Bug: Conflicting TLP Tags are Asserted after Entiy Extraction

Question

Bug: Conflicting TLP Tags are Asserted after Entiy Extraction

packet-rat opened this issue 5 months ago · comments

Actual behavior

After performing Entity Extraction, two conflicting tags are asserted on the Event.

Expected behavior

(1) Only the most restrictive TLP assertion would be made (i.e. tagged)
(2) In this the "green" TLP Amber" tags seems incongruous.

Steps to reproduce

(1) Import STIX Package
(2) Manually add Event Report. Copy and paste content.
(3) Apply Entity Extraction on Narrative
(4) Refresh Event
(5) Two TLP:Amber Assertions are made (One Green, One Amber]

Note that I separately reported this issue in 9648

Version

2.4.191

Operating System

Ubuntu

Operating System version

20.0.4

PHP version

7.4.33

Browser

Any Browser

Browser version

No response

Relevant log output

No response

Extra attachments

Code of Conduct

I agree to follow this project's Code of Conduct

UFOSmuggler · Answer 1 · Fri May 03 2024 09:25:30 GMT+0800 (China Standard Time)

This may not be the issue, but try flattening custom tags into taxonomies, by clicking the bottom button here:

also, can you please show the json output for the tags of that event? just append .json to the url

Andras Iklody · Answer 2 · Fri May 03 2024 13:29:54 GMT+0800 (China Standard Time)

Indeed, the entity extraction is pretty dumb in this regard, it will simply just extract what it can find without any regard for compatibility. Whilst fixing this wholesale would be a PITA (most taxonomies aren't nearly as cleanly hierarchical as TLP), we could hard-code the rules for TLP and PAP at least.