connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

"Threat" Section is not being populated

Open Mr-AnyThink opened this issue 3 years ago • 1 comments

Description

"Threat" section is not being populated. I deployed docker using portainer and used connector for Mitre. "Arsenel" Section is working fine.

Environment

  1. OS Ubuntu 20.04
  2. OpenCTI version: 5.2.4

Below are platform logs: {"auth":{"email":"SYSTEM"},"category":"AUDIT","level":"info","message":"USER_CREATION","resource":{"groups":[],"roles":["Default"],"user":"[email protected]"},"timestamp":"2022-05-15T07:56:39.652Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.5","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:45.107Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.2","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:46.790Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:47.219Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.5","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:47.985Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.196Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.10","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.265Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.9","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.315Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.399Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.4","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.448Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.480Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:48.984Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.047Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.097Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.325Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.336Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.442Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.566Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.617Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.690Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.828Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.864Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:49.944Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:50.069Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:50.135Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.6","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:54.711Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:57.023Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:57.286Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T07:56:57.334Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:192.168.10.1","referer":"http://192.168.10.137:8080/dashboard","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"local"},"timestamp":"2022-05-15T07:57:21.393Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.16","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T08:18:36.700Z","version":"5.2.4"} {"auth":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","email":"[email protected]","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T08:18:56.163Z","version":"5.2.4"} {"auth":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","email":"[email protected]","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T08:18:56.249Z","version":"5.2.4"} {"auth":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","email":"[email protected]","ip":"::ffff:172.19.0.14","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T08:18:56.320Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:192.168.10.1","referer":"http://192.168.10.137:8080/dashboard","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"local"},"timestamp":"2022-05-15T08:19:35.818Z","version":"5.2.4"} {"auth":{"email":"[email protected]","ip":"::ffff:172.19.0.16","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"category":"AUDIT","level":"info","message":"LOGIN","resource":{"provider":"Bearer"},"timestamp":"2022-05-15T08:24:53.380Z","version":"5.2.4"} {"category":"APP","error":{"data":{"category":"business","from":"intrusion-set--9559ecaf-2e75-48a7-aee8-9974020bc772","http_status":500,"reason":"Relation cant be created with the same source and target","relationshipType":"revoked-by","to":"intrusion-set--17862c7d-9e60-48a0-b48e-da4dc4c3f6b0"},"stacktrace":["UnsupportedError: Unsupported operation","at error (/opt/opencti/build/src/config/errors.js:8:10)","at UnsupportedError (/opt/opencti/build/src/config/errors.js:62:51)","at createRelationRaw (/opt/opencti/build/src/database/middleware.js:2518:11)","at runMicrotasks ()","at processTicksAndRejections (node:internal/process/task_queues:96:5)","at createRelation (/opt/opencti/build/src/database/middleware.js:2613:16)","at addStixCoreRelationship (/opt/opencti/build/src/domain/stixCoreRelationship.js:126:19)"]},"inner_relation_creation":1,"level":"error","message":"API Call","operation":"StixCoreRelationshipAdd","operation_query":"mutation StixCoreRelationshipAdd($input:StixCoreRelationshipAddInput!){stixCoreRelationshipAdd(input:$input){id