Open c8y3 opened 3 months ago
I absolutely second this FR. I think the Linked Cases column in the IOC table can be data breach material as well and therefore should not be part of any downloadable export
This actually is related to another issue as well: https://github.com/dfir-iris/iris-web/issues/304. I totally agree with this issue
Is your feature request related to a problem? Currently IOCs are shared between different cases. They are are uniquely determined by their type and value (see https://github.com/dfir-iris/iris-web/blob/v2.4.7/source/app/datamgmt/case/case_iocs_db.py#L171). This is problem in different scenarios. For instance:
Also, because of the permssion system (https://docs.dfir-iris.org/latest/operations/access_control/), a user is not necessarily allowed to have accesses to all cases. However, currently he can still indirectly impact the IOCs of cases he does not have access to. This can also lead to potential data-leaks.
Describe the solution you'd like IOCs should be associated to a case. Even if an IOC on a case has the same type and value than the IOC on another case, it should be a different object. When one is modified, the other one is left untouched.
Implementation tips Compare with assets?