Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

In an Incident, the Observables count on Knowledge is one below the actual count #9057

Closed
damians-filigran opened this issue Nov 18, 2024 · 5 comments · Fixed by #9304
Closed

In an Incident, the Observables count on Knowledge is one below the actual count #9057

damians-filigran opened this issue Nov 18, 2024 · 5 comments · Fixed by #9304
Assignees
@delemaf
Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR) ui for scope limited to UI change
Milestone
Release 6.4.11

Comments

@damians-filigran
Copy link

Description

On the Knowledge screen of an incident, if there are 2 or more observables included, then the count in brackets will be one lower than the total

Environment

  1. OS (where OpenCTI server runs): SaaS
  2. OpenCTI version: 6.3.13
  3. OpenCTI client: Edge on MacOS
  4. Other environment details:

Reproducible Steps

Expected Output

Actual Output

Additional information

Example in demo here

Screenshots (optional)

Image
@damians-filigran damians-filigran added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Nov 18, 2024
@romain-filigran
Copy link
Member

To be investigated. This isn't the first time we have an inconsistency between the number in the right-hand panel and the count in the table.

@romain-filigran romain-filigran added ui for scope limited to UI change and removed needs triage use to identify issue needing triage from Filigran Product team labels Nov 18, 2024
@romain-filigran romain-filigran added this to the Bugs backlog milestone Nov 18, 2024
@Kedae
Copy link
Member

Kedae commented Nov 20, 2024

The issue comes from:

  • Schema send "StixFile" as an observable type
  • Root query of entity send "Stixfile" as key for the computing of nb elements

@marckto-filigran
Copy link

Hello, I have a similar problem for intrusion set counts and also attribution.
Image
Image

@delemaf delemaf self-assigned this Dec 13, 2024
@delemaf delemaf mentioned this issue Dec 18, 2024
Merged
5 tasks
@nino-filigran
Copy link

Hi @damians-filigran & @marckto-filigran we'll fix the issue regarding your problems.
For your information, we also have some work planned to rework the knowledge views:

@Lhorus6
Copy link

Lhorus6 commented Jan 8, 2025

For the explanation, here's what's happening:

In the specific sections of the Knowledge tab, we only list specific relationship types.

-> For example, if we go to the “Malware” sections of an Intrusion set, we only display the “Intrusion set -> uses -> Malware” relationships.

However, in the counters on each sections, we count all relationships.

-> In the “Malware” section example above, the counter will count all relationships between my Intrusion set and any Malware. This means that if I have “Intrusion set -> uses -> Malware A” and “Intrusion set -> related to -> Malware B”, my counter will show 2, but I'll only have Malware A appearing in my list.

@labo-flg labo-flg modified the milestones: Bugs backlog, Release 6.4.11 Feb 3, 2025
@labo-flg labo-flg added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@delemaf delemaf

Labels
bug use for describing something not working as expected solved use to identify issue that has been solved (must be linked to the solving PR) ui for scope limited to UI change
Projects
None yet
Milestone
Release 6.4.11
Development

Successfully merging a pull request may close this issue.

[frontend] Align knowledge bar counters (#8115) OpenCTI-Platform/opencti
8 participants
@delemaf @Kedae @Lhorus6 @labo-flg @nino-filigran @marckto-filigran @damians-filigran @romain-filigran