 10:02 romain-filigran

Hi @romain-filigran,

Thank you so much for the quick response! We are not seeing any specific settings on the "Vulnerability" entity in "Settings--> Customization --> Vulnerability". However, I discovered that stix_domain_object.add_external_reference is working on our Production OpenCTI. Therefore, there is something going on with our Development OpenCTI instance. I will report back if we can find the discrepancy to better assist others that may run into this issue.

Thanks again for the support! Nathan

NathanC-TC avatar Feb 25 '25 12:02 NathanC-TC

Hi @romain-filigran,

You were correct. Looking at the the "Vulnerability" entity in "Settings--> Customization --> Vulnerability" again, the "Enforce references" was toggle on. Therefore, it would not allow any updates on the Vulnerability without a reference. Toggling this button off resolved.

Thanks so much for the support, Nathan

NathanC-TC avatar Feb 27 '25 13:02 NathanC-TC