underdarknl
commented
1 year ago I'd say this is a report function, and not an export function. The current crisis-room is an export function, and as such gathers all findings in the whole graph. Report functions on the other hand should and would limit the scope by doing a specific query over the database. This would probably need octopoes V3 to be manageable, and then we could offer 'start points' for the crisis-room from where to start these queries. (eg, for an ip-address, or website, instead of the whole graph).
As a security officer/ product owner I would like to be able to filter the crisis room based on domain name or ip range. So I won't be overwhelmed with information but only see items relevant to me in order to gain insight into my service or domain.