OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.35k stars 936 forks source link

Bulk-update indicator detection #7815

Open misje opened 3 months ago

misje commented 3 months ago

Use case

Being able to update the detection state on selected indicators.

Current Workaround

None that I am aware of.

romain-filigran commented 3 months ago

Thank you for your suggestion. We'll be working on this soon. For information, it's possible to update the 'detection' field of indicators in playbook through the "Manipulate knowledge" component. Maybe a workaround

misje commented 3 months ago

Thank you for the suggestion, but as far as I understand, I can't use the playbook to manipulate existing data? It will only trigger on creation, updates and deletions.

romain-filigran commented 3 months ago

Yes, you're right, it will only work on new or updated indicators.