Importing a stix sighting with observed data breaks aggregation

[0asys]

Please replace every line in curly brackets { like this } with an appropriate answer, and remove this line.

Description

If an stix2 sighting is imported by the python client and it contains "observed data refs" - it imports the sighting multiple times, one time for the actual SDO and the same sighting with the same ID for the observed data ref.
This breaks the aggregation behaviour of Sightings in OpenCTI, resetting the counter to 1.

Environment

OpenCTI 6.7.3

Reproducible Steps

Steps to create the smallest reproducible scenario:

Import:
{
"id": "sighting--d2ac9be3-6a27-5d76-b253-f73676089453",
"type": "sighting",
"sighted_by_ref": "",
"where_sighted_refs": ["identity--9f830bef-8ea3-434d-ac1e-ec900c066adc"],
"count": 1,
"sighting_of_ref": "indicator--11f5d634-263f-54d6-8896-a450af589c6d",
"spec_version": "",
"created_by_ref": "",
"description": "",
"summary": false,
"first_seen": "2025-07-20T21:29:46.433Z",
"last_seen": "2025-07-20T22:51:46.923Z",
"observed_data_refs": ["observed-data--307d5421-7504-55c2-a6fb-57db9359e725"]
}

Expected Output

Sighting sighting--d2ac9be3-6a27-5d76-b253-f73676089453 is imported one time for the indicator--11f5d634-263f-54d6-8896-a450af589c6d

Actual Output

sighting--d2ac9be3-6a27-5d76-b253-f73676089453 is imported twice - fromId of the indicator and observed_data_refs

Additional information

This is the location of the code causing this:

client-python/pycti/utils/opencti_stix2.py

Line 2732 in 4560342

if "observed_data_refs" in item:

Suggestion: Do not import the sighting additionally with the observed data refs.

[0asys]

related:
OpenCTI-Platform/opencti#3499