Observable Viewing Page #17
Comments
|
Hi @megan201296 While a mass collection of observables is indeed one of TheHive's main features, I don't see how having an 'Excel' like display within TheHive could be. When you search for an observable, TheHive will tell you in which cases it has been seen. From there you can jump to the case and navigate the observables it shares with others and TheHive will also show you in the case's main view the related cases. One idea we've been toying with for quite some time but would require some investment on our part is visualizing the relationships instead of simply having a row display with multiple columns which we 'll keep only growing overtime. So unless there's a huge benefit to have 100k rows+ displayed in the Web UI, we won't implement this feature and try to get the visualization part implemented (search observable > show relationships with other observables & cases > explore > ...). Regards, |
|
I forgot to mention that you may get the list you want by directly querying the REST API of TheHive. We are working hard to document it and we plan to publish the documentation in a few weeks. |
|
Visualization of relationships would be a great feature! And I see now that searching "ip" will list all IPs since it has the |
|
I will close your feature request then and will inform you when the API documentation is ready. We'll also update everyone one we have a timeframe for the viz part. |
Observable Viewing Page
Request Type
Feature Request
I think there should be a section that we can go to that will list all of the observables (independent of their case). I know that there is an observable tab in each case, or you can search for it, but I think a mass collection would be beneficial. There should probably be a column that contains a link to the case it is associated with.
Here is an example of my vision for it (in terms of details and abilities):
Let me know if you have any more questions!
The text was updated successfully, but these errors were encountered: