opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Add option to import Indicator(s) for SCOs attached to container (and vice verca)

Open MaxwellDPS opened this issue 2 years ago • 4 comments

Use case

Add option to import Indicator(s) for SCOs attached to container. This allows to quickly add the corresponding Indicator(s) to an Infra SDO, Intrusion Set SDO, Report SDO etc

Current Workaround

PITA Stix bundle generation at scale

Proposed Solution

Add a option to the multi-select to attach indicator/SCO. This would be great as a checkbox on the generate indicator button

Additional Information

N/A

If the feature request is approved, would you be willing to submit a PR?

Yes

MaxwellDPS avatar Aug 02 '23 23:08 MaxwellDPS

Not sure to understand. Your use case is ti be able to select multiple SCOs contained in a report (for example from the Observables tab) and to have a an option in the bottom toolbar to create relationship between them and Indicators existing in the platform?

Jipegien avatar Aug 04 '23 14:08 Jipegien

Yes, so if you have a report with only the SCO's attached (ie only SROs for the SCOs) but you have the SDO(Indicators) making a quick attach option is the idea

MaxwellDPS avatar Aug 04 '23 23:08 MaxwellDPS

@MaxwellDPS Is this need covered by the Inference rule "INDICATORS PROPAGATION IN REPORTS", automatically adding indicators in the reports if they are based on already contained Observables?

Jipegien avatar Feb 29 '24 08:02 Jipegien

In theory yes, but It seems this isnt happening, do the scos have to be made in the report?

MaxwellDPS avatar Feb 29 '24 20:02 MaxwellDPS

We will try to cover it within this task, that should land for 6.2 : https://github.com/OpenCTI-Platform/opencti/issues/6171

Jipegien avatar Apr 19 '24 07:04 Jipegien