From 720e59ca64c606fe28991ee5bfbfc061fe463e0b Mon Sep 17 00:00:00 2001
From: "Jermain @ Filigran.io" <155680154+Jermain-N@users.noreply.github.com>
Date: Fri, 4 Oct 2024 11:10:49 +0200
Subject: [PATCH 1/2] Update overview.md

Added a description of the Diamond model.
---
 docs/usage/overview.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/usage/overview.md b/docs/usage/overview.md
index 7ab4f1ca..b3214617 100644
--- a/docs/usage/overview.md
+++ b/docs/usage/overview.md
@@ -98,6 +98,7 @@ In the `Knowledge` tab, which is the central part of the entity, you will find a
 
 - The `Knowledge` tab of those entities (who represents Analyses or Cases that can contains a collection of Objects) is the place to integrate and link together entities. For more information on how to integrate information in OpenCTI using the knowledge tab of a report, please refer to the part [Manual creation](manual-creation.md).
 - The `Knowledge` tabs of any other entity (that does not aim to contain a collection of Objects) gather all the entities which have been at some point linked to the entity the user is looking at. For instance, as shown in the following capture, the `Knowledge` tab of Intrusion set APT29, gives access to the list of all entities APT29 is attributed to, all victims the intrusion set has targeted, all its campaigns, TTPs, malware etc. For entities to appear in these tabs under `Knowledge`, they need to have been linked to the entity directly or have been computed with the inference engine.
+- When consulting an `Incident`, `Infrastructure`, `Threat Actor (group)`, `Threat Actor (individual)`, `Intrusion Set`,  `Malware`, `Channel` or `Tool` entity in OpenCTI, you may consult its auto-populated `Diamond` model from the `Knowledge` tab. The `Diamond` model illustrates the relationships that exist between the viewed entity and other entities in OpenCTI and automatically maps them to one of the four relevant quadrants: Adversary (e.g. Threat Actors), Infrastructure (e.g. Observables), Victimology (e.g. Sectors) and Capabilities (e.g. Attack Patterns). Each Diamond quadrant is interactive and can be clicked on to navigate to the full list of its relevant entities.
 
 ![The Intrusion Set's Knowledge tab](assets/apt41_knowledge_view.png)
 

From f9a3a0d7696b83013ca0025030d170657f38fc8a Mon Sep 17 00:00:00 2001
From: "Jermain @ Filigran.io" <155680154+Jermain-N@users.noreply.github.com>
Date: Fri, 4 Oct 2024 11:44:41 +0200
Subject: [PATCH 2/2] Update docs/usage/overview.md

Co-authored-by: nino-filigran <148041607+nino-filigran@users.noreply.github.com>
---
 docs/usage/overview.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/usage/overview.md b/docs/usage/overview.md
index b3214617..a4c50695 100644
--- a/docs/usage/overview.md
+++ b/docs/usage/overview.md
@@ -98,7 +98,7 @@ In the `Knowledge` tab, which is the central part of the entity, you will find a
 
 - The `Knowledge` tab of those entities (who represents Analyses or Cases that can contains a collection of Objects) is the place to integrate and link together entities. For more information on how to integrate information in OpenCTI using the knowledge tab of a report, please refer to the part [Manual creation](manual-creation.md).
 - The `Knowledge` tabs of any other entity (that does not aim to contain a collection of Objects) gather all the entities which have been at some point linked to the entity the user is looking at. For instance, as shown in the following capture, the `Knowledge` tab of Intrusion set APT29, gives access to the list of all entities APT29 is attributed to, all victims the intrusion set has targeted, all its campaigns, TTPs, malware etc. For entities to appear in these tabs under `Knowledge`, they need to have been linked to the entity directly or have been computed with the inference engine.
-- When consulting an `Incident`, `Infrastructure`, `Threat Actor (group)`, `Threat Actor (individual)`, `Intrusion Set`,  `Malware`, `Channel` or `Tool` entity in OpenCTI, you may consult its auto-populated `Diamond` model from the `Knowledge` tab. The `Diamond` model illustrates the relationships that exist between the viewed entity and other entities in OpenCTI and automatically maps them to one of the four relevant quadrants: Adversary (e.g. Threat Actors), Infrastructure (e.g. Observables), Victimology (e.g. Sectors) and Capabilities (e.g. Attack Patterns). Each Diamond quadrant is interactive and can be clicked on to navigate to the full list of its relevant entities.
+- When consulting an `Incident`, `Infrastructure`, `Threat Actor (group)`, `Threat Actor (individual)`, `Intrusion Set`,  `Malware`, `Channel` or `Tool` entity in OpenCTI, you may consult its auto-populated `Diamond` model from the `Knowledge` tab. The `Diamond` model illustrates the relationships that exist between the viewed entity and other entities in OpenCTI and automatically maps them to one of the four relevant quadrants: Adversary (e.g. Threat Actors), Infrastructure (e.g. Observables), Victimology (e.g. Sectors) and Capabilities (e.g. Attack Patterns). Each Diamond quadrant is interactive and can be clicked on to navigate to a full list (or only a subset) of its relevant entities.
 
 ![The Intrusion Set's Knowledge tab](assets/apt41_knowledge_view.png)