search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
5.21k stars 821 forks source link

Be able to filter for reports with no geographical victimology #6939

Open dominictory opened 2 months ago

dominictory commented 2 months ago

Use case

We want to be able to filter for reports with no geographical victimology, i.e. no country/region entity present in the report. This is so we can identify potentially indiscriminate attack campaigns and use this query to create alerts and automations.

Current Workaround

N/A

Proposed Solution

Allow to filter for reports when there are no country or region entities present in the report.

Additional Information

I couldn't figure out a way to do this currently, but if there is a way please let me know :)

nino-filigran commented 1 month ago

@dominictory If you go to report an filter on contains, use the operator "not equal" and select the regions or the countries, would it work for you?

dominictory commented 1 month ago

@dominictory If you go to report an filter on contains, use the operator "not equal" and select the regions or the countries, would it work for you?

Technically yes, although it would take a little while to select all. I saw another feature request to save filters, which would make this a more viable option when filtering Reports as well.