opencti-platform / opencti Goto Github PK

Problem to Solve

Add the possibility to undo/redo things in the knowledge graph of a report.

Current Workaround

None.

Proposed Solution

Add the feature (or find a new library and refactor).

Additional Information

None.

Problem to Solve

Delete the check of the authentication everywhere in the API.

Current Workaround

None.

Proposed Solution

Add a @auth directive directly in the GraphQL schema.

Additional Information

None.

Problem to Solve

Reports are currently the only way to link knowledge entities between them. The management of the reports should be the implementation of basic features such as creation / edition / deletion.

Current Workaround

None.

Proposed Solution

Create the views and the GraphQL methods to manage reports.

Additional Information

None.

Problem to Solve

All entities can have multiple aliases. It would be interesting to be able to add a source reference for aliases (ie. vendors).

Also, some aliases are private. It would be great if it's possible to add a marking on aliases, so private aliases will not be leaked in export.

Current Workaround

None.

Proposed Solution

Update the schema to be able to add relationship between an entity (organization / marking) and an attribute (alias).

Open to other solutions.

Additional Information

None.

Problem to Solve

The current JAVA loader used since the beginning directly take JSON STIX2 file to Grakn database. The loader must use the API.

Current Workaround

None.

Proposed Solution

Full refactor of the loader to use the GraphQL API to create entities.

Additional Information

None.

Description

The list view is stuck on dummy if the number of entities to display is equal to the first offset.

Environment

1. Ubuntu 18.04
2. OpenCTI version: pre-release
3. OpenCTI client: frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Create 25 entities
2. Go on view list

Expected Output

The dummy view is replaced by actual entities.

Actual Output

The dummy view remains.

Additional information

None.

Problem to Solve

Implement the courses of action management.

Current Workaround

None.

Proposed Solution

Implement courses of action view.

Additional Information

None.

Problem to Solve

Add an error handling for disconnected users and more globally for CRUD.

Current Workaround

None.

Proposed Solution

Implement all the errors management.

Additional Information

None.

Problem to Solve

OpenCTI needs a website to present the product and explain the goal of the platform.

Current Workaround

None.

Proposed Solution

Create the website and write a first blog article about OpenCTI.

Additional Information

None.

Problem to Solve

Based on the work on reports, all the entities provided by OpenCTI must be implemented both on the GraphQL API and on the user interface.

Current Workaround

None.

Proposed Solution

Create all the views and all the methods to manage entities.

Additional Information

None.

Problem to Solve

To explain technical choices behind OpenCTI, we have to write an article about why we choose Grakn as the main database backend.

Current Workaround

None.

Proposed Solution

Clean the Luatix blog and write the article.

Additional Information

None.

Problem to Solve

Implement the observable enrichment schema and capabilities through connectors.

Current Workaround

None.

Proposed Solution

Create the schema and the associated views. Link with connectors.

Additional Information

None.

Problem to Solve

The goal is to be able to create groups who have access to specific marking definitions and prevent the other to access these marking definitions.

Current Workaround

None.

Proposed Solution

Implement a grakn rule to infer permissions and check the permission for each query.

Additional Information

None.

Problem to Solve

It could be very interesting to be able to add aliases to an entity directly during the creation in the report knowledge view.

Current Workaround

Create the entity, go to the edition page and modify alias.

Proposed Solution

Implement an alias field in the form and adjust the API.

Additional Information

None.

Problem to Solve

Add the possibility to attach files to a report.

Current Workaround

None.

Proposed Solution

Add the possibility to upload files and attach them to a report.

Additional Information

None.

Problem to Solve

The users have to be able to logout.

Current Workaround

None.

Proposed Solution

Implement the logout feature by clearing the cookie and the associated data.

Additional Information

None.

Problem to Solve

For testing purposes, having a basic observables management in the platform might be necessary for demonstrate the final goals of the platform.

Current Workaround

None.

Proposed Solution

Implement Observables in the Grakn schema, implement the GraphQL methods and the frontend associated views.

Additional Information

None.

Problem to Solve

The 3.0 version of Relay has been released. Migrate the frontend and solve problems if any.

Current Workaround

None.

Proposed Solution

Migrate to Relay 3.0

Additional Information

None.

Problem to Solve

The marking definition is not displayed in entities and relations.

Current Workaround

None.

Proposed Solution

Find a position to display the marking definition on entities and relations.

Additional Information

None.

Problem to Solve

Change the knowledge overview with statistics instead of graphs.

Current Workaround

None.

Proposed Solution

Implement a specific page for each entity types to display an overview of the current knowledge.

Additional Information

None.

Problem to Solve

Add README, docker install and publish on Github.

Current Workaround

None.

Proposed Solution

Create the Github repository, the README and the Docker compose configuration.

Additional Information

None.

Problem to Solve

Grakn schema changes have to be handled by a migrations system to allow future releases with schema modifications.

Current Workaround

None.

Proposed Solution

• Implement migrations for Grakn schema

Additional Information

None.

Problem to Solve

Report knowledge creation must be available in order to create relations between entities and modeling the knowledge of the report.

Current Workaround

None.

Proposed Solution

Create the knowledge graph and all the features such as adding new entities, create and manage relations, move the node and edges.

Additional Information

None.

Problem to Solve

The current TextField component trigger the onBlur even if the content has not been changed, so an API call is launched.

Current Workaround

None.

Proposed Solution

Enhance the TextField with an "initial state" to be able to check if the content have been modified before triggering the API call.

Additional Information

None.

Problem to Solve

Imtegration tests must be provided before the first release to ensure a correct tests coverage of basic features of the GraphQL API.

Current Workaround

None.

Proposed Solution

Implement the integration tests framework and create the first tests.

Additional Information

None.

