[Sekoia] Retrieve the list of entity sources #3176
Labels
feature
use for describing a new feature to develop
needs triage
use to identify issue needing triage from Filigran Product team
Comments
Lhorus6
added
feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Use case
Sekoia provides a list of sources who have reported the information. Example: for an indicator, they list the sources that flagged this indicator.
The need is to know which source has reported the information, which is currently not retrieved in OpenCTI but provided by Sekoia. The information is contained in a custom Sekoia field, named "x_inthreat_sources_refs" (this field is a list of source name)
Current Workaround
Nothing, the data is lost
Proposed Solution
The various sources would have to be imported into the platform. Since STIX does not allow multiple “Author”, one idea would be to record them in labels, e.g. “source:Name1”, “source:Name2”, ...
One value in the "x_inthreat_sources_refs" list could be mapped as one label.
Additional Information
The "x_inthreat_sources_refs" list contains a list of STIX IDs (like the “CreatedBy” field), so we'll need to resolve the entities to retrieve their names
Would you be willing to submit a PR?
If needed, yes
The text was updated successfully, but these errors were encountered: