search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
5.15k stars 813 forks source link

Knowledge Relationships Update #6556

Open explorecti opened 3 months ago

explorecti commented 3 months ago

Use case

User navigates to https://opencti:8443/dashboard/arsenal/malwares/d2108fa4-11b6-4bb0-ab09-301bc5bc79d7/knowledge/overview, on the right pane there is no easy pivot to relationships. This relationship page https://opencti:8443/dashboard/arsenal/malwares/d2108fa4-11b6-4bb0-ab09-301bc5bc79d7/knowledge/relations/6d6adab3-6b00-4447-ad6a-497547f19bf5

Current Workaround

Navigating to https://opencti:8443/dashboard/arsenal/malwares/d2108fa4-11b6-4bb0-ab09-301bc5bc79d7 and selecting individual relationships

Proposed Solution

Navigating to https://opencti:8443/dashboard/arsenal/malwares/d2108fa4-11b6-4bb0-ab09-301bc5bc79d7/knowledge/relationships will allow the pivot of the related information.

Additional Information

Overview: malware_overview

Relations: malware_relations

If the feature request is approved, would you be willing to submit a PR?

No

jborozco commented 2 months ago

Hi @explorecti we don't understand your use case, what is missing in the current screen ? You can already pivot from a relationship.

Can you also tell us what pain would it solve for you?

explorecti commented 2 months ago

@jborozco Could there be an addition under Arsenal on the right overview pane? The option would be Relations and would take the user to the second screenshot view(relations).

nino-filigran commented 2 months ago

@explorecti IF I understand your request, I think it's already feasible:

  1. Go to your entity/knowledge and select the view you wish (in my case arsenal)
  2. Switch the list to "relation view", which list all the relation between the entity (instead of list the entities that the entity is linked with)
  3. Click on the specific relation you want to display and you land your screenshot.

I think this is what you describe in your workaround, but I'm not sure. If it's the case, would you mind explaining what you're trying to do instead of explaining the solution? This would help us understand better.

explorecti commented 2 months ago

@nino-filigran It looks to me that there is not a dedicated page for all the relationships to pivot from the overview menu. Essentially there would just be a relationship link under the overview pane in the knowledge screen. That link would take the user to all relationships within that Malware type. This would be an ideal resolution but not sure if the time invested is worth the result. Please let me continue to review before closing this ticket, thank you.

nino-filigran commented 2 months ago

Ok, got it, you're missing a "generic" relation overview that would display directly all the relations for the given entities, instead of browsing on each "view". Indeed, the ROI on this seems limited, however, given that we want to rework this knowledge view, I'll keep this ticket open for now, so that we can have at hand when designing a solution for this screen.

If some work on this topic is done in the meantime, you'll see the milestone being updated, but I don't think this exact topic will be a priority in the course of the next 6 months.

explorecti commented 2 months ago

@nino-filigran Okay thank you for the quick response.