Ensure that connector always enriches indicators #11
Assignees
Milestone
Comments
misje
added a commit
that referenced
this issue
May 29, 2024
This hard-coded delay is hopefully enough to give OpenCTI enough time to created based-on relationships when creating an indicator in the platform from an observable. Related to #11.
Merged
|
The hacky solution of adding a 100 ms delay before fetching linked observables to the enriched indicator seems to work really well. I'm deeming this solved for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, OpenCTI is a bit inconsistent when running this connector through automated enrichment on indicators. Sometimes the "based on" relationships are present, sometimes not. Although the indicator and the relationships are created at the same time, it appears that the enrichment is run before the relationships are created. This is expected and impossible to prevent if they relationships were manually added at a later time, but it's frustrating when they're all created at the same time, part of a internal OpenCTI automation. Can this be something OpenCTI can solve? If not, how could the connector deal with this?
This can probably be resolved with a playbook, but do not force users to rely on enterprise features for core functionality.
The text was updated successfully, but these errors were encountered: