[VirusTotal] Add an option to disable labels

[securitiz]

Use case

Some organization carefully curate which labels are used within the environment, so they are as meaningful as possible. The ability to control which if a connector creates a label or not will help those organizations greatly.

In this case, we are testing the VT enrichment connector.

Current Workaround

Not use the connector, or manually delete the labels by hand each the the VT connector runs

Proposed Solution

A parameter in the connector's docker-compose file that allows admins to decide if they want the labels.

Additional Information

If the feature request is approved, would you be willing to submit a PR?

Yes / No (Help can be provided if you need assistance submitting a PR)

[nor3th]

Hey @securitiz

That's a valid point you have, maybe something I could already work into https://github.com/OpenCTI-Platform/client-python/issues/206 . How as an organization would you like to configure one or multiple connectors to enable/disable/configure to use certain labels? Trying to figure out your requirements of the use case before working on a solution.

Regards

[securitiz]

I didn't imagine we as users would have the ability to enable/disable specific labels. This would be a great feature, but probably very complex to manage, since at any point the data sources (MITRE, VT, Shodan etc) can choose to create a new label, which the OpenCTI admins would have to stay up to date on.

What I was imagining was a parameter in the docker-compose for each connector with a boolean - do you want labels enabled for this connector or no. That way the OpenCTI admin would have the ability to decide on a per-connector basis, if the labels should be imported.

Let me know if that makes sense / if I answered your question