Decay settings for Indicators scores

[SamuelHassine]

Use case

• Currently the Indicator’s score in OpenCTI can only change based on manual modification or upserting (or automation) but cannot change over time. Each indicators has a “valid_until” date. If the date is overdue, the Indicator is revoked (automatically with the revokeManager). It is a On/Off model that cannot represent the fact that an Indicator lose its “value” over time.
• Plus, it is not possible to react on particular moment of the score evolution of an Indicator, for example to trigger specific sharing or tagging.

Proposed Solution

Admin can configure a decay formula for indicators matching a filter.
Decay formula are defined by acceleration factor and key reaction points. key reaction points are score values that need to be store in DB for possible reaction triggering (impossible to react on every possible score due to ressource consumption for millions of Indicators).
A nice lifecycle curve allows user to display the lifecycle of an Indicator.

To implement:

• [MVP] Managing Decay Algorithms in the platform
• [MVP] View Details and Configuration of a Decay Algorithm
• [MVP] Enforce specific rights to manage Decay Algorithms
• [MVP] Providing Built-in Decay Algorithm
• [MVP] Applying Decay Algorithms to Indicators
• [MVP] Displaying impact of Decay algorithm on Indicator’s Overview
• [MVP] Creating a custom Decay Algorithm
• [MVP] Editing a custom Decay Algorithm
• [MVP] Deleting a custom Decay Algorithm

[SamuelHassine]

@team: please also read #2774.