search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.41k stars 946 forks source link

Make clearer which Attack Patterns are revoked #2570

Open securitiz opened 2 years ago

securitiz commented 2 years ago

Use case

Related to #2162

Currently, thanks to the above issue, when creating a relationship between an object and an attack pattern, within the context of the object - it is very clear when the attack pattern has been revoked.

However, when using the global search bar, or adding attack patterns to a Report via the Knowledge Graph, or the Entities section - it is not clear which attack patterns have been revoked.

It would be very helpful to always be able to see when we are viewing/might click on a revoked attack pattern.

Current Workaround

Add an attack pattern to a Report, or select the attack pattern in the global search, then view it individually to see if it has been revoked. If so, remove it, and add the appropriate attack pattern

Proposed Solution

The same as what was done for #2162, but implemented in all search bars (knowledge graph & entity within context of report, global search, and any other I may be missing)

Additional Information

If the feature request is approved, would you be willing to submit a PR?

Yes / No (Help can be provided if you need assistance submitting a PR)

securitiz commented 1 year ago

Following up about why this issue is important, here is an example: There are two Attack Patterns for "Remote Desktop Protocol", one is revoked and the other isn't. A user won't easily know which Attack Pattern to use, and data /relationships will be split between the two