Content mapping mode: A few usability improvements

[gusandrews]

Use case

Content mapping mode is a very exciting feature for this threat intelligence analyst! I love that when I tag entities, it highlights them elsewhere in the report, and I can see them right away in graph view! The user is delighted!

However, the interface has a few buggy usability aspects that could use some improvement:

1. how it relates to importing files
2. visual cues about how to access "edition mode"
3. interface differences between "description" and "content" fields
4. size of the "description" and "content" fields

Here are a few user stories:

As a threat intelligence analyst working with PDFs from other organizations I want OpenCTI to automatically copy the text content of the PDF into the "content mapping view" fields Or let me highlight and tag entities in the original PDF text So I do not have to take extra time to copy them over manually when I need to tag a file.

As an OpenCTI user with limitations (visual, physical, cognitive, or simply a new user unfamiliar with a complicated interface) I want the content mapping view to have more large clickable areas So I do not have to hunt around and get frustrated when I can't figure out how to edit tags in the text.

As an OpenCTI user working on a computer with a small screen while I travel I want the description field to go away And the content field to be resizeable So I can have the extra space from the redundant editing toolbar, and the ability to see more of my content at once while I add entities.

Current Workaround

Currently I have to copy all the text in a report and put it into content mapping view to be able to tag it. As an inexperienced OpenCTI user, I had a hard time figuring out that the pencil icon was what I needed to click to add that text—not the "write" tab, not the fields themselves. The "description" field did not appear to be an editable field because unlike the "content" field, it did not have a border around it. I am also not really clear on why I need a description field, particularly given that both fields can have entities added to them; I'd rather have that space back, rather than having to resize "description" to just one line so I can see the "content" field more easily. I only just realized, after dozens of times looking at this interface, that there is a square "resize" button for the content field (and it turns it into a modal that pops up over everything else, which is not what I want); it is confusing that there are two different ways to resize these different fields.

Proposed Solution

Importing text more easily Either make it possible to tag in the view of the PDF file, or automatically import the PDF's text into the content mapping view.

Improving navigation of content mapping view

• "Edition mode" is an awkward phrase and not correct in English. The more usable way of phrasing this (emphasizing user action) would be "Edit tags."
• The pencil is small and hard for new users to find, and hard for users with visual or physical disabilities to target on. Make it possible to edit the "description" and "content" fields by just clicking on them.
• If it is not possible to make the description and content fields clickable, the "Write" and "Preview" tabs could make a more obvious toggle than the pencil. They look like they should be clickable choices to turn editing on or off, but they only serve as a visual indicator of the toggle. If they are not used as a toggle, consider removing them and using another visual indicator to show what mode the page is in.
• It is confusing that there is a border around the "content" field, but not the "description" field; it makes it look like there is no field there to edit.
• Likewise, it is confusing that there are two different ways to resize these fields.
• So, either the interface should be standardized for the previous two issues, or—and I think this is a better idea if there is no urgent user need for a "description" field—only offer one content field on this page for both description and content.

Additional Information

1. Mac OS 14.3
2. OpenCTI version: 5.11.12
3. OpenCTI client: frontend
4. Other environment details: Chrome browser

If the feature request is approved, would you be willing to submit a PR?

Not if it requires me to submit code, sorry I do not have the skills. But I want to emphasize again that I think you and your UX/product teams are doing a great job!

[nino-filigran]

Thanks @gusandrews for your feedback. We do plan to rework this feature (as we calling internally mapping untrsutrcutred content), and we will defintively take your feedback into account when building this. cc @Jipegien