[FR] Distinguish IOCs between cases

[c8y3]

Is your feature request related to a problem? Currently IOCs are shared between different cases. They are are uniquely determined by their type and value (see https://github.com/dfir-iris/iris-web/blob/v2.4.7/source/app/datamgmt/case/case_iocs_db.py#L171). This is problem in different scenarios. For instance:

• create a first case
• add a IOC to the case with type identifier 1 and value "some value"
• create a second case
• add a IOC to the case with type identifier 1 and value "some value" and tags "tag1,tag2"
• retrieve the IOC on the second case
• => the value of its tags will be None (because it was not created/updated, because it is the same IOC as the one set on the first case)

Also, because of the permssion system (https://docs.dfir-iris.org/latest/operations/access_control/), a user is not necessarily allowed to have accesses to all cases. However, currently he can still indirectly impact the IOCs of cases he does not have access to. This can also lead to potential data-leaks.

Describe the solution you'd like IOCs should be associated to a case. Even if an IOC on a case has the same type and value than the IOC on another case, it should be a different object. When one is modified, the other one is left untouched.

Implementation tips Compare with assets?

[SecMeyo]

I absolutely second this FR. I think the Linked Cases column in the IOC table can be data breach material as well and therefore should not be part of any downloadable export

[Matthijsy]

This actually is related to another issue as well: https://github.com/dfir-iris/iris-web/issues/304. I totally agree with this issue