Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Artifact tags are overwritten by alert sourceRef during import to case #734

Closed
ninSmith opened this issue Sep 27, 2018 · 1 comment
Closed

Artifact tags are overwritten by alert sourceRef during import to case #734

ninSmith opened this issue Sep 27, 2018 · 1 comment
Assignees
@To-om
Labels
cannot reproduce

Comments

@ninSmith
Copy link

Request Type

Bug

Work Environment

Question Answer
OS version (server) All OS
OS version (client) All client
TheHive version / git hash 3.0.9 but most likely apply to all version which supports the alert feature
Package Type Binary
Browser type & version N/A

Problem Description

I created an alert with thehive4py 1.5 where sourceRef='foo'.
The alert was created with an artifact which has tags=['bar'].
Then I imported the alert as a case through the web UI.
Now, looking at the observable, tags are only: foo.

I suspect that TheHive overwrite the observable tags with the alert's sourceRef at import.

Steps to Reproduce

  1. Create alert with a tagged artifact through thehive4py
  2. Import the alert as a case through web UI
  3. Check the observable tags
@To-om To-om self-assigned this Sep 27, 2018
@ninSmith
Copy link
Author

Layer 8 problem, please ignore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
cannot reproduce
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ninSmith @To-om