Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Course of Action does not have way to add Log Sources or Threat Hunting Techniques #713

Open
NathanC-TC opened this issue Jul 29, 2024 · 3 comments
Open

Course of Action does not have way to add Log Sources or Threat Hunting Techniques #713

NathanC-TC opened this issue Jul 29, 2024 · 3 comments
Labels
bug use for describing something not working as expected
Milestone
Bugs Backlog

Comments

@NathanC-TC
Copy link

NathanC-TC commented Jul 29, 2024
edited
Loading

Description

pycti entity course_of_action does not have a way to add Log Sources or Threat Hunting Techniques. This is inconsistent with what you can add manually in OpenCTI.

Environment

OpenCTI version: latest

Expected Output

Have fields to add Log Sources and Threat Hunting Techniques
@NathanC-TC NathanC-TC added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Jul 29, 2024
@nino-filigran
Copy link

@NathanC-TC this is also not available at creation when creating it manually through UI. Are you able to add them when editing it?

@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Jul 30, 2024
@nino-filigran nino-filigran added this to the Bugs Backlog milestone Jul 30, 2024
@NathanC-TC
Copy link
Author

Hi @nino-filigran ,

Thanks for quick response! Okay, I see now that indeed you cannot add during creation even in the UI, only after creation can you go back and update. So the question is now how do you update the Course of Action with Log Sources and Threat Hunting Techniques via the pycti api after creation? I still do not see a way to do this, nor am I seeing Log Sources or Threat Hunting Techniques stored in Course of Actions when using list() or read() on Course of Actions created manually through the UI that have these fields filled out. Perhaps there is a way that is not documented?

Thank you for your guidance!
Nathan

@NathanC-TC NathanC-TC changed the title Course of Action create() function does not contain Log Sources or Threat Hunting Techniques Course of Action does not have way to add Log Sources or Threat Hunting Techniques Aug 7, 2024
@NathanC-TC
Copy link
Author

Any updates on this? There is still no way to add Log Sources or Threat Hunting Techniques to Course of Actions. Thus, still a bug that needs to be addressed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected
Projects
None yet
Milestone
Bugs Backlog
Development

No branches or pull requests
2 participants
@nino-filigran @NathanC-TC