Skip to content

[backend] Upsert indicator: skip decay computation if no score change (#15476)#15525

Merged
lndrtrbn merged 1 commit into
masterfrom
issue/15476
Apr 20, 2026
Merged

[backend] Upsert indicator: skip decay computation if no score change (#15476)#15525
lndrtrbn merged 1 commit into
masterfrom
issue/15476

Conversation

@lndrtrbn

@lndrtrbn lndrtrbn commented Apr 16, 2026

Copy link
Copy Markdown
Member

Proposed changes

  • During Indicator upsert, do not re-compute decay properties if no score changes

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case (coverage and e2e)
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

When a Playbook sends a bundle that contains decayed Indicators, the function addIndicator is called with as input an object with for value of x_opencti_score the current decayed score of the indicator. This decayed score is used to compute the valid_until date but the computation awaits the base score, not a decayed one, so the result date is invalid.

This behavior cannot be resolved directly in the addIndicator function as we have no idea at this point if it is a creation or an upsert. So the fix is done directly in the upsert codebase, there are already some specific conditions to skip decay computation on upsert, the fix adds a new one when the live score does not changed.

@lndrtrbn lndrtrbn self-assigned this Apr 16, 2026
@lndrtrbn lndrtrbn added the filigran team Item from the Filigran team. label Apr 16, 2026
@codecov

codecov Bot commented Apr 16, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 33.53%. Comparing base (c622aab) to head (e98682d).
⚠️ Report is 19 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #15525   +/-   ##
=======================================
  Coverage   33.52%   33.53%           
=======================================
  Files        3167     3167           
  Lines      214711   214732   +21     
  Branches    39437    39438    +1     
=======================================
+ Hits        71990    72011   +21     
  Misses     142721   142721
Flag Coverage Δ
opencti-client-python 45.60% <ø> (ø)
opencti-front 2.94% <ø> (ø)
opencti-graphql 69.81% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@lndrtrbn lndrtrbn marked this pull request as ready for review April 16, 2026 10:08
@lndrtrbn lndrtrbn merged commit 4df03c8 into master Apr 20, 2026
46 checks passed
@lndrtrbn lndrtrbn deleted the issue/15476 branch April 20, 2026 08:01
@ericWadeFord ericWadeFord mentioned this pull request Jun 3, 2026
Closed
@ValentinBouzinFiligran ValentinBouzinFiligran mentioned this pull request Jun 4, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ValentinBouzinFiligran ValentinBouzinFiligran ValentinBouzinFiligran approved these changes

Assignees

@lndrtrbn lndrtrbn

Labels

filigran team Item from the Filigran team.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Playbook action overrides decay exclusion rule

2 participants

@lndrtrbn @ValentinBouzinFiligran