Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Flashpoint] Improve and refactor connector to use new Ignite API #1988

Closed
Lhorus6 opened this issue Mar 29, 2024 · 6 comments
Closed

[Flashpoint] Improve and refactor connector to use new Ignite API #1988

Lhorus6 opened this issue Mar 29, 2024 · 6 comments
Assignees
@SamuelHassine
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.2.2

Comments

@Lhorus6
Copy link
Contributor

Lhorus6 commented Mar 29, 2024
edited by richard-julien
Loading

Description

Flashpoint provides now a new API, Ignite. We need to change the connector to use this new one. At the same time we will fetch more data and improve the overall quality.

  1. Use Ignite API to paginate data instead of fetching everything
  2. Prevent connector to add the "Flashpoint" organization to the reports it creates (it shouldn't),
  3. The connector labels all information (sector, countries, etc.). We need to create relationships as usual, and clean up the labels. At this moment, no relations are created. The report arrives as if it were an RSS feed...
  4. The files attached to the report (in the data tab) are html without layout (why not pdfs?) and are all called "report.html" rather than the actual name of the report -> see if like Mandiant and CrowdStrike we can get a clean Flashpoint pdf.
  5. There is no report_type, not very important but if Flashpoint provides it, it would be nice to get it.

API to take a look

Get Reports
https://docs.flashpoint.io/flashpoint/reference/fireapireportssearch
Creation of relations and entities based on tags is needed
Pagination using since + limit and skip ?

Get IOCS
https://docs.flashpoint.io/flashpoint/reference/indicators_apiappattributes
First do a search using updated_since + limit and skip ?
Maybe using scrolling?

Flashpoint contained in the report and nothing else

Screenshot 2024-03-29 092153

Bad labels

In the labels, we can see regions, countries, sectors, TTPs, ... things that are entities in their own and to be linked to the report, not to put on the label.

Screenshot 2024-03-29 092326

Other example that tnformation are not capitalized (not linked to the report)

You can still see in the description that the report talks about a threat actor yet I have no relationship. I only have one organization in my report -> Flashpoint

Screenshot 2024-03-29 092520
@Lhorus6 Lhorus6 added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Mar 29, 2024
@nino-filigran
Copy link

@Megafredo or @helene-nguyen could you have a look at this when you have time please?

@nino-filigran nino-filigran removed the needs triage use to identify issue needing triage from Filigran Product team label Apr 2, 2024
@helene-nguyen
Copy link
Member

@nino-filigran, we will check it and give you an update as soon as possible!

@helene-nguyen helene-nguyen self-assigned this Apr 2, 2024
@helene-nguyen
Copy link
Member

@Lhorus6, @nino-filigran, after some investigations, for some points, the connector needs to be reworked to:

  • create all necessary relationships instead of adding it as labels
  • generate a PDF instead of an HTML
  • handle intervals to avoid looping

To fix all bugs, it must be included as a complete feature.

@nino-filigran
Copy link

Thanks @helene-nguyen, good to know, we will keep it mind to prioritze this cc @Jipegien

@Jipegien Jipegien added feature use for describing a new feature to develop and removed bug use for describing something not working as expected labels Apr 17, 2024
@Jipegien Jipegien added this to the Release 6.3.0 milestone Apr 17, 2024
@Jipegien
Copy link
Member

connector improvement scheduled for 6.3. Real bugs encompass into this issue can be solved before that (please create a dedicated github bug issue)

@nino-filigran nino-filigran mentioned this issue Apr 17, 2024
Closed
@nino-filigran
Copy link

nino-filigran commented Apr 17, 2024
edited
Loading

I've created the bug, see above. I've also listed, among @Lhorus6 's requests and your answers @helene-nguyen what can be tackled as a bug. So that we can use this ticket to track the feature. @Jipegien for awarness. Let me know if any of you disagree or have question or anything.

@SamuelHassine SamuelHassine added filigran team use to identify PR from the Filigran team and removed filigran team use to identify PR from the Filigran team labels Apr 20, 2024
@helene-nguyen helene-nguyen removed their assignment May 29, 2024
@nino-filigran nino-filigran self-assigned this May 29, 2024
@richard-julien richard-julien mentioned this issue Jun 18, 2024
Closed
@richard-julien richard-julien changed the title [Flashpoint] Many improvements and problems to solve [Flashpoint] Improve and refactor connector to use new Ignite API Jun 18, 2024
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jul 6, 2024
SamuelHassine added a commit that referenced this issue Jul 6, 2024
@SamuelHassine
[flashpoint] Refactor the connector (#1988)
2402597
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamuelHassine SamuelHassine

Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.2.2
Development

No branches or pull requests
6 participants
@SamuelHassine @Megafredo @Lhorus6 @helene-nguyen @Jipegien @nino-filigran