Skip to content

[CISA] Recreation of software observables, duplicates #3108

New issue
New issue
Open
Open
[CISA] Recreation of software observables, duplicates#3108
Labels
buguse for describing something not working as expectedconnector: cisa-kevfiligran support[optional] use to identify an issue related to feature developed & maintained by Filigran.
Milestone
Bugs backlog
@dominictory

Description

@dominictory
dominictory
opened on Dec 11, 2024

Description

We have the CISA KEV connector. We also have an alert to alert on any new CISA KEVs. We have seen an issue where the connector regularly 'recreates' software observables leading to duplicates, and a 'deleted' entity in the filter. The specific example we have is the Windows software observable that this connector specifically creates. As the observable is recreated, the alert no longer works as we need to add that software observable to the alert filter again.

Image

Image

Environment

6.4.0

Reproducible Steps

Connect CISA KEV connector
Create alert for new CISA KEV entries
When connector runs, observe recreation of software observables
Also observe that in the alert filter for specific software observables in source entity, that there is a 'deleted' entity.

Expected Output

Connector creates relationships with existing software observables to vulnerabilities

Actual Output

Connector creates relationships with existing software observables to vulnerabilities but with new software observable entity

Metadata

Metadata

Assignees

No one assigned

    Labels

    buguse for describing something not working as expectedconnector: cisa-kevfiligran support[optional] use to identify an issue related to feature developed & maintained by Filigran.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions