[backend] Add specific fintel filters for entities (#15201)

delemaf · web-flow · commit 23bbb5ce6a87 · 2026-04-03T16:30:17.000+02:00
diff --git a/opencti-platform/opencti-front/src/private/components/widgets/WidgetCreationPerspective.tsx b/opencti-platform/opencti-front/src/private/components/widgets/WidgetCreationPerspective.tsx
@@ -6,6 +6,7 @@ import { LibraryBooksOutlined } from '@mui/icons-material';
 import React from 'react';
 import { v4 as uuid } from 'uuid';
 import { getDefaultWidgetColumns } from '@components/widgets/WidgetListsDefaultColumns';
+import useAttributes from '../../../utils/hooks/useAttributes';
 import { useFormatter } from '../../../components/i18n';
 import { indexedVisualizationTypes, WidgetVisualizationTypes } from '../../../utils/widget/widgetUtils';
 import { useWidgetConfigContext } from './WidgetConfigContext';
@@ -15,16 +16,33 @@ import Card from '../../../components/common/card/Card';
 
 const WidgetCreationPerspective = () => {
   const { t_i18n } = useFormatter();
-  const { context, config, setStep, setConfigWidget } = useWidgetConfigContext();
+  const { context, config, setStep, setConfigWidget, fintelEntityType } = useWidgetConfigContext();
   const { type, dataSelection } = config.widget;
 
+  // Container and domain object have different filters for the perspective selection
+  const { containerTypes } = useAttributes();
+  const isContainer = containerTypes.includes(fintelEntityType ?? '');
+
   const handleSelectPerspective = (perspective: WidgetPerspective) => {
+    let filterKey = 'objects';
+    let filterValues: (object | string)[] = [SELF_ID];
+
+    // Handle Non-Container Logic
+    if (!isContainer) {
+      if (perspective === 'entities') {
+        filterKey = 'regardingOf';
+        filterValues = [{ key: 'id', values: [SELF_ID] }];
+      } else {
+        filterKey = 'fromId';
+      }
+    }
+
     const fintelTemplateEntitiesInitialFilters = {
       mode: 'and',
       filters: [{
         id: uuid(),
-        key: 'objects',
-        values: [SELF_ID],
+        key: filterKey,
+        values: filterValues,
         operator: 'eq',
         mode: 'or',
       }],
diff --git a/opencti-platform/opencti-graphql/src/modules/fintelTemplate/fintelTemplate-domain.ts b/opencti-platform/opencti-graphql/src/modules/fintelTemplate/fintelTemplate-domain.ts
@@ -24,8 +24,17 @@ import { extractContentFrom } from '../../utils/fileToContent';
 import { isCompatibleVersionWithMinimal } from '../../utils/version';
 import pjson from '../../../package.json';
 import { convertWidgetsIds } from '../workspace/workspace-utils';
-import { SELF_ID, widgetAttackPatterns, widgetContainerObservables, widgetIndicators } from '../../utils/fintelTemplate/__fintelTemplateWidgets';
+import {
+  SELF_ID,
+  widgetContainerAttackPatterns,
+  widgetContainerIndicators,
+  widgetContainerObservables,
+  widgetEntityAttackPatterns,
+  widgetEntityIndicators,
+  widgetEntityObservables,
+} from '../../utils/fintelTemplate/__fintelTemplateWidgets';
 import { fintelTemplateVariableNameChecker } from '../../utils/syntax';
+import { isStixDomainObjectContainer } from '../../schema/stixDomainObject';
 
 // to customize a template we need : EE, FF enabled
 // but also to have the SETTINGS_SETCUSTOMIZATION capability !!
@@ -79,12 +88,14 @@ export const addFintelTemplate = async (
   input: FintelTemplateAddInput,
   preventDefaultWidgets = false,
 ) => {
-  const isFintelForEntityFeatureEnabled = isFeatureEnabled('FINTEL_FOR_ENTITY');
-
   // check rights
   await canCustomizeTemplate(context);
   // check input validity
   checkFintelTemplateWidgetsValidity(input.fintel_template_widgets ?? []);
+  // get settings type
+  const { settings_types: [settings_type] } = input;
+  const isFintelForEntityFeatureEnabled = isFeatureEnabled('FINTEL_FOR_ENTITY');
+  const isContainer = isFintelForEntityFeatureEnabled ? isStixDomainObjectContainer(settings_type) : true;
   // add id to fintel template widgets
   const widgetsWithIds = (input.fintel_template_widgets ?? []).map((templateWidget) => ({
     ...templateWidget,
@@ -103,7 +114,7 @@ export const addFintelTemplate = async (
           columns: [{
             label: 'Representative',
             attribute: 'representative.main',
-            variableName: isFintelForEntityFeatureEnabled ? 'entityRepresentative' : 'containerRepresentative',
+            variableName: isContainer ? 'containerRepresentative' : 'entityRepresentative',
           }],
           instance_id: SELF_ID,
         }],
@@ -113,29 +124,20 @@ export const addFintelTemplate = async (
         },
       },
     });
-    // - list widgets of observables
-    widgetsWithIds.push({
-      variable_name: widgetContainerObservables.variable_name,
-      widget: {
-        id: uuidv4(),
-        ...widgetContainerObservables.widget,
-      },
-    });
-    // - list widgets of attack patterns
-    widgetsWithIds.push({
-      variable_name: widgetAttackPatterns.variable_name,
-      widget: {
-        id: uuidv4(),
-        ...widgetAttackPatterns.widget,
-      },
-    });
-    // - list widgets indicators
-    widgetsWithIds.push({
-      variable_name: widgetIndicators.variable_name,
-      widget: {
-        id: uuidv4(),
-        ...widgetIndicators.widget,
-      },
+
+    const relatedDataWidgets = isContainer
+      ? [widgetContainerObservables, widgetContainerAttackPatterns, widgetContainerIndicators]
+      : [widgetEntityObservables, widgetEntityAttackPatterns, widgetEntityIndicators];
+
+    // Add related data widgets depending on the settings type (container or entity)
+    relatedDataWidgets.forEach(({ variable_name, widget }) => {
+      widgetsWithIds.push({
+        variable_name: variable_name,
+        widget: {
+          id: uuidv4(),
+          ...widget,
+        },
+      });
     });
   }
 
diff --git a/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__executiveSummary.template.ts b/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__executiveSummary.template.ts
@@ -1,9 +1,9 @@
 import {
   widgetAllEntitiesAndObservables,
-  widgetAttackPatterns,
+  widgetContainerAttackPatterns,
   widgetGroupingMultiAttributes,
   widgetIncidentResponseMultiAttributes,
-  widgetIndicators,
+  widgetContainerIndicators,
   widgetReportMultiAttributes,
   widgetRFIMultiAttributes,
   widgetRFTMultiAttributes,
@@ -169,8 +169,8 @@ export const generateFintelTemplateExecutiveSummary = (containerType: string): F
     start_date: '1970-01-01T00:00:00Z',
     fintel_template_widgets: [
       multiAttributesWidget,
-      widgetIndicators,
-      widgetAttackPatterns,
+      widgetContainerIndicators,
+      widgetContainerAttackPatterns,
       widgetThreats,
       widgetVictims,
       widgetAllEntitiesAndObservables,
diff --git a/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__fintelTemplateWidgets.ts b/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__fintelTemplateWidgets.ts
@@ -141,7 +141,44 @@ export const widgetContainerObservables: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Observables contained in the entity',
+      title: 'Observables contained in the container',
+    },
+  },
+};
+
+export const widgetEntityObservables: FintelTemplateWidgetAddInput = {
+  variable_name: 'observables',
+  widget: {
+    type: 'list',
+    perspective: WidgetPerspective.Entities,
+    dataSelection: [
+      {
+        perspective: WidgetPerspective.Entities,
+        number: 50,
+        filters: JSON.stringify({
+          mode: 'and',
+          filters: [
+            { key: ['entity_type'], values: ['Stix-Cyber-Observable'] },
+            {
+              key: 'regardingOf',
+              operator: 'eq',
+              values: [{
+                key: 'id',
+                values: [SELF_ID],
+              }],
+              mode: 'or',
+            },
+          ],
+          filterGroups: [],
+        }),
+        columns: [
+          { label: 'Observable type', attribute: 'entity_type' },
+          { label: 'Value', attribute: 'representative.main' },
+        ],
+      },
+    ],
+    parameters: {
+      title: 'Observables linked to the entity',
     },
   },
 };
@@ -170,12 +207,12 @@ export const widgetIncidentIOC: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Indicators contained in the entity',
+      title: 'Indicators contained in the container',
     },
   },
 };
 
