Julien Richard

I dont think its related, looks like you experiment a timeout on connecting to elasticsearch.

Looks like still work in progress on elastic side. A PR is open https://github.com/elastic/elastic-transport-js/pull/55 but no activity on it

OpenCTI doesnt accept custom properties. If you try to integrate an unsupported field, it will just be ignored by the platform.

> Curious if, overall, the proposed changes would allow me to mark an IP Address (or any other entity, but just pulling IP Addr as an example) such that it...

Hi @skrumzy , when you say "close report", what does it means? Change the workflow status? delete the report? When you say scrape/parse the report, you talk about the report...

Maybe an error in your token config > token: 'f2678239-870f-46d8-bf83-5569de236fb5"' Looks like you put an extra double quote. Maybe should be > token: 'f2678239-870f-46d8-bf83-5569de236fb5'

For the graphql error you must check that you correctly deployed rabbitmq with the management plugin that allow OCTI to query information through rabbitmq API (in docker we use rabbitmq:3.10-management...

Backup restore is not designed to do incremental synchronization. To do that you can use the builtin synchronizer.

Any chance to send me your backup directory to reproduce locally? (We can of course sign an NDA or anything required)

Looks like the connector cant manage to connect to the AlienVault API. > Max retries exceeded with url: /api/v1/pulses/subscribed?limit=20&modified_since=2022-07-18T14%3A19%3A38.867000 > Failed to establish a new connection: [Errno -3] Try again'