Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicated techniques in Mitre Matrix view #9503

Open
lndrtrbn opened this issue Jan 6, 2025 · 1 comment
Open

Duplicated techniques in Mitre Matrix view #9503

lndrtrbn opened this issue Jan 6, 2025 · 1 comment
Assignees
@SouadHadjiat
Labels
bug use for describing something not working as expected
Milestone
Bugs backlog

Comments

@lndrtrbn
Copy link
Member

lndrtrbn commented Jan 6, 2025
edited
Loading

Description

In Mitre Matrix view of an Intrusion Set there are some techniques that are duplicated.

Environment

  1. OS (where OpenCTI server runs): { e.g. Mac OS 10, Windows 10, Ubuntu 16.4, etc. }
  2. OpenCTI version: { e.g. OpenCTI 1.0.2 }
  3. OpenCTI client: { e.g. frontend or python }
  4. Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. In testing platform, go to Threats / Intrusion Set
  2. Choose 0ktapus
  3. Go to Knowledge tab
  4. Select Attack Patterns on the right menu
  5. Look at techniques, for examples in third column

Image

Expected Output

No duplicates.

Actual Output

Duplicates
@lndrtrbn lndrtrbn added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jan 6, 2025
@SouadHadjiat SouadHadjiat self-assigned this Jan 6, 2025
@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 7, 2025
@nino-filigran nino-filigran added this to the Bugs backlog milestone Jan 9, 2025
@SouadHadjiat
Copy link
Member

After investigation, it seems that the we have attack patterns with the same name and same kill chain phase in the database (but different ids and different data). They shouldn't have the same kill chain phase, I don't know if it's an ingestion issue, or if we manipulated them in our platforms. There are no issues with the matrix view.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SouadHadjiat SouadHadjiat

Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs backlog
Development

No branches or pull requests
3 participants
@SouadHadjiat @lndrtrbn @nino-filigran