Crowdstrike connector is ingesting duplicate reports #3295
Labels
bug
use for describing something not working as expected
filigran support
[optional] use to identify an issue related to feature developed & maintained by Filigran.
needs triage
use to identify issue needing triage from Filigran Product team
Milestone
Comments
nhuber0724
added
bug
nino-filigran
added
the
filigran support
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The Crowdstrike Connector is creating duplicate reports as it seems anytime a report is modified in Crowdstrike, even if there is no substantial modification or for an unknown reason, the connector will ingest that report into the platform; however, that report will be identical to a report already ingested from Crowdstrike.
Environment
OpenCTI v.6.4.7
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
We should not see identical reports from the same source (Crowdstrike)
Actual Output
Crowdstrike is making unknown modifications to reports within and the connector is pulling the report in based on the modification date causing duplicate reports. The reports are exactly the same. Sometimes one report will have labels and another identical report will contain no labels.
Additional information
Screenshots (optional)
The text was updated successfully, but these errors were encountered: