TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.43k stars 623 forks source link

Add tag to observable on enrichment #1113

Open torsolaso opened 5 years ago

torsolaso commented 5 years ago

Request Type

Feature Request

Problem Description

it could be great that when you are working with a large numbers of observables you must use analizers's enrichment to tag "kown observables".

For example:

Imagine you have ten IPs and you discover a new domain from first IP. You click on Cortex analyzer report and select the new domain and click on "Import Selection" and "create observable".

Well, come to this point if you analyze second IP and discover the same domain from first IP. You cant import selection because in this point, new domain is just created. But maybe could be a great option to allow "To tag sighted observables" or similar.. especially to known that this second IP is related and user can filter in the menu.

I think this could be an amazing option when in a case one observable is a lot of important and to have filter capabilities with this importing way could be helpfull.

Regards,

veeral-patel commented 5 years ago

@torsolaso Thanks for your issue! I'm not sure I understand though. Basically, you'd like the ability to mark many observables at once as related to another observable?

torsolaso commented 5 years ago

Yes, right this.

https://i.ibb.co/cDqjYnP/git.png