standard_id entity_type parent_types}}","size":615,"time":18,"timestamp":"2022-05-15T08:28:39.612Z","type":"WRITE_ERROR","user":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"variables":{"input":{"confidence":15,"created":"2018-04-18T17:59:24.739Z","createdBy":"identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5","description":"","externalReferences":[],"fromId":"intrusion-set--9559ecaf-2e75-48a7-aee8-9974020bc772","killChainPhases":[],"lang":null,"modified":"2018-10-17T00:14:20.652Z","objectLabel":[],"objectMarking":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],"relationship_type":"revoked-by","revoked":null,"start_time":null,"stix_id":"relationship--3680408d-e56e-4d68-a74d-2678093ed53f","stop_time":null,"toId":"intrusion-set--17862c7d-9e60-48a0-b48e-da4dc4c3f6b0","update":true}},"version":"5.2.4"} {"category":"APP","error":{"data":{"category":"business","from":"intrusion-set--68ba94ab-78b8-43e7-83e2-aed3466882c6","http_status":500,"reason":"Relation cant be created with the same source and target","relationshipType":"revoked-by","to":"intrusion-set--4ca1929c-7d64-4aab-b849-badbfc0c760d"},"stacktrace":["UnsupportedError: Unsupported operation","at error (/opt/opencti/build/src/config/errors.js:8:10)","at UnsupportedError (/opt/opencti/build/src/config/errors.js:62:51)","at createRelationRaw (/opt/opencti/build/src/database/middleware.js:2518:11)","at runMicrotasks ()","at processTicksAndRejections (node:internal/process/task_queues:96:5)","at createRelation (/opt/opencti/build/src/database/middleware.js:2613:16)","at addStixCoreRelationship (/opt/opencti/build/src/domain/stixCoreRelationship.js:126:19)"]},"inner_relation_creation":1,"level":"error","message":"API Call","operation":"StixCoreRelationshipAdd","operation_query":"mutation StixCoreRelationshipAdd($input:StixCoreRelationshipAddInput!){stixCoreRelationshipAdd(input:$input){id standard_id entity_type parent_types}}","size":615,"time":8,"timestamp":"2022-05-15T08:28:39.653Z","type":"WRITE_ERROR","user":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","ip":"::ffff:172.19.0.12","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"variables":{"input":{"confidence":15,"created":"2018-10-17T00:14:20.652Z","createdBy":"identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5","description":"","externalReferences":[],"fromId":"intrusion-set--68ba94ab-78b8-43e7-83e2-aed3466882c6","killChainPhases":[],"lang":null,"modified":"2018-10-17T00:14:20.652Z","objectLabel":[],"objectMarking":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],"relationship_type":"revoked-by","revoked":null,"start_time":null,"stix_id":"relationship--632ca9a0-a9f3-4b27-96e1-9fcb8bab11cb","stop_time":null,"toId":"intrusion-set--4ca1929c-7d64-4aab-b849-badbfc0c760d","update":true}},"version":"5.2.4"} {"category":"APP","error":{"data":{"category":"business","from":"malware--310f437b-29e7-4844-848c-7220868d074a","http_status":500,"reason":"Relation cant be created with the same source and target","relationshipType":"revoked-by","to":"malware--b42378e0-f147-496f-992a-26a49705395b"},"stacktrace":["UnsupportedError: Unsupported operation","at error (/opt/opencti/build/src/config/errors.js:8:10)","at UnsupportedError (/opt/opencti/build/src/config/errors.js:62:51)","at createRelationRaw (/opt/opencti/build/src/database/middleware.js:2518:11)","at runMicrotasks ()","at processTicksAndRejections (node:internal/process/task_queues:96:5)","at createRelation (/opt/opencti/build/src/database/middleware.js:2613:16)","at addStixCoreRelationship (/opt/opencti/build/src/domain/stixCoreRelationship.js:126:19)"]},"inner_relation_creation":1,"level":"error","message":"API Call","operation":"StixCoreRelationshipAdd","operation_query":"mutation StixCoreRelationshipAdd($input:StixCoreRelationshipAddInput!){stixCoreRelationshipAdd(input:$input){id standard_id entity_type parent_types}}","size":603,"time":10,"timestamp":"2022-05-15T08:28:39.707Z","type":"WRITE_ERROR","user":{"applicant_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f","call_retry_number":"1","ip":"::ffff:172.19.0.15","user_id":"88ec0c6a-13ce-5e39-b486-354fe4a7084f"},"variables":{"input":{"confidence":15,"created":"2018-10-17T00:14:20.652Z","createdBy":"identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5","description":"","externalReferences":[],"fromId":"malware--310f437b-29e7-4844-848c-7220868d074a","killChainPhases":[],"lang":null,"modified":"2018-10-17T00:14:20.652Z","objectLabel":[],"objectMarking":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],"relationship_type":"revoked-by","revoked":null,"start_time":null,"stix_id":"relationship--87231371-e005-44ab-9b66-1954615f2a7e","stop_time":null,"toId":"malware--b42378e0-f147-496f-992a-26a49705395b","update":true}},"version":"5.2.4"}

Mr-AnyThink avatar May 15 '22 08:05 Mr-AnyThink

Hello @Mr-AnyThink,

Is the "Intrusion Sets" section actually filled?

The MITRE dataset does not contain any "Threat Actor" so this is normal that this section is not filled.

Kind regards, Samuel

SamuelHassine avatar Jul 12 '22 13:07 SamuelHassine