opencti icon indicating copy to clipboard operation
opencti copied to clipboard
verified publisher icon OpenCTI-Platform

Be able to implement whitelist / clearlist / internal lists / monitoring lists and act on it

Open SamuelHassine opened this issue 1 year ago • 1 comments

Use case

Be able to implement whitelist / clearlist / internal lists / monitoring lists and act on it

For instance:

  • List of the domain names of the company
  • List of the public IP ranges of the company
  • List of legitimate things
  • List of brands
  • etc.

Then act on it, a few example:

  • Prevent creation of an indicator based on an observable part of a list (avoiding putting "filigran.io" in detection)
  • Configure triggers to be alerted when context is added to an observable belonging to this list (ie. email with @filigran.io mentioned on the dark web or in a report).

SamuelHassine avatar Jun 09 '24 10:06 SamuelHassine

Please note that 'whitelist' word should be avoided when possible to use more functionnal terms like 'acceptlist' or 'allowedlist'.

aHenryJard avatar Aug 07 '24 07:08 aHenryJard