Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add danger zone option to entity types in the entity customization #9423

Open
ups1decyber opened this issue Dec 19, 2024 · 2 comments
Open

Add danger zone option to entity types in the entity customization #9423

ups1decyber opened this issue Dec 19, 2024 · 2 comments
Labels
feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team

Comments

@ups1decyber
Copy link

Use case

We have imported stuff like MITRE Attack TTPs, Sectors, Geographic locations, etc. and we don't want regular users to mess with them (e.g. accidentally delete them, edit them, or create new ones). We would like to use the danger zone mechanism to elevate certain entity types to the danger zone and only allow admins to edit/create/delete such entities.

Current Workaround

None

Proposed Solution

In the entity customization, add an option to elevate an entity type to the danger zone. Entity types that are in the danger zone, should not be modifiable in any way by regular users, but only by users with the danger zone permission.

Additional Information

If the feature request is approved, would you be willing to submit a PR?

No
@ups1decyber ups1decyber added feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team labels Dec 19, 2024
@nino-filigran
Copy link

@ups1decyber you should already be able to do this by:

  • adding all the users that should not do this in a specific group
  • assign to this group some low confidence levels on the specific entities that you have mentioned (even better a 0 confidence level): this way, they will not be able to delete/edit these entities!

Does that answer your need?

@ups1decyber
Copy link
Author

Hi @nino-filigran

That approach would technically work, but it's not quite what I want for multiple reasons:

Firstly, users can still create new entities. For example, a user with a max confidence of 99 can still create a new Attack Pattern (though its max confidence would be 99 and not 100).

Secondly, there are some users who are also in an Admin group with max confidence. Such users are still prone to (for example) accidentally deleting entities while working in a report's knowledge graph. Having the option to protect certain entity types using the danger zone mechanism would actually prevent this (or at least show an additional warning dialog that clearly indicates that some dangerous operation is about to be executed).

And lastly, I am wondering why the confidence/credbility is used for access control. Wouldn't it make much more sense to use the reliability instead? I feel like less reliable sources should not be allowed to modify highly reliable information regardless of the confidence level, because an unreliable source is unreliable for a reason and could, for example, falsely assess high confidence.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nino-filigran @ups1decyber