search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
6.46k stars 949 forks source link

Wrong name field on relationship overview in knowledge graph #8766

Open Lhorus6 opened 1 month ago

Lhorus6 commented 1 month ago

Description

When I look in a relationship in a Knowledge Graph, the field names are not the right ones. The dates on the relationships are "start/stop time" but in the visual of a knowledge graph we have "first/last seen" which are dates on certain types of entities (e.g. Incident).

This is confusing

image

image

Environment

OCTI 6.3.6

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Create a report
  2. Add an IPv4 and a Domain Name
  3. Create a relationship between them
  4. Look at the date field's name in the overview in the graph
  5. Go on the relationship and look at the date field's name

Expected

"Start/stop time" in the overview in the knowledge graph

romain-filigran commented 4 weeks ago

In fact, we have three different terminologies to represent the same thing (first observation, start time, first seen). I suppose this is because the term ‘start time’ isn't always easy to understand, but we should align to a common terminology. Our recommendation is to use STIX (start time) everywhere.

@SamuelHassine : Do you agree with using ‘start time’ and ‘stop time’ everywhere in a relationship?

Capture d'écran 2024-10-25 091702 Capture d'écran 2024-10-25 091759 Capture d'écran 2024-10-25 091844

labo-flg commented 3 weeks ago

this seems a good idea to keep a STIX-first approach indeed @SamuelHassine: is @romain-filigran 's suggestion ok for you ?