OpenCTI-Platform
Bulk Add of Singular Dimension Observables
Proposed changes
- Ability to add via a TT button (like on the Import Text Page) multiple single dimension observables
- On the normal Create Observable form - a TT has been added next to the value field
- Click the TT will launch the Dialog to Add Multiple Single Dimension observables - one per line
- Clicking Continue will update the value field of the form to say "Multiple Values Entered Edit with the TT Button". The field is now disabled and can only be updated via the TT Dialog window
- Clicking Cancel (within the TT Dialog) will clear the TT dialog, clear the normal value dialog, and re-enable the value field.
- Blanking out the TT input field and clicking Continue with an empty Bulk Add form - will just leave the normal value field blank and enabled.
- If TT is used and there is an Associated/Attached File - it is removed.
- If the TT is used, the Associated/Attached File field will become disabled for use.
- A progress bar has been added to this process, since it might be possible a user would insert say 100 records, however on testing with normal amounts (10/20 records) they seemed to add instantaneously.
- Language translations have been added for the various dialog fields added that require translation.
Original Design Pattern
Updated Design Pattern to Implement (Jun/2024)
- TT button has been replaced with a Add Multiple Values button
- Bulk Observable Creation title replaced with Multiple Observable Title
- Direction to Import page provided when attempting to add 50+ records and Continue button disappears
Related issues
- N/A
Checklist
- [X] I consider the submitted work as finished
- [X] I tested the code for its functionality
- [ ] I wrote test cases for the relevant uses case
- [ ] I added/update the relevant documentation (either on github or on notion)
- [X] Where necessary I refactored code to improve the overall quality
Further comments
This has been rebased against "master" from the current time of submission.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
For reviewers: https://www.notion.so/filigran/Observables-Bulk-creation-e7b786e203e6431380ef249b90071972
@aHenryJard - Sorry for the delay on this - made the requested changes, rebased, and please give a review again.
@aHenryJard - Rebased to 6.1.8 from this morning and issues above corrected. Please re-review when you have a sec.
@aHenryJard / @lndrtrbn - This PR is ready again for re-review. There is a coded in 2 second sleep between batching of sets of observables (5 at a time) so the progress bar can be "watched". Believe there was a conversation about having this in there permanently as a User Perceived Performance thing... but it can certainly be removed. I have left it in for testing and an "official" guidance on leave it or remove it.
@lndrtrbn - Build failing in the pipeline currently - seems 6.2.6 PyCTI not fully published... but the changes should all be in this build that have been discussed/negotiated with @Jipegien. I'll maybe re-push later to see if pipeline can find the PyCTI 6.2.6 build - but the code will not be changing with a re-push.
@ParamConstructor thanks! You don't have to bother repush later. I'll integrate the work of this PR directly inside mine (bulk for entities) because it would be lot easier than making a big rebase after.
@lndrtrbn has merged this capability into some larger set of work via this commit to master - https://github.com/OpenCTI-Platform/opencti/commit/74352ef2c5cdec209798fe663991dd9256fab9a4 - this PR will be closed.