search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.31k stars 932 forks source link

Notify users of finished long running processes via API. #3264

Open AlexSanchezN opened 1 year ago

AlexSanchezN commented 1 year ago

Use case

Scenario: An analyst requests some information using a connector over an entity. This information takes hours or even days to be gathered by a third-party tool we have made a connector for. When the scan report is finished, the third-party tool uploads de report/information to the entity via API or our own connector. We would like to notify the analyst via API, that the information is now available.

Current Workaround

The analyst must check if new info is available by him/herself continually. Must remember what entities he has requested the information about, etc…

Proposed Solution

Create the functionality to ‘send’ Alerts to analysts (users or groups) via API.

If the feature request is approved, would you be willing to submit a PR?

Sorry, not proficient in node, javascript, python… we work in C#

richard-julien commented 1 year ago

Today we have the notification system where you can listen for update on a set of filters. We plan to have notification on dedicated instance and webhook outcome to push the notification to remote system, do you think that will cover your needs?

AlexSanchezN commented 1 year ago

Hi, Richard, thank you for your time. I think webooks work the other way around. That can be useful in other scenarios. I don't understand what you mean by notification on dedicated instance. Could you please, explain or point to any documentation?

The enhancement I think would be useful, is being able to generate a notification to a user via API. So, he/she knows an external event has taken place.

Thanks again