Problem to Solve

When clicking on the "Information" icon of an entity, open a right panel with the basic information of the entity instead of redirect to the entity page.

Current Workaround

None.

Proposed Solution

Implement the "entity" overview in a right panel.

Additional Information

None.

Problem to Solve

The individual view of each entity must subscribe to change from the API and be updated without any refresh.

Current Workaround

None.

Proposed Solution

Implement subscription on all "read" view (not list).

Additional Information

None.

Problem to Solve

Be able to organize the report knowledge graph in one click and avoid the "stack" of all entities when adding new ones.

Current Workaround

None.

Proposed Solution

Implement graph organization algorithms on the report knowledge view.

Additional Information

None.

Problem to Solve

The API must provide an events logs to be able to debug in case of errors.

Current Workaround

None.

Proposed Solution

Implement logging in the GraphQL API.

Additional Information

None.

Problem to Solve

Create the user profile to allow users to update their settings/preferences and see their API key.

Current Workaround

None.

Proposed Solution

Create the view and the associated form in the UI.

Additional Information

None.

Problem to Solve

Be able to make the difference on the sectors list between main sectors and sectors that have a parent sector.

Current Workaround

None.

Proposed Solution

Count relations and display in different color or form or label, etc. Also, display the parent sector in subsectors.

Additional Information

None.

Problem to Solve

A global search field must be provided to be able to search any entity in the platform in fulltext.

Current Workaround

None.

Proposed Solution

Create the field and the API methods.

Additional Information

None.

Problem to Solve

Create a loader for STIX 2 json files in order to direclty push STIX2 data on the platform.

Current Workaround

None.

Proposed Solution

Implement a loader to insert data from JSON to Grakn.

Additional Information

None.

Problem to Solve

Implement all observable types schema.

Current Workaround

None.

Proposed Solution

Finish the schema and update associated forms.

Additional Information

None.

Problem to Solve

OpenCTI must be able to connect to other CTI platforms and tools. A connector template have to be created in order to allow the community to build connectors.

Current Workaround

None.

Proposed Solution

Architecture and implementation of connectors.

Additional Information

None.

Problem to Solve

The users must be able to export all lists in a CSV.

Current Workaround

None.

Proposed Solution

Implement the CSV export in all list views.

Additional Information

None.

Problem to Solve

Entities views must provide quantitative information through charts about their relations and their linked entities.

Current Workaround

None.

Proposed Solution

Create various generic charts (and associated GraphQL methods), add its in the different entities views.

Additional Information

None.

Description

The search function is currently not working properly.

Environment

1.Ubuntu 18.04
2. Pre-release
3. Frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Search for a TTP
2. Try to understand the logic

Expected Output

TTP found.

Actual Output

No TTP found with the exact phrase match.

Additional information

None.

Problem to Solve

The developers of OpenCTI must have a clear overview of the CI process. CircleCI provides all the featured needed to achieve build/deploy goals.

Current Workaround

Using self-hosted Jenkins.

Proposed Solution

Write a CircleCI configuration for all the workflows.

Additional Information

None.

Problem to Solve

Add the possibility to update the knowledge and relationships in all knowledge screens of entities/threats/techniques.

Current Workaround

Add this knowledge in report graph view.

Proposed Solution

Implement forms to add countries to region, cities to country, etc.

Additional Information

None.

Problem to Solve

Ensure that websocket (api, redis, ...) can be disable with an option and all the application still works perfectly.

Current Workaround

None.

Proposed Solution

Implement an option in the configuration to be able to disable the "reactive" mode with Redis subscription.

Additional Information

None.

Problem to Solve

All entities can have an author/creator (created_by_ref in STIX2). The GraphQL methods of all entities must implement this field as well as the creation/edition form of the UI.

Current Workaround

None.

Proposed Solution

Create the GraphQL schema and resolvers, update all forms in the UI.

Additional Information

None.

Problem to Solve

Currently, the Grakn schema is created by the JAVA loader. Since this loader is deprecated and to be more consistent, the Grakn schema must be created by a NodeJS command on the API side.

Current Workaround

None.

Proposed Solution

Implement a command in the NodeJS API to create the Grakn schema.

Additional Information

None.

Description

In some specific cases, the user is not able to logout.

Environment

1. Ubuntu 18.04
2. Pre-release
3. Frontend

Reproducible Steps

Steps to create the smallest reproducible scenario:

1. Launch
2. Create an entity
3. Try to logout

Expected Output

Successful logout.

Actual Output

Nothing happen.

Additional information

{ Any additional information, including logs or screenshots if you have any. }

Description

The display is slow on the following views:

• Report knowledge with many entities/relations
• Statistics (exploration)
• Victimology

Environment

1. Ubuntu 18.04
2. Pre-release
3. Frontend

Reproducible Steps

None.

Expected Output

Better performances.

Actual Output

Display in 20 / 30 secs.

Additional information

None.

Problem to Solve

Implement inline field component to be able to double click on a text and display a field.

Current Workaround

Open the edit panel.

Proposed Solution

Create a generic inline field component.

Additional Information

None.

Problem to Solve

Manual installation of the platform must be documented before the first release.

Current Workaround

None.

Proposed Solution

Write the documentation directly on a .md file.

Additional Information

None.

Problem to Solve

Implement the vulnerability enrichment through a connector with the CVE platform.

Current Workaround

None.

Proposed Solution

Create a connector to the CVE platform.

Additional Information

None.

Problem to Solve

The user must be able to explore the data of the platform within a graph by searching for neighbors and so visualize the database.

Current Workaround

None.

Proposed Solution

Implement the concept of "workspace", implement an exploration graph view.

Additional Information

None.

Problem to Solve

Connect any MISP instance(s) to OpenCTI.

Current Workaround

None.

Proposed Solution

Create the MISP connector.

Additional Information

None.