opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Bulk Search - inconsistent results involving HashedObservable objects

Open sweet-mentat opened this issue 1 year ago • 1 comments

Description

Okay, here's the scenario. I have a list of IOCs I want to search in OpenCTI - domain names, IPs, file hashes, cert hashes, etc. I put them in bulk search. Some of the IOCs are not in the system and are listed as UNKNOW in the bulk search results. If at least one of the hashes is in the system, all of the UNKNOWN results disappear.

Environment

  1. OS (where OpenCTI server runs): Docker image
  2. OpenCTI version: 6.2.3
  3. OpenCTI client: frontend

sweet-mentat avatar Aug 05 '24 16:08 sweet-mentat

Reproduced. Seems to be well related to doing research with hashes and other observables of other types.

romain-filigran avatar Aug 05 '24 16:08 romain-filigran