Hotfix OpenCTI connector and new doc about inferences

README.md

@@ -23,7 +23,7 @@ The goal is to create a comprehensive tool allowing users to capitalize technica
 
 Once data has been capitalized and processed by the analysts within OpenCTI, new relations [may be inferred](https://opencti-platform.github.io/docs/reference/inferences) from existing ones to facilitate the understanding and the representation of this information. This allow the user to extract and leverage meaningful knowledge from the raw data.
 
-OpenCTI not only allows [imports]((https://opencti-platform.github.io/docs/usage/import)) but also [exports of data]((https://opencti-platform.github.io/docs/usage/export)) under different formats (CSV, STIX2 bundles, etc.). [Connectors](https://github.com/OpenCTI-Platform/connectors) are currently developped to accelerate interactions between the tool and other platforms.
+OpenCTI not only allows [imports](https://opencti-platform.github.io/docs/usage/import) but also [exports of data](https://opencti-platform.github.io/docs/usage/export) under different formats (CSV, STIX2 bundles, etc.). [Connectors](https://github.com/OpenCTI-Platform/connectors) are currently developped to accelerate interactions between the tool and other platforms.
 
 ## Documentation and demonstration
 

opencti-documentation/docs/getting-started/introduction.md

@@ -17,9 +17,9 @@ The structuration of the data is performed using a knowledge schema based on the
 
 The goal is to create a comprehensive tool allowing users to capitalize technical (such as TTPs and observables) and non-technical information (such as suggested attribution, victimlogy etc.) while linking each piece of information to its primary source (a report, a MISP event, etc.), with features such as links between each information, first and last seen dates, levels of confidence etc. The tool is able to use the [MITRE ATT&CK framework](https://attack.mitre.org) (through a [dedicated connector](https://github.com/OpenCTI-Platform/connectors)) to help structure the data. The user can also chose to implement its own datasets.
 
-Once data has been capitalized and processed by the analysts within OpenCTI, new relations [may be inferred](../usage/inferences) from existing ones to facilitate the understanding and the representation of this information. This allow the user to extract and leverage meaningful knowledge from the raw data.
+Once data has been capitalized and processed by the analysts within OpenCTI, new relations [may be inferred](../reference/inferences) from existing ones to facilitate the understanding and the representation of this information. This allow the user to extract and leverage meaningful knowledge from the raw data.
 
-OpenCTI not only allows [imports](guides/import-data) but also [exports of data](guides/export-data) under different formats (CSV, STIX2 bundles, etc.). [Connectors](https://github.com/OpenCTI-Platform/connectors) are currently developped to accelerate interactions between the tool and other platforms.
+OpenCTI not only allows [imports](../usage/import) but also [exports of data](../usage/export) under different formats (CSV, STIX2 bundles, etc.). [Connectors](https://github.com/OpenCTI-Platform/connectors) are currently developped to accelerate interactions between the tool and other platforms.
 
 ## Demonstration
 

opencti-documentation/docs/reference/inferences.md

@@ -0,0 +1,85 @@
+---
+id: inferences
+title: Inferred relations
+sidebar_label: Inferred relations
+---
+
+## Introduction
+
+OpenCTI is based on an [entities-relations model](../usage/model) that allows users to connect many entities together. In some cases, it could be interesting that some facts to be automatically inferred from others. For instance, if a `campaign` targeted the sector of `electricity`, which is a sub-sector of the `energy` sector, and is attributed to an `intrusion set`, the analyst wants to know that this specific `intrusion set` has targeted the `energy` sector.
+
+In OpenCTI, this can be represented by:
+
+![Relations](assets/reference/relations.png "Relations")
+
+To derive the implicit facts of this kind of knowledge, OpenCTI relies on the [inferences capability of the Grakn database](https://dev.grakn.ai/docs/schema/rules). The result is explained directly in the application when displaying an inferred relation:
+
+![Inference 1](assets/reference/inference1.png "Inference 1")
+
+## Implemented rules of inferences
+
+The implemented rules are expressed here in pseudo-code.
+
+### Usage rules
+
+<pre><code>when {
+	A attributed-to B
+	A uses C
+}, then {
+	B uses C
+}
+</code></pre>
+
+### Target rules
+
+<pre><code>when {
+	A attributed-to B
+	A targets C
+}, then {
+	B targets C
+}
+</code></pre>
+
+<pre><code>when {
+	A uses B
+	B targets C
+}, then {
+	A targets C
+}
+</code></pre>
+
+<pre><code>when {
+	A part-of (gathering) B
+	C targets A
+}, then {
+	C targets B
+}
+</code></pre>
+
+<pre><code>when {
+	A localized-in (localization) B
+	C targets A
+}, then {
+	C targets B
+}
+</code></pre>
+
+### Attribution rules
+
+<pre><code>when {
+	A attributed-to B
+	B attributed-to C
+}, then {
+	A attributed-to C
+}
+</code></pre>
+
+### Localization rules
+
+<pre><code>when {
+	A localized-in (localization) B
+	B localized-in (localization) C
+}, then {
+	A localized-in (localization) C
+}
+</code></pre>