search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.33k stars 932 forks source link

[Workbench] Can't create "related to" relationships and therefore relation with Observables #7908

Open Lhorus6 opened 2 months ago

Lhorus6 commented 2 months ago

Description

We are currently stuck on fully modeling Incidents because it is impossible to make relationships between an Incident and an Observable.

These relationships are of the "related to" type but the workbench does not allow to make this type of relationship.

Impact : impacts future detection engineering and research efforts

Environment

OCTI 6.2.10

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a workbench
  2. Create an Incident
  3. Try to create a relationship between your Incident and an Observables -> You can't create "related to" relation, so you can't create relation with an Observables

Screenshot 2024-08-01 094724

nino-filigran commented 2 months ago

all the relations in workbench do not exist: we'll update this one, but that exactly the reason why we would like to have drafts instead of workbenches. We'll be able to leverage all possible relations directly within drafts. Given the related to relation is not present for any entity, we'll add it only for incident, to limit dev effort for now.

Lhorus6 commented 2 months ago

Perfect, thanks