Related containers / correlation enhancements

[SamuelHassine]

Use case

When we display the list of "correlated containers":

Right now, it is based on common observables and indicators. That being said:

• Nobody really know this, so most of the time, it is a blackbox.
• You don't have any details about which observable or indicators is contained "common" to the 2 containers
• Most of all, when you have multiple correlated containers, it is difficult to know which one it is.

In addition to this, when you are exploring the "correlation view" in the graph (3 clicks away), it is correlating on "everything", not only indicators and observables, so you have to refilter. So to get the real details about correlated containers in the overview, assuming you know how this work, it is more than 5 or 6 clicks away.

We need to implement a quick button here:

This button will open a dialog with a table of correlations with details. Something like the list of containers and the number of common objects and you can expand to see the the list of those objects for each container.

What's the functional need
ability to understand among the different correlated cases/reports, the level of correlation (is it high, low...)
ability to view the list of correlated entities
ability to pivot on them/perform actions on them
Potential solution
Potential Solution 1
Add a counter next to each report/cases to indicate the amount of correlated entities/observables
Ability to click on a CTA and be redirected to data/entities to see the list of entities/observables
To do this, add a new filter "contained in = Container A" that would list all entities contained in entity A
Add a filter on the meta type Entity Type = Observable
The screen data entities should be filtered on "contained in = Container A AND container B" AND "entity Type = Indicator OR observable"
BONUS: extend the correlation between containers of different types (ex: a report can be correlated with a case)

Potential Solution 2
Add a counter next to each report/cases to indicate the amount of correlated entities/observables
click on CTA to open a modal that contains all containers correlated, with an option to expand the view of correlated entities