Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backend/frontend] Use admiralty scale for reliability and confidence (#2362) #3719

Merged
merged 14 commits into from
Aug 2, 2023
Merged

[backend/frontend] Use admiralty scale for reliability and confidence (#2362) #3719

merged 14 commits into from
Aug 2, 2023

Conversation

SouadHadjiat
Copy link
Member

@SouadHadjiat SouadHadjiat commented Jul 11, 2023
edited

Proposed changes

MVP ready

  • Add reliability open vocabulary (migration)
  • Add reliability field for Report, Individual and System (same as for Organization)
  • Client python PR : [client] add reliability in Report (#opencti/2362) client-python#423
  • Display reliability of author for all entities, for reports we display the report reliability if set
  • Display confidence along with reliability on the left
  • Set default confidence scale to admiralty scale
  • Update tests : since confidence default value is now 0, and 6 vocabulary values have been added (+6 creation events)

Nice to have done

  • Improve confidence level style (to be able to select a confidence level directly)
  • Add confidence templates to be applied in confidence scale configuration
  • Update confidence filter to use the confidence scale for each entity type
  • Add reliability filter for Reports, Organizations, Individuals and Systems
  • TODO : add "reliability of author" filter for all stix domain entities
  • TODO : fix "custom" issue when editing a confidence scale configuration and add a dialog if configuration is not saved

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

@SouadHadjiat SouadHadjiat mentioned this pull request Jul 11, 2023
Merged
5 tasks
@Kedae Kedae added the filigran team use to identify PR from the Filigran team label Jul 17, 2023
@SouadHadjiat SouadHadjiat force-pushed the issue/2362 branch 2 times, most recently from 05e7623 to abaf79c Compare July 19, 2023 08:28
@SouadHadjiat SouadHadjiat marked this pull request as ready for review July 19, 2023 12:25
@SouadHadjiat
Copy link
Member Author

PR status
MVP : ready for review
Nice to have (confidence templates) : still to do, will be added in the PR soon.

RomuDeuxfois
RomuDeuxfois reviewed Jul 21, 2023
View reviewed changes
opencti-platform/opencti-front/src/components/InputSliderField.tsx Outdated Show resolved Hide resolved
opencti-platform/opencti-front/src/components/ItemConfidence.tsx Show resolved Hide resolved
opencti-platform/opencti-front/src/components/ItemOpenVocab.tsx Outdated Show resolved Hide resolved
opencti-platform/opencti-front/src/private/components/analyses/reports/ReportCreation.tsx Show resolved Hide resolved
...ti-platform/opencti-front/src/private/components/entities/individuals/IndividualCreation.tsx Outdated Show resolved Hide resolved
...opencti-front/src/private/components/common/stix_domain_objects/StixDomainObjectOverview.jsx Outdated Show resolved Hide resolved
...platform/opencti-front/src/private/components/entities/organizations/OrganizationDetails.jsx Outdated Show resolved Hide resolved
opencti-platform/opencti-front/src/utils/hooks/useScale.ts Show resolved Hide resolved
@RomuDeuxfois
Copy link
Member

We have two reliability fields in individual entity now (same as System and Organization)
image

In edit confidence attribute (ex: for a report), If I change from custom to standard without update, It's not possible to retrieve my custom template
screen-capture (6).webm

We can't edit the confidence level in some entities (ex: grouping, region, country, ...). The field is not present in form edit.

@marieflorescontact
Copy link
Member

Locally tested, seems all good.

  • Some UX comments:

    • in settings > customization > entity_type, if we modify the reliability of an entity (for example, an individual), we need to remember to click on the Update button to memorize the Selected scale template Custom , except that you have to scroll down to see the Update button.

    • In a report, the reliability of the report is in the same place as the reliability of the author for the entities. it's a bit confusing.

marieflorescontact
marieflorescontact reviewed Jul 26, 2023
View reviewed changes
opencti-platform/opencti-graphql/tests/02-integration/01-database/stix-test.js
if (remainingData.confidence) {
expect(remainingData.confidence).toEqual(15);
if (remainingData.confidence !== undefined) {
// expect(remainingData.confidence).toEqual(15); // can't test the confidence value, could be 15 ou 0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why can't we test confidence value?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe you should remove the test line if it's no longer useful?

SarahBocognano
SarahBocognano reviewed Jul 27, 2023
View reviewed changes
Copy link
Member

@SarahBocognano SarahBocognano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested : ✅
The only question that remains for me is : Isn't that weird that in some entities (like locations ones) we can see a level of confidence in the stix domain object overview established at the lowest level (truth cannot be judged) and it's impossible to update it ?
Like maybe we can change it to "don't have any info" or something like that for entities that have not the possibility to update their confidence level.
I didn't check the stix policy on that, if it's part of it, ignore my question ^^

opencti-platform/opencti-front/src/utils/filters/useSearchEntities.tsx
@@ -990,6 +991,25 @@ const useSearchEntities = ({
);
});
break;
case 'x_opencti_reliability':
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why there's nothing here ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's because it's the same case as the next one, there is no break. (the two cases are the same)

@SouadHadjiat
Copy link
Member Author

Tested : ✅ The only question that remains for me is : Isn't that weird that in some entities (like locations ones) we can see a level of confidence in the stix domain object overview established at the lowest level (truth cannot be judged) and it's impossible to update it ? Like maybe we can change it to "don't have any info" or something like that for entities that have not the possibility to update their confidence level. I didn't check the stix policy on that, if it's part of it, ignore my question ^^

you're right, I'm having a discussion about this display issue with @Jipegien at the moment :)

@SouadHadjiat
Copy link
Member Author

SouadHadjiat commented Jul 27, 2023
edited

PR status

All raised isssues should be fixed now :

  • confidence scale configuration update UX : selector with custom that disapears when selecting a template => Done ✅
  • confidence and reliability display for Systems / individuals / organization => Done ✅
  • Working on adding the filter "Reliability of author" for all stix domain entities (it has been done for Malware only for now) => Done ✅

@SouadHadjiat SouadHadjiat force-pushed the issue/2362 branch 2 times, most recently from 6f17f07 to d27bebf Compare July 28, 2023 15:51
@Archidoit
Copy link
Member

When you put a negative value as confidence scale, the value is accepted and the confidence is unknown:
image
image

@Archidoit
Copy link
Member

Create a reliability vocabulary with a float number (ex: 3,4). When you click on the 'create' button, the vocabulary is created with an integer (3). We should maybe inform the user that the value is not correct instead of modifying the entered value.
image

@SouadHadjiat
Copy link
Member Author

When you put a negative value as confidence scale, the value is accepted and the confidence is unknown: image image

yes all confidence values are accepted, the scale is only used to display the label. When the value is lower than the minimum defined in the scale, we display "none".

@SouadHadjiat
Copy link
Member Author

Create a reliability vocabulary with a float number (ex: 3,4). When you click on the 'create' button, the vocabulary is created with an integer (3). We should maybe inform the user that the value is not correct instead of modifying the entered value. image

I guess this is the case for all vocabularies, not spectifically Reliability ?

@SouadHadjiat SouadHadjiat merged commit b4d1bf4 into master Aug 2, 2023
6 checks passed
@SouadHadjiat SouadHadjiat deleted the issue/2362 branch August 2, 2023 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marieflorescontact marieflorescontact marieflorescontact left review comments

@SarahBocognano SarahBocognano SarahBocognano left review comments

@RomuDeuxfois RomuDeuxfois RomuDeuxfois approved these changes

Assignees
No one assigned
Labels
filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@SouadHadjiat @RomuDeuxfois @marieflorescontact @Archidoit @SarahBocognano @Kedae