-export const widgetIndicators: FintelTemplateWidgetAddInput = {
+export const widgetContainerIndicators: FintelTemplateWidgetAddInput = {
   variable_name: 'indicators',
   widget: {
     type: 'list',
@@ -199,7 +236,44 @@ export const widgetIndicators: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Indicators contained in the entity',
+      title: 'Indicators contained in the container',
+    },
+  },
+};
+
+export const widgetEntityIndicators: FintelTemplateWidgetAddInput = {
+  variable_name: 'indicators',
+  widget: {
+    type: 'list',
+    perspective: WidgetPerspective.Entities,
+    dataSelection: [
+      {
+        perspective: WidgetPerspective.Entities,
+        number: 50,
+        filters: JSON.stringify({
+          mode: 'and',
+          filters: [
+            { key: ['entity_type'], values: ['Indicator'] },
+            {
+              key: 'regardingOf',
+              operator: 'eq',
+              values: [{
+                key: 'id',
+                values: [SELF_ID],
+              }],
+              mode: 'or',
+            },
+          ],
+          filterGroups: [],
+        }),
+        columns: [
+          { label: 'Indicator types', attribute: 'indicator_types' },
+          { label: 'Indicator pattern', attribute: 'pattern' },
+        ],
+      },
+    ],
+    parameters: {
+      title: 'Indicators linked to the entity',
     },
   },
 };
@@ -229,12 +303,12 @@ export const widgetIncidentTasksActions: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Tasks contained in the entity',
+      title: 'Tasks contained in the container',
     },
   },
 };
 
-export const widgetAttackPatterns: FintelTemplateWidgetAddInput = {
+export const widgetContainerAttackPatterns: FintelTemplateWidgetAddInput = {
   variable_name: 'attackPatterns',
   widget: {
     type: 'list',
@@ -258,7 +332,44 @@ export const widgetAttackPatterns: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Attack Patterns contained in the entity',
+      title: 'Attack Patterns contained in the container',
+    },
+  },
+};
+
+export const widgetEntityAttackPatterns: FintelTemplateWidgetAddInput = {
+  variable_name: 'attackPatterns',
+  widget: {
+    type: 'list',
+    perspective: WidgetPerspective.Entities,
+    dataSelection: [
+      {
+        perspective: WidgetPerspective.Entities,
+        number: 50,
+        filters: JSON.stringify({
+          mode: 'and',
+          filters: [
+            { key: ['entity_type'], values: ['Attack-Pattern'] },
+            {
+              key: 'regardingOf',
+              operator: 'eq',
+              values: [{
+                key: 'id',
+                values: [SELF_ID],
+              }],
+              mode: 'or',
+            },
+          ],
+          filterGroups: [],
+        }),
+        columns: [
+          { label: 'Technique ID', attribute: 'x_mitre_id' },
+          { label: 'Technique', attribute: 'representative.main' },
+        ],
+      },
+    ],
+    parameters: {
+      title: 'Attack Patterns linked to the entity',
     },
   },
 };
@@ -288,7 +399,7 @@ export const widgetThreats: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Threats contained in the entity',
+      title: 'Threats contained in the container',
     },
   },
 };
@@ -318,7 +429,7 @@ export const widgetVictims: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Victims contained in the entity',
+      title: 'Victims contained in the container',
     },
   },
 };
@@ -347,7 +458,7 @@ export const widgetAllEntitiesAndObservables: FintelTemplateWidgetAddInput = {
       },
     ],
     parameters: {
-      title: 'Entities and Observables contained in the entity',
+      title: 'Entities and Observables contained in the container',
     },
   },
 };
diff --git a/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__incidentCase.template.ts b/opencti-platform/opencti-graphql/src/utils/fintelTemplate/__incidentCase.template.ts
@@ -1,5 +1,11 @@
 import type { FintelTemplateAddInput } from '../../generated/graphql';
-import { widgetAttackPatterns, widgetContainerObservables, widgetIncidentIOC, widgetIncidentResponseMultiAttributes, widgetIncidentTasksActions } from './__fintelTemplateWidgets';
+import {
+  widgetContainerAttackPatterns,
+  widgetContainerObservables,
+  widgetIncidentIOC,
+  widgetIncidentResponseMultiAttributes,
+  widgetIncidentTasksActions,
+} from './__fintelTemplateWidgets';
 
 const template_content = `
 <div>
@@ -104,7 +110,7 @@ export const fintelTemplateIncidentResponse: FintelTemplateAddInput = {
     widgetContainerObservables,
     widgetIncidentIOC,
     widgetIncidentTasksActions,
-    widgetAttackPatterns,
+    widgetContainerAttackPatterns,
     widgetIncidentResponseMultiAttributes,
   ],
 };
