You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran into this when uploading indicators in STIX format to Sentinel. The current STIX implementation of Sentinel only accepts indicators (not observations). It was a bit confusing to see indicators with to_ids false (those part of an object) appearing in the Sentinel TI tables.
MISP-STIX usage
Integration for Sentinel
Expected behavior
Only have those attributes of an object that have the to_ids flag set to true included in the pattern of the STIX indicator.
Actual behavior
All attributes of an object are included in the conversion, regardless of to_ids flag.
Steps to reproduce
Example with the
file
object.If the attribute "filename" is added to the object, but with the to_ids flag set to False then it is still included in the STIX indicator pattern.
Version
2.4.172
Python version
3.8
Relevant log output
No response
Extra attachments
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: