Inconsistency when sorting entities by markings after doing a research request

[gkallenborn]

Description

After doing a research request, I wanted to sort the results by markings, but the sorting I got was not consistent with the order of each marking.

Environment

1. OS: SMP Debian 4.19.289-2 (2023-08-08) x86_64 GNU/Linux
2. OpenCTI version: 5.11.14
3. Client: Chrome Version 119.0.6045.160 (Build officiel) (64 bits)
4. Other environment details: -

Reproducible Steps

• Do a research
• Sort by markings

Expected Output

I should have seen my results sorted in this order: TLP:RED - TLP:AMBER+STRICT/TLP:AMBER - TLP:GREEN - TLP-CLEAR

Actual Output

TLP:AMBER+STRICT / TLP:AMBER is at the end, after TLP:CLEAR. Which is not correct.

Screenshots (optional)

[Jipegien]

Not a bug, the sorting is done alphabetically. We need to implement the sorting by marking order. But we will need to take into account situation with multiple type of marking definitions (thus, multiple "orders")

@Kedae what do you think about the technical challenge we may face for a sorting by marking's order?

[gkallenborn]

Ok I understand. Thanks. Maybe you could give orders to each marking system? TLP could have a higher order than PAP. And so, for example, [TLP:RED / PAP:GREEN] would be superior to [TLP:AMBER / PAP:RED]. But that's just an idea.

[Jipegien]

A possibility is to sort based on a string that concatenates marking type, order and definition (ex. TLP01TLP:AMBER). This way, marking defi will be sorted alphabetically on types (no order between type, makes no sense), by order, and if in a type everything has the same order, alphabetically on the definition's value. But it will be misleading and not consistent with the rest of the sorting mechanism in the UI...