Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Observables export #362

Closed
Fred-certeu opened this issue Dec 6, 2019 · 5 comments
Closed

Observables export #362

Fred-certeu opened this issue Dec 6, 2019 · 5 comments
Assignees
@SamuelHassine
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 3.3.0

Comments

@Fred-certeu
Copy link

Fred-certeu commented Dec 6, 2019
edited

Please replace every line in curly brackets { like this } with appropriate answers, and remove this line.

Problem to Solve

It is currently unclear how a user can export observables

Current Workaround

{ Please describe how you currently solve or work around this problem, given OpenCTI's limitation. }

Proposed Solution

It should be possible to export sets of observables:

  • user initiated export (via the GUI)
  • scheduled export (e.g. every day at hh:mm, every week, etc)
  • external application initiated export (API ?)

Export format : to be discussed (STIX JSON, CSV, etc)

It should be possible to select fields to be included in the export files:

  • type
  • value
  • score
  • confidence level
  • expiration date
  • creator
  • TLP
  • associated threat name(s)

It should be possible to combine (and/or) different filters to generate the export sets:

  • creation date (before, after)
  • expiration date (expired or not)
  • TLP (WHITE / GREEN / AMBER / RED)
  • associated report
  • related threats (e.g. all observables associated to threat actor A, or intrusion set B, or malware C, etc)
  • creator
  • score (e.g. score > 50, ...)
  • confidence

-## Additional Information

{ Any additional information, including logs or screenshots if you have any. }
@SamuelHassine SamuelHassine added the feature use for describing a new feature to develop label Dec 6, 2019
@SamuelHassine SamuelHassine added this to the Release 2.1.2 milestone Dec 9, 2019
@SamuelHassine SamuelHassine self-assigned this Dec 9, 2019
@SamuelHassine
Copy link
Member

SamuelHassine commented Dec 22, 2019
edited

Linked to #391

@SamuelHassine
Copy link
Member

Observables export will be implemented in the Release 2.1.4, but basic indicators exports has been implemented in the Release 2.1.3.

@Fred-certeu
Copy link
Author

Merci, Samuel
We will test this feature.
In 2.1.4, will you implement the different filters that I've suggested?
Also, will there be user initiated + scheduled job + external app initiated ?
In the latest case, typically, we want to be able to have our customer portal offering daily packages of observables - created with specific filters.

@SamuelHassine
Copy link
Member

@Fred-certeu, it will be implemented in 2.1.3 for Indicators (with the filters) and in 2.1.4 for Observables.

@I-Iugo
Copy link

I-Iugo commented Mar 19, 2020

@SamuelHassine Is the export of observables foreseen in 3.1.0? At first we could export them like the other menus without necessarily having a filter.

SamuelHassine pushed a commit that referenced this issue May 25, 2020
[api/frontend] Introduce STIX observable export (#362)
ad09e4c
SamuelHassine pushed a commit that referenced this issue May 25, 2020
[api/frontend] Introduce STIX observable export (#362)
782e549
@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label May 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SamuelHassine SamuelHassine

Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 3.3.0
Development

No branches or pull requests
3 participants
@SamuelHassine @I-Iugo @Fred-certeu