Comments (3)
ristowee
commented on June 11, 2024
Hello @richard-julien @SamuelHassine ,
Have you had time to consider if this proposal makes any sense?
We are currently stamping TLP:AMBER to data, which we do not want to stream outside our main system but that does not seem like a long-term solution.
from opencti.
Jipegien
commented on June 11, 2024
Hello @ristowee :)
In OpenCTI, only Marking Definition and Organization sharing can be leverage for data segregation. It allows to keep consistency on this subject by binding it to the RBAC defined in the platform AND to keep data consistency for the majority of data sharing cases.
Thus, in live stream, you cannot limit data access with filters, but with the RBAC associated with the user you defined to be used with the live stream. in your case, you must apply a specific marking definition when an entity is created with the specific author and verify that the user associated with the stream does not have this marking definition. In a nutshell, you need to explicitly tell the context in which an Entity can be shared (Marking).
When respecting this approach, I think of 2 possible improvements:
- Add specific filters for dependencies in the Data sharing/Live Stream configuration, to narrow down related entities that can be shared (but it will have some limitation as it will not apply directly on relationships)
- In Data sharing/Live Stream configuration, have an option to block dependencies resolution (but it will limit the value of the data shared)
from opencti.
Jipegien
commented on June 11, 2024
Hello @ristowee !
Is the following solution work for your use case?
- create a marking definition "AuthorXmarking"
- create a playbook adding this marking whenever an Object has the author="AuthorX"
- create a stream with any filter you want
- associate to the stream a user without the marking "AuthorXmarking"
The result should be a stream that does not contain any object or relation with the Author=AuthorX
This work around allows to keep the segregation concern at user side, and not at filter side. Your last proposition of adding a no_dependencies flag in the the data sharing/octi live stream does not keep the segregation concern at user side unfortunetly.
from opencti.
Related Issues (20)
- Be able to restrict creation of relationships (data modeling / capitalization policy)
- Be able to use OR operator in playbook filters
- Be able to compare the result of 2 branches in playbook and act on "similar / not simular" outputs
- Be able to force the indexation of a file individually even if out of policy (> 10MB for instance)
- When using full text search in indexed file, when clicking, go to the content within a reader and highlight the search
- Like we have everywhere in the toolbar "Add to container", for any list, be able to start an investigation
- When full text search does not show results, propose a tip to use name contains or description contains filter with a quick click
- Implement confirmation dialog to remove a label from an entity
- When adding an entity in containers or in investigation, add a tooltip on the "name / representative column"
- Enhance knowledge right bar for malware to malware relationships HOT 1
- In playbook when deleting a node, avoid to delete the full branch and re-attach to the previous one
- Be able to change connector configuration from the OpenCTI UI
- Effect of drawer is not correct in Update dropdown on "latest relationships" widget in the overview of entities
- [Export] Exporting a container too large fail HOT 1
- Infer usage of parent techniques
- TOP 10 targets broken for some restricted elements
- Platform cant get the lock for initialization
- Generating an Indicator from an URL Observable adds the URL clickable in the description
- intent / opportunity matrix view
- Issue with public dashboard name and case sensitivity
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opencti.