search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
5.53k stars 852 forks source link

[Filter] Filter on "Observable" meta type #7637

Open Lhorus6 opened 1 month ago

Lhorus6 commented 1 month ago

Use case

We can't filter on "Entity type: Observables" as we used to be able to do. This was useful for:

Current Workaround

It used to be possible to filter on "entity type: Observable", but this is no longer the case. You have to select all observable types (the list is long) to be able to do the same thing now.

Proposed Solution

Reimplement the ability to filter on the "Observable" meta type.

annoyingapt commented 1 month ago

Normally you share indicators via taxii as observables don't have a validity dates and revoke flag.

Lhorus6 commented 1 month ago

If it's what's commonly known as IOCs that you want to share, they are indeed "Indicators". However, it's possible to have use cases where it's the Observables you want to act on/share.