Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add filter "pattern" for Indicator in Stored Filters (Data sharing, etc.) with the operator starts with #5844

Closed
sheetlaand opened this issue Feb 7, 2024 · 2 comments · Fixed by #7057 or #7098
Closed

Add filter "pattern" for Indicator in Stored Filters (Data sharing, etc.) with the operator starts with #5844

sheetlaand opened this issue Feb 7, 2024 · 2 comments · Fixed by #7057 or #7098
Assignees
@Goumies @Archidoit @Jipegien @labo-flg
Labels
feature use for describing a new feature to develop filters & search Linked to search results and filtering engine solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.1.11

Comments

@sheetlaand
Copy link

Description

It's currently not possible to retrieve only a specific type of hash, i.e. SHA-256, using the Data Sharing > TAXII collections section. However, it is possible to obtain a consistent result, in the Observations > Indicators section, by using the "indicator pattern" filter, the "starts with" comparison field and the value "[file:hashes.'SHA-256'"

Environment

  1. OS: SaaS
  2. OpenCTI version: 5.12.29
  3. OpenCTI client: frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

  1. Click Observations
  2. Click Indicators
  3. Click on drop-down "Add filter" menu
  4. Click on "Indicator pattern"
  5. Select "starts with" in the drop-down menu
  6. Write "[file:hashes.'SHA-256'" (without double quotes) in the field

Additional information

To easily resolve this constraint, simply add the "Indicator pattern" filter to the list of filters taken into account in the "Data Sharing" section.
@sheetlaand sheetlaand added needs triage use to identify issue needing triage from Filigran Product team question Further information is requested labels Feb 7, 2024
@Jipegien Jipegien changed the title Share specific type of hash using Data Sharing section Ability to create stream/collection for data sharing filtered on Indicators containing a particular hash type Feb 7, 2024
@Jipegien Jipegien added feature use for describing a new feature to develop and removed question Further information is requested labels Feb 7, 2024
@Jipegien Jipegien changed the title Ability to create stream/collection for data sharing filtered on Indicators containing a particular hash type Add filter "pattern" for Indicator in Stored Filters (Data sharing, etc.) with the operator starts with Feb 7, 2024
@Jipegien
Copy link
Member

Jipegien commented Feb 7, 2024

The addition of this filters will not entirely solve the root problem, as an indicator pattern can be composed of multiple elements, with the requested hash type not in the first part.

@Jipegien Jipegien removed the needs triage use to identify issue needing triage from Filigran Product team label Feb 7, 2024
@Jipegien Jipegien added this to the Short-term candidates milestone Feb 7, 2024
@Archidoit Archidoit added the filters & search Linked to search results and filtering engine label Feb 7, 2024
@nino-filigran nino-filigran modified the milestones: Short-term candidates, Release 6.1.0 Mar 1, 2024
@Jipegien Jipegien assigned Archidoit and Jipegien and unassigned Archidoit Mar 10, 2024
@Jipegien Jipegien modified the milestones: Release 6.1.0, Release 6.2.0 Mar 26, 2024
@SamuelHassine SamuelHassine added filigran team use to identify PR from the Filigran team and removed filigran team use to identify PR from the Filigran team labels Apr 20, 2024
@Goumies Goumies self-assigned this May 6, 2024
@labo-flg labo-flg self-assigned this May 6, 2024
@Archidoit Archidoit self-assigned this May 16, 2024
Goumies added a commit that referenced this issue May 17, 2024
@Goumies
[frontend] Fetch available filter keys for Taxii collections (#5844)
4c32d5e
Goumies added a commit that referenced this issue May 21, 2024
@Goumies
[frontend] Fetch available filter keys for Taxii collections (#5844)
3ffa34b
Goumies added a commit that referenced this issue May 21, 2024
@Goumies
[frontend] Test useBuildFilterKeysMapFromEntityType custom hook (#5844)
161f5ef
Goumies added a commit that referenced this issue May 21, 2024
@Goumies
[frontend] Test useBuildFilterKeysMapFromEntityType custom hook (#5844)
ea5e2ab
Goumies added a commit that referenced this issue May 21, 2024
@Goumies
[frontend] Test useBuildFilterKeysMapFromEntityType custom hook (#5844)
d5e5cf5
Goumies added a commit that referenced this issue May 21, 2024
@Goumies
[backend] Test filter keys schema resolution (#5844)
9ef1790
@Goumies Goumies mentioned this issue May 21, 2024
Merged
5 tasks
Goumies added a commit that referenced this issue May 22, 2024
@Goumies
[frontend] Fetch available filter keys for Taxii collections (#5844)
d33a600
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[front
4ed50ba 
end] Lint (#5844)
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Improve Creation user experience (#5844)
f4ab5ec
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Lint (#5844)
2193917
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Improve Edition user experience (#5844)
17ff995
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Lint (#5844)
74831ad
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Update Filter helpers types imports (#5844)
686d31f
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Refactor (#5844)
617b994
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Restrict filters to entity types (#5844)
7060d65
Goumies added a commit that referenced this issue Jun 4, 2024
@Goumies
[frontend] Remove unnecessary types (#5844)
99f4fd6
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Remove unnecessary types (#5844)
450826e
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Remove unnecessary type (#5844)
01f6c52
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Fetch available filter keys for CSV feeds (#5844)
4b3b19a
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Fix template (#5844)
d46c734
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Fix template (#5844)
f25833d
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Fetch available filter keys for CSV feeds (#5844)
0ed236f
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[backend] Test filter key schema for Indicators (#5844)
554a958
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[front
44558e9 
end] Lint (#5844)
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Improve Creation user experience (#5844)
aece39f
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Lint (#5844)
ba8f808
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Improve Edition user experience (#5844)
604219c
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Lint (#5844)
25a025b
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Update Filter helpers types imports (#5844)
93ebd67
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Refactor (#5844)
03c2427
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Restrict filters to entity types (#5844)
78bf433
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Remove unnecessary types (#5844)
3764da5
Goumies added a commit that referenced this issue Jun 7, 2024
@Goumies
[frontend] Remove unnecessary type (#5844)
a846014
@Goumies Goumies added the solved use to identify issue that has been solved (must be linked to the solving PR) label Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Goumies Goumies

@Archidoit Archidoit

@Jipegien Jipegien

@labo-flg labo-flg

Labels
feature use for describing a new feature to develop filters & search Linked to search results and filtering engine solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.1.11
8 participants
@SamuelHassine @Goumies @Kedae @Archidoit @sheetlaand @Jipegien @labo-flg @nino-filigran