"Related-To" STIXRelationObjects (SROs) are not listed within the "Indicators" Tab for SDOs (Malware, Campaign, etc.)

[gbikram]

Description

SROs of type related-to are not listed within the Indicators listing for certain SDOs such as Malware and Campaign Objects. The relationship is successfully created, however, the API query executed by the UI fails to retrieve relations of type related-to.

Environment

1. OS (where OpenCTI server runs): Docker Instance
2. OpenCTI version: 5.5.4
3. OpenCTI client: Frontend

Reproducible Steps

1. Create a new Malware/Campaign.
2. Create a new STIX Indicator such as a Domain-Name
3. Go to the Malware/Campaign Overview page.
4. Click on the Indicators tab for the Malware/Campaign.
5. Create a new relation between the Malware/Campaign with the Relationship type set to related-to.
6. A new relation will appear on the webpage. However, upon refreshing, the relationship object is not listed.
7. Returning to the Malware/Campaign Overview page, it shows the relationship under Latest Created Relationships.

Expected Output

The related-to relationship should be listed when the Indicators tab is reloaded.

Actual Output

Upon refreshing the indicators tab for an SDO, the relationship object of type related-to is not listed.

Workaround

Need to use an indicates Relationship instead of related-to.

Screenshots (optional)

[SamuelHassine]

Putting this as a feature but definitely possible to take into account "any" relationship type in the "Indicators" tab.

Kind regards, Samuel

[Jipegien]

2 courses of action for the selection of relationships type in Knowledge views.

• we consider that views are dedicated to something, and we limit the relationships type here to particular SROs. Related-to is only in the Related Entities view. Limit : some views may have no particular SRO to propose in some cases (2 "incompatible" SDOs)
• we add the by default "related-to" relationship to every views. "Related entities" views is then probably useless. Limit : the views are less "meaningfull"