Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inferred targeting of sectors or regions are called "Direct targeting" #1831

Closed
8hur opened this issue Jan 19, 2022 · 1 comment
Closed

Inferred targeting of sectors or regions are called "Direct targeting" #1831

8hur opened this issue Jan 19, 2022 · 1 comment
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)

Comments

@8hur
Copy link

8hur commented Jan 19, 2022

Description

When viewing the victimology of a threat, Continents and sectors are labelled as being directly targeted by the threat even though the data in the platform clearly state that a specific country within that region or a specific organisation belonging to the sector has been targeted.

Environment

Demo platform

Reproducible Steps

  1. Navigate to this page (victimology by location of the Chinese strategic threat) https://demo.opencti.io/dashboard/threats/threat_actors/58a92cb7-e22a-4587-8f7b-5026d8a3a961/knowledge/victimology?type=regions&viewMode=list
  2. Observe the interface calling a "Direct targeting of this region" for the Americas.
  3. Unfold the distinct region, Northern America, and observe the interface calling a "Direct targeting of this region" but this time, also signalling a direct targeting of the USA.
  4. Click on the link detailing one of the "Direct targeting of this region" and observe that the link has been made though inference from the targeting of the USA.

Expected Output

  • When the targeting of an entity is in inferred through inferences on the victim side (city part of country part of region for example) , mark it as an indirect targeting of the entity.
  • When the targeting is inferred through inference on the offensive side (direct targeting of a sector through an incident, part of a campaign, attributed to a threat actor for example), keep the marking as a direct targeting of the entity.

Actual Output

Inferred, indirect targetting is marked as direct targeting.

Additional information

As a side note, the region inference might not be the most productive additions when viewing the victimology of a threat. Most threat end up with a world map mostly coloured even when they have a very precise targetting. For example, it would seem counterproductive to colour the whole of America when all data point to the specific targetting of a single Caribbean country.
@SamuelHassine SamuelHassine added this to the Release 5.2.0 milestone Feb 1, 2022
@SamuelHassine SamuelHassine added the feature use for describing a new feature to develop label Feb 1, 2022
@SamuelHassine
Copy link
Member

The victimology screen has been fully rewritten and no longer displays "direct targeting".

@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Sep 29, 2022
@SamuelHassine SamuelHassine removed this from the Release 5.4.0 milestone Sep 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamuelHassine @8hur