OpenCTI-Platform
Expand Capabilities in Custom Dashboards
Use case
General request for more flexibility and capabilities in the custom dashboard space. In particular, it would be useful to track most common X object showing up in reports in the last Y period of time. Specific useful examples I have in mind:
- Attack Patterns
- Malware
- TA / Intrusion Set
I'm imagining the horizontal line graph, where the values on the x axis are "activity - number of reports", and on the y axis are the most used Attack Patterns, Malwares, or whichever SDO is selected.
It would also be useful to break down the same data by (collection of) sector/country/region. For example, given 3 sectors, what are the most popular Malware we see targeting them? What are the most common TAs we see targeting Europe? Etc...
Current Workaround
n/a, probably a graphql query
Proposed Solution
greater capability / flexibility in the types of data, and the way that data can be represented, in a Custom dashboard
Additional Information
If the feature request is approved, would you be willing to submit a PR?
Yes / No (Help can be provided if you need assistance submitting a PR)
Additional example(s) for ways to display that would be very useful in a Dashboard widget:
- Most popular ASNs / Organizations (ASNs / Organizations that have the greatest number of relationships to IPs
This is a specific example, but flexibility to build widgets like this (possibly with GraphQL as mentioned in #1933) or in other ways would be very useful
We have created some GraphQL queries that collect the above data. Happy to provide, if they can be implemented in the "Custom Dashboad" functionality