connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

Intel471 Connector Ingestion Issue

Open nhuber0724 opened this issue 9 months ago • 2 comments

Description

The Intel471 connector is ingesting data using incorrect entity types An APT intrusion set is ingested as a threat actor individual. A ransomware is ingested as a threat actor individual.

Environment

OpenCTI 6.5.3

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Examine the knowledge tab of a report ingested by Intel471 that contains multiple different entities.
  2. Examine threat actor/individual types.
  3. It appears the Intel471 connector is not ingesting certain entity types correctly.

Expected Output

The connector should ingest entity types appropriately in line with the STIX data model. For instance, APTs should be ingested as intrusion sets. Threat Actor Groups named should be ingested as Threat Actor Groups.

Actual Output

Entities are not ingested correctly.

Additional information

Screenshots available internally.

nhuber0724 avatar Feb 27 '25 21:02 nhuber0724

We're still investigating whether the bug is coming from a wrong modelization on our side or if it's something that we do not have control on. I'm removing the "In triage" because we're aware of the issue and investigating it. The result of the investigation will be posted on this issue.

nino-filigran avatar Jul 25 '25 13:07 nino-filigran

There is also lots on non-sense data ingested by Intel471.

See screenshot:

Image

EinatAR avatar Aug 11 '25 09:08 EinatAR