Lhorus6

@Jipegien FYI, need to be fixed before 26 Feb (a customer needs to launch an exercise). If this is not possible, please let me know a week beforehand so that...

"you export the list of attack patterns linked to the intrusion set (entities and not relations)." -> This is what I'm expecting yes

A customer would be interested to have a “targets” relationship between an infrastructure and an organization. Not to make the inference rule described here work, but to be able to...

@nino-filigran What is your user configuration? If you have the "bypass all" right, you bypass the enforce reference policy. This is something I should have warned about in the issue......

After a quick look, it seems related to this : https://github.com/OpenCTI-Platform/opencti/issues/4839

NB: The opposite must also be taken into account (observables generated from indicators in a container).

Why did we make this choice? This reduces the possibilities of using markings. At a minimum, we must change the "order" of the TLPs so that "AMBER" does not allow...

#### For "reduce possibilities": For example, if I have custom markings for my internal teams and apply them to restrict access to a particular team: - if I don't put...

- Isn't the "order" of the TLPs managed when the platform is deployed? If we change them, will everyone (existing platform) be updated? - In your opinion, is it normal/not...

If I understand well, we just need to modify the line 131 and 137 : https://github.com/OpenCTI-Platform/opencti/blob/9c10a5b6e18867131e3284b0a33ebbdf2dca82f2/opencti-platform/opencti-graphql/src/database/data-initialization.js#L131 Don't know if it should be done by Platform or R&D