connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[Sentinel] Observing 2 different IDs for each indicator coming from OpenCTI

Open EinatAR opened this issue 10 months ago • 1 comments

Description

For each indicator pushed from OpenCTI to Sentinel, we see 2 different ID's

Environment

  1. OpenCTI version: 6.5.0

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a Live Stream to push indicators from OpenCTI to Sentinel

Expected Output

One ID for each indicator pushed from OpenCTI to Sentinel

Actual Output

Two IDs for each indicator pushed from OpenCTI to Sentinel

Additional information

In Notion investigation page and you can reach out to me to see details.

EinatAR avatar Feb 07 '25 16:02 EinatAR

@EinatAR: comment in the notion page.

romain-filigran avatar Feb 13 '25 23:02 romain-filigran

Checked with @EinatAR, close for now and can be re-opened if needed

helene-nguyen avatar Jul 23 '25 09:07 helene-nguyen