opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Implemented automatic Ioc de-sanitizing before performing searches

Open DreadFog opened this issue 7 months ago • 2 comments

Proposed changes

implemented auto "un-sanitizing" when performing a search in the top bar, pretty much like what can be seen when using VirusTotal's search bar.

That way, a search like "hxxp[:][//]domain[.]tld/admin[@]filigran[.]io" will be automatically converted in the frontend to http://domain.tld/[email protected] This is specifically useful because someimes, searching for sanitized IoCs don't yield the correct indicator in the results

Related issues

  • closes https://github.com/OpenCTI-Platform/opencti/issues/11213

Checklist

  • [x] I consider the submitted work as finished
  • [x] I tested the code for its functionality
  • [ ] I wrote test cases for the relevant uses case (coverage and e2e)
  • [ ] I added/update the relevant documentation (either on github or on notion)
  • [x] Where necessary I refactored code to improve the overall quality

Further comments

Maybe the "auto de-sanitize" functionnality could be activated/deactivated through the user settings, but this is not mandatory.

DreadFog avatar May 28 '25 23:05 DreadFog

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 65.65%. Comparing base (30aef5a) to head (4959d45). Report is 9 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #11157   +/-   ##
=======================================
  Coverage   65.64%   65.65%           
=======================================
  Files         674      674           
  Lines       67264    67273    +9     
  Branches     7437     7441    +4     
=======================================
+ Hits        44155    44167   +12     
+ Misses      23109    23106    -3

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar May 29 '25 10:05 codecov[bot]

Thank you for your proposal @DreadFog, actually several people are interested by this feature so I opened an related issue in case there is some discussions and others examples.

aHenryJard avatar Jun 05 '25 11:06 aHenryJard