Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CrowdStrike taxonomy mapping incorrect #3531

Open
initstring opened this issue Mar 1, 2025 · 1 comment
Open

CrowdStrike taxonomy mapping incorrect #3531

initstring opened this issue Mar 1, 2025 · 1 comment
Labels
bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team

Comments

@initstring
Copy link
Contributor

Description

The CrowdStrike connector uses incorrect taxonomy/vocabulary mapping for threat actor motivations. This results in missing fields being imported and errors in the connector log file:

{"timestamp": "2025-03-01T00:59:09.413990Z", "level": "WARNING", "name": "crowdstrike_feeds_connector.actor.builder", "message": "Unsupported actor motivation: State-Sponsored", "taskName": null}
{"timestamp": "2025-03-01T00:59:16.805600Z", "level": "WARNING", "name": "crowdstrike_feeds_connector.actor.builder", "message": "Unsupported actor motivation: Hacktivism", "taskName": null}

I will open a PR shortly with the correct vocabulary.

Environment

  1. OS (where OpenCTI server runs): { e.g. Mac OS 10, Windows 10, Ubuntu 16.4, etc. }: N/A
  2. OpenCTI version: { e.g. OpenCTI 1.0.2 }: 6.5.3
  3. OpenCTI client: { e.g. frontend or python }: N/A
  4. Other environment details: CrowdStrike connector 6.5.3

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Run CrowdStrike connector
  2. View logs and grep for WARN

Expected Output

No error

Actual Output

Additional information

Screenshots (optional)
@initstring initstring added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Mar 1, 2025
@initstring initstring mentioned this issue Mar 1, 2025
Open
4 tasks
@initstring
Copy link
Contributor Author

Added PR here: #3532

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@initstring