Jipegien
commented
1 year ago we need to talk about this correlation feature
Open SamuelHassine opened 1 year ago
Jipegien
commented
1 year ago we need to talk about this correlation feature
Use case
In this kind of view: https://demo.opencti.io/dashboard/threats/intrusion_sets/814c16ac-f0a0-4c61-ae12-57a2a5c0f74f/analysis?sortBy=created&orderAsc=false&searchTerm=&filters=%7B%7D&viewAs=knowledge&redirectionMode=overview.
For instance: Intrusion Set => Analysis => Button "graph".
The behaviour of this view is to take all the containers => all the entities in containers => display a big graph with everything.
Most of the time, this view does not display or is very slow. We need to restrict the scope of the types of entity displayed by default :
Taking all containers => all entities in types ["Malware", "Tool", "Attack-Pattern", "Narrative", "Channel"] => display a big graph with everything.
The "default filter" for entity types should be available in the top, and can be change by the user if he would like to include observables or indicators for instance.