[frontend] 'In regards of' filter warning for not detected values com…

…binations (OpenCTI-Platform#9909)

opencti-platform/opencti-front/lang/front/de.json

@@ -83,8 +83,8 @@
   "Add an organization": "Hinzufügen einer Organisation",
   "Add and complete": "Hinzufügen und ausfüllen",
   "Add attack patterns": "Angriffsmuster hinzufügen",
-  "Add citizenship": "Staatsbürgerschaft hinzufügen",
   "Add attributes of the instance": "Hinzufügen von Attributen der {type}",
+  "Add citizenship": "Staatsbürgerschaft hinzufügen",
   "Add components": "Komponenten hinzufügen",
   "Add context": "Kontext hinzufügen",
   "Add country": "Land hinzufügen",
@@ -155,6 +155,7 @@
   "All other filters": "Alle anderen Filter",
   "All reports": "Alle Berichte",
   "All rule targets": "Alle Regelziele",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "Für diese Filterwerte werden möglicherweise nicht alle Ergebnisse angezeigt, {link} für weitere Informationen",
   "All threats": "Alle Bedrohungen",
   "All types of relationship": "Alle Arten von Beziehungen",
   "All types of target": "Alle Arten von Ziel",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "nehmen Sie Kontakt mit dem Filigran-Team auf",
   "Reaction points": "Reaktionspunkte",
   "Reaction points:": "Reaktionspunkte:",
+  "read documentation": "dokumentation lesen",
   "Read operations": "Lesevorgänge",
   "Received time": "Ausgelöst",
   "Recipients": "Empfänger",
@@ -3450,4 +3452,4 @@
   "Zoom": "Vergrößern",
   "Zoom in": "Vergrößern",
   "Zoom out": "Verkleinern"
-}
+}

opencti-platform/opencti-front/lang/front/en.json

@@ -83,8 +83,8 @@
   "Add an organization": "Add an organization",
   "Add and complete": "Add and complete",
   "Add attack patterns": "Add attack patterns",
-  "Add citizenship": "Add citizenship",
   "Add attributes of the instance": "Add attributes of the {type}",
+  "Add citizenship": "Add citizenship",
   "Add components": "Add components",
   "Add context": "Add context",
   "Add country": "Add country",
@@ -155,6 +155,7 @@
   "All other filters": "All other filters",
   "All reports": "All reports",
   "All rule targets": "All rule targets",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "All the results may not be displayed for these filter values, {link} for more information",
   "All threats": "All threats",
   "All types of relationship": "All types of relationship",
   "All types of target": "All types of target",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "reach out to the Filigran team",
   "Reaction points": "Reaction points",
   "Reaction points:": "Reaction points:",
+  "read documentation": "read documentation",
   "Read operations": "Read operations",
   "Received time": "Triggered",
   "Recipients": "Recipients",
@@ -3450,4 +3452,4 @@
   "Zoom": "Zoom",
   "Zoom in": "Zoom in",
   "Zoom out": "Zoom out"
-}
+}

opencti-platform/opencti-front/lang/front/es.json

@@ -83,8 +83,8 @@
   "Add an organization": "Agregar una organización",
   "Add and complete": "Agregar y completar",
   "Add attack patterns": "Añadir patrones de ataque",
-  "Add citizenship": "Añadir ciudadanía",
   "Add attributes of the instance": "Añadir atributos de la {type}",
+  "Add citizenship": "Añadir ciudadanía",
   "Add components": "Añadir componentes",
   "Add context": "Agregar contexto",
   "Add country": "Añadir país",
@@ -155,6 +155,7 @@
   "All other filters": "Todos los demás filtros",
   "All reports": "Todos los informes",
   "All rule targets": "Todos los objetivos de las reglas",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "Puede que no se muestren todos los resultados para estos valores de filtro, {link} para más información",
   "All threats": "Todas las amenazas",
   "All types of relationship": "Todos los tipos de relación",
   "All types of target": "Todo los tipos de objetivo",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "póngase en contacto con el equipo de Filigran",
   "Reaction points": "Puntos de reacción",
   "Reaction points:": "Puntos de reacción:",
+  "read documentation": "leer documentación",
   "Read operations": "Operaciones de lectura",
   "Received time": "Hora de recepción",
   "Recipients": "Destinatarios",
@@ -3450,4 +3452,4 @@
   "Zoom": "Zoom",
   "Zoom in": "Ampliar",
   "Zoom out": "Alejar"
-}
+}

opencti-platform/opencti-front/lang/front/fr.json

@@ -83,8 +83,8 @@
   "Add an organization": "Ajouter une organisation",
   "Add and complete": "Ajouter et compléter",
   "Add attack patterns": "Ajouter des motifs d'attaque",
-  "Add citizenship": "Ajouter la citoyenneté",
   "Add attributes of the instance": "Ajouter des attributs de l'élément {type}",
+  "Add citizenship": "Ajouter la citoyenneté",
   "Add components": "Ajouter des composants",
   "Add context": "Ajouter du contexte",
   "Add country": "Ajouter un pays",
@@ -155,6 +155,7 @@
   "All other filters": "Tous les autres filtres",
   "All reports": "Tous les rapports",
   "All rule targets": "Toutes les cibles de règles",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "Tous les résultats peuvent ne pas être affichés pour ces valeurs de filtre, {link} pour plus d'informations",
   "All threats": "Toutes les menaces",
   "All types of relationship": "Tous les types de relation",
   "All types of target": "Tous les types de cible",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "contacter l'équipe Filigran",
   "Reaction points": "Points de réaction",
   "Reaction points:": "Points de réaction :",
+  "read documentation": "lire la documentation",
   "Read operations": "Opérations de lecture",
   "Received time": "Délenchement",
   "Recipients": "Destinataires",
@@ -3450,4 +3452,4 @@
   "Zoom": "Zoom",
   "Zoom in": "Zoomer",
   "Zoom out": "Zoom arrière"
-}
+}

opencti-platform/opencti-front/lang/front/ja.json

@@ -83,8 +83,8 @@
   "Add an organization": "組織を追加する",
   "Add and complete": "追加して完成",
   "Add attack patterns": "攻撃パターンを追加",
-  "Add citizenship": "市民権の追加",
   "Add attributes of the instance": "0}}の属性を追加",
+  "Add citizenship": "市民権の追加",
   "Add components": "コンポーネントを追加する",
   "Add context": "コンテキストを追加",
   "Add country": "国を追加する",
@@ -155,6 +155,7 @@
   "All other filters": "その他のフィルター",
   "All reports": "レポート",
   "All rule targets": "すべてのルールターゲット",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "これらのフィルター値では、すべての結果が表示されない場合があります。",
   "All threats": "すべての脅威",
   "All types of relationship": "全てのリレーションシップの種別",
   "All types of target": "あらゆる種類のターゲット",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "Filigranチームに連絡する",
   "Reaction points": "反応点",
   "Reaction points:": "リアクションポイント",
+  "read documentation": "ドキュメントを読む",
   "Read operations": "読み込みオペレーション",
   "Received time": "受付時刻",
   "Recipients": "受信者",
@@ -3450,4 +3452,4 @@
   "Zoom": "ズーム",
   "Zoom in": "ズームイン",
   "Zoom out": "ズームアウト"
-}
+}

opencti-platform/opencti-front/lang/front/ko.json

@@ -83,8 +83,8 @@
   "Add an organization": "조직 추가",
   "Add and complete": "추가 및 완료",
   "Add attack patterns": "공격 패턴 추가",
-  "Add citizenship": "시민권 추가",
   "Add attributes of the instance": "{type}의 속성을 추가합니다",
+  "Add citizenship": "시민권 추가",
   "Add components": "구성 요소 추가",
   "Add context": "컨텍스트 추가",
   "Add country": "국가 추가",
@@ -155,6 +155,7 @@
   "All other filters": "다른 모든 필터",
   "All reports": "모든 보고서",
   "All rule targets": "모든 규칙 대상",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "이러한 필터 값에 대해 모든 결과가 표시되지 않을 수 있습니다. 자세한 내용은 {link}을 참조하세요",
   "All threats": "모든 위협",
   "All types of relationship": "모든 관계 유형",
   "All types of target": "모든 대상 유형",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "filigran 팀에 문의",
   "Reaction points": "반응 포인트",
   "Reaction points:": "반응 포인트:",
+  "read documentation": "문서 읽기",
   "Read operations": "읽기 작업",
   "Received time": "수신 시간",
   "Recipients": "수신자",
@@ -3450,4 +3452,4 @@
   "Zoom": "확대/축소",
   "Zoom in": "확대",
   "Zoom out": "축소"
-}
+}

opencti-platform/opencti-front/lang/front/zh.json

@@ -83,8 +83,8 @@
   "Add an organization": "添加组织",
   "Add and complete": "添加并完成",
   "Add attack patterns": "添加攻击模式",
-  "Add citizenship": "添加公民身份",
   "Add attributes of the instance": "添加 {type} 的属性",
+  "Add citizenship": "添加公民身份",
   "Add components": "添加组件",
   "Add context": "添加上下文",
   "Add country": "添加国家",
@@ -155,6 +155,7 @@
   "All other filters": "所有其他筛选器",
   "All reports": "所有报告",
   "All rule targets": "所有规则目标",
+  "All the results may not be displayed for these filter values, read documentation for more information.": "这些过滤值可能无法显示所有结果，{link} 获取更多信息",
   "All threats": "所有威胁",
   "All types of relationship": "关系的所有类型",
   "All types of target": "所有类型的目标",
@@ -2361,6 +2362,7 @@
   "reach out to the Filigran team": "联系 Filigran 团队",
   "Reaction points": "反应点",
   "Reaction points:": "反应分",
+  "read documentation": "阅读文档",
   "Read operations": "读取操作",
   "Received time": "接收时间",
   "Recipients": "收件人",
@@ -3450,4 +3452,4 @@
   "Zoom": "放大",
   "Zoom in": "放大",
   "Zoom out": "缩小"
-}
+}

opencti-platform/opencti-front/src/components/FilterIconButtonContainer.tsx

@@ -1,6 +1,6 @@
 import Chip from '@mui/material/Chip';
 import Tooltip from '@mui/material/Tooltip';
-import React, { Fragment, FunctionComponent, useContext, useEffect, useRef } from 'react';
+import React, { Fragment, FunctionComponent, useContext, useEffect, useRef, useState } from 'react';
 import makeStyles from '@mui/styles/makeStyles';
 import { PreloadedQuery, usePreloadedQuery } from 'react-relay';
 import { ChipOwnProps } from '@mui/material/Chip/Chip';
@@ -169,7 +169,7 @@ FilterIconButtonContainerProps
   const filtersRepresentativesMap = new Map<string, FilterRepresentative>(
     filtersRepresentatives.map((n: FilterRepresentative) => [n.id, n]),
   );
-  const [filterChipsParams, setFilterChipsParams] = React.useState<FilterChipsParameter>({
+  const [filterChipsParams, setFilterChipsParams] = useState<FilterChipsParameter>({
     filter: undefined,
     anchorEl: undefined,
   } as FilterChipsParameter);
@@ -295,16 +295,18 @@ FilterIconButtonContainerProps
           <Fragment key={currentFilter.id ?? `filter-${index}`}>
             <Tooltip
               title={
-                <FilterValues
-                  label={keyLabel}
-                  tooltip={true}
-                  currentFilter={currentFilter}
-                  handleSwitchLocalMode={handleSwitchLocalMode}
-                  filtersRepresentativesMap={filtersRepresentativesMap}
-                  redirection={redirection}
-                  entityTypes={entityTypes}
-                  filtersRestrictions={filtersRestrictions}
-                />
+                filterKey === 'regardingOf'
+                  ? undefined
+                  : <FilterValues
+                      label={keyLabel}
+                      tooltip={true}
+                      currentFilter={currentFilter}
+                      handleSwitchLocalMode={handleSwitchLocalMode}
+                      filtersRepresentativesMap={filtersRepresentativesMap}
+                      redirection={redirection}
+                      entityTypes={entityTypes}
+                      filtersRestrictions={filtersRestrictions}
+                    />
               }
             >
               <Box

opencti-platform/opencti-front/src/components/filters/FilterValues.tsx

@@ -5,13 +5,16 @@ import Tooltip from '@mui/material/Tooltip';
 import Box from '@mui/material/Box';
 import Chip from '@mui/material/Chip';
 import { ChipOwnProps } from '@mui/material/Chip/Chip';
+import { WarningOutlined } from '@mui/icons-material';
+import { Link } from 'react-router-dom';
 import { useFormatter } from '../i18n';
 import type { Theme } from '../Theme';
-import { FiltersRestrictions, isFilterEditable, useFilterDefinition } from '../../utils/filters/filtersUtils';
+import { FiltersRestrictions, isFilterEditable, isRegardingOfFilterWarning, useFilterDefinition } from '../../utils/filters/filtersUtils';
 import { truncate } from '../../utils/String';
 import FilterValuesContent from '../FilterValuesContent';
 import { FilterRepresentative } from './FiltersModel';
 import { Filter } from '../../utils/filters/filtersHelpers-types';
+import useSchema from '../../utils/hooks/useSchema';
 
 // Deprecated - https://mui.com/system/styles/basics/
 // Do not use it for new code.
@@ -78,6 +81,7 @@ const FilterValues: FunctionComponent<FilterValuesProps> = ({
 }) => {
   const { t_i18n } = useFormatter();
   const classes = useStyles();
+  const { schema: { scos } } = useSchema();
 
   const filterKey = currentFilter.key;
   const filterOperator = currentFilter.operator;
@@ -136,8 +140,29 @@ const FilterValues: FunctionComponent<FilterValuesProps> = ({
   if (filterKey === 'regardingOf') {
     const sortedFilterValues = [...filterValues].sort((a, b) => -a.key.localeCompare(b.key)); // display type first, then id
 
+    // add warning for (relationship type / ids) combinations that may not display all the results because of denormalization
+    const isWarning = isRegardingOfFilterWarning(currentFilter, scos.map((n) => n.id), filtersRepresentativesMap);
+
     return (
       <>
+        {isWarning && (
+          <Tooltip title={
+            t_i18n('', {
+              id: 'All the results may not be displayed for these filter values, read documentation for more information.',
+              values: {
+                link: <Link target="_blank" to="https://docs.opencti.io/latest/reference/filters/?h=regarding#the-regardingof-filter-key">
+                  {t_i18n('read documentation')}
+                </Link>,
+              },
+            })
+          }
+          >
+            <WarningOutlined
+              color={'inherit'}
+              style={{ fontSize: 20, color: '#f44336', marginRight: 4 }}
+            />
+          </Tooltip>
+        )}
         <strong
           className={menuClassName}
           onClick={onCLick}

opencti-platform/opencti-front/src/utils/filters/filtersUtils.tsx

@@ -972,3 +972,31 @@ export const cleanFilters = (filters: FilterGroup, helpers: handleFilterHelpers,
   const filtersToRemoveIds = allListedFilters.filter((f) => !newAvailableFilterKeys.includes(f.key)).map((f) => f.id ?? '');
   filtersToRemoveIds.forEach((id) => helpers.handleRemoveFilterById(id));
 };
+
+export const isRegardingOfFilterWarning = (
+  filter: Filter,
+  observablesTypes: string[],
+  filtersRepresentativesMap: Map<string, FilterRepresentative>,
+) => {
+  if (filter.key === 'regardingOf') {
+    const relationshipTypes: string[] = filter.values.filter((v) => v.key === 'relationship_type').map((f) => f.values).flat();
+    const entitiesIds: string[] = filter.values.filter((v) => v.key === 'id').map((f) => f.values).flat();
+    const entityTypes = entitiesIds
+      .map((id) => filtersRepresentativesMap.get(id)?.entity_type)
+      .filter((t) => !!t) as string[];
+    if (relationshipTypes.includes('targets')
+      && entityTypes.some((type) => ['Attack-Pattern', 'Campaign', 'Incident', 'Intrusion-Set', 'Malware', 'Threat-Actor-Individual', 'Threat-Actor-Group'].includes(type))) {
+      return true;
+    } if (relationshipTypes.includes('located-at')
+      && entityTypes.some((type) => ['City', 'IPv4-Addr', 'IPv6-Addr'].includes(type))) {
+      return true;
+    } if (relationshipTypes.includes('related-to')
+      && entityTypes.some((type) => [...observablesTypes, 'Stix-Cyber-Observable'].includes(type))) {
+      return true;
+    } if (relationshipTypes.includes('indicates')
+      && entityTypes.some((type) => ['Indicator'].includes(type))) {
+      return true;
+    }
+  }
+  return false;
+};