opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Logo on Notifiers is Broken

Open jw-NYC-001 opened this issue 8 months ago • 4 comments

Description

Notifiers emails for reports have a broken link. This appears both with the default OpenCTI logo image, as well as with a custom image uploaded into the Notifier message itself.

We are unable to assess if there are sizing limitations blocking the image because no documentation is available on configuration of logos.

Our instance of OpenCTI is set up on GCP, and the notifier email is coming from a Google email, so this shouldn't be an issue of a trusted domain either.

Environment

  1. OS (where OpenCTI server runs): { GCP }
  2. OpenCTI version: { OpenCTI 6.6.13 }
  3. OpenCTI client: { Frontend }
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. { Configure a notifier to send an email to a user upon report creation. }
  2. { We have tried to both use the default OpenCTI image and our own Organization logo }
  3. { Create a new report in the platform and observe via email (Google/GCP) that the notifier image is broken }
  4. There is no option to right click on the image to see it.

Expected Output

We expect to be able to customize the logo on the notifier so users understand that an email is coming from our organization.

Actual Output

Images continue to appear broken

Additional information

Screenshots (optional)

Sending a report using the default image: Image

Customizing the Notifier, including logo image: Image

jw-NYC-001 avatar Jun 17 '25 15:06 jw-NYC-001

I cannot reproduce: can you share the detail of your notifier please?

nino-filigran avatar Jun 18 '25 07:06 nino-filigran

Our OpenCTI Instance is set up in Google Workspace and the email it is sending to is Gmail. If you attempt to reproduce in FIligran's internal environment via Outlook you wont get the same results. Nicolas Q and Jason M. are both aware of this issue and saw the reproduction in a live call.

jw-NYC-001 avatar Jun 18 '25 13:06 jw-NYC-001

Hi @jw-NYC-001 Could it be linked to the configuration of Gmail to display images ? https://support.google.com/mail/answer/145919?hl=en&co=GENIE.Platform%3DDesktop

Kedae avatar Jun 19 '25 12:06 Kedae

Hell @Kedae - I can confirm that my image display configuration is turned on.

Image

jw-NYC-001 avatar Jun 20 '25 14:06 jw-NYC-001

@Kedae - Do you have any updates to share on this issue? Thank you.

jw-NYC-001 avatar Jun 30 '25 18:06 jw-NYC-001

@Kedae - I sent my update 3 weeks ago showing that the solution you offered wasn't causing the issue. We are still experiencing a broken logo, and waiting for further updates from your side. Nicolas Quintin and Jason Maurath from your side are both aware of this issue. The hypothesis from the team is that because the Notifier is configured to look for an image link, if those images aren't available in an Open to Public space, it will always appear broken. If you can implementation of this to recall an image the same as the FAV icon in the browser, that might be one solution (off the top of our heads).

Image

jw-NYC-001 avatar Jul 14 '25 14:07 jw-NYC-001

Hi @jw-NYC-001

I will look in the code, but from what I see the image is collected as a base64 format :

data:image/png;base64,iVBORw0KGgoAAAANSUhEUg...

So no need for internet availability in that matter.

Kedae avatar Jul 21 '25 13:07 Kedae

So why is the image encoded? Where is the image actually stored so that our instance knows where to find it?

jw-NYC-001 avatar Jul 21 '25 13:07 jw-NYC-001

Just to be sure, you have used the "Platform mailer" notifier connector ? If so, the image is stored as base64 directly in elastic, so there is no storage anywhere else and your email should be read directly in your mail app.

Kedae avatar Jul 21 '25 14:07 Kedae

@Kedae - we are using the Simpler Mailer to send automated email messages to our users. The notifier uses an automated trigger based on a users group assignment, so that when a report is made available, only users who should have access automatically get a notification to their email that a report is available to them.

In our use case, the users who receive these notifications are not in the platform daily, and we want an automated way to alert them to log into the platform.

jw-NYC-001 avatar Jul 21 '25 15:07 jw-NYC-001

Yes sorry I meant the simple mailer 🥲 My bad.

So in the "simple mailer" the image is base64 encoded. Do you have access to your elastic to check ? Can you try with another mail app ?

Kedae avatar Jul 21 '25 15:07 Kedae

@Kedae - So after further investigation on this, our team discovered a gmail limitation that we are hitting that we had not been aware of:

https://stackoverflow.com/questions/71852995/how-to-display-base64-images-in-gmail https://stackoverflow.com/questions/46783599/base64-encoded-image-is-not-showing-in-gmail

In short, Base64 encoding will never work for our configuration or use case since all our users are onboarded to the platform with a gmail account. The notifier would send the email to their gmail, and then the base64 encoded images will never work.

jw-NYC-001 avatar Jul 21 '25 17:07 jw-NYC-001

Given the feedback, i'll close the bug since the issue lies in the email provider.

nino-filigran avatar Oct 09 '25 07:10 nino-filigran

@nino-filigran - I disagree with your conclusion that this is an "issue" that lies with the email provider. The way Filigran has coded logos on Notifiers isn't functional with Google. Any of your clients that work on GCP infrastructure will have the same problem.

jw-NYC-001 avatar Oct 09 '25 15:10 jw-NYC-001