Create relationships via the Playbook Automation Engine

[Jermain-N]

Use case

As a threat analyst, I want to use Playbook automation to automatically create an "originates-from" relationship between any new indicators that come into OpenCTI labelled with "Fancy Bear" or "Primitive Bear" or "Cozy Bear" or "Gossamer Bear" and the country entity "Russia".

Current Workaround

I create an investigation and manually add all indicators with the required label, then I add the required country, then I manually select al of the indicators and the country to make a relationship.

Proposed Solution

I would like Playbook Automations to have a "Relationship Creation" step where I may select the relationships to apply depending on what's in the playbook's STIX bundle. This step would be applied right after a Filter step.

Additional Information

If the feature request is approved, would you be willing to submit a PR?

Yes