'In regards of' filter not working with observables

[Archidoit]

Reproducible Steps

• Create a threat actor that has a relationship with an observable observable1

• In Data>Entities , add a filter: in regards of observable1
• The threat actor is not displayed

[SamuelHassine]

@Archidoit this is normal, let's discuss this on Gather.

[SamuelHassine]

Denormalized information for observable related to "threat" have been removed.

[Archidoit]

Denormalized information for observable related to "threat" have been removed.

It is not working for all the 'in regards of' filters involving an observable, relationships between malwares and observables are not displayed either (not only between threats and observables).

Why has it been removed? Do we want to add it again to make the 'in regards of' filter work? @SamuelHassine

[Archidoit]

To fix this, I propose we accept the 'in regards of' filter can't work with some relationships / entity types.
The available relationship types and ids values for the in regards of filter should only propose working values.
What do you think? @SamuelHassine @nino-filigran @RomainGUIGNARD

[Archidoit]

The relationships not supported are relationships with :

• type = related_to & from is stixCyberObservable
• type = located_at & to is one of [region, country] & from is one of [ipv4, ipv6, city]
• type = targets & to is one of [region, country, sector]

--> We can't exclude some entity types / relationship types since it may work for some combinations and not others. I suggest just to add a warning tooltip next to this filter indicating which relations won't be found @nino-filigran

[nino-filigran]

Yes, like the one in the template for current entity. Let's go with this.