[Mandiant] Include indicator observables + based-on relationships in report object_refs

[Copilot]

When Mandiant indicators are imported through report ingestion, the connector creates observables and based-on relationships but does not attach them to the report. This results in reports containing indicators only, without their observable graph.

• Report object reference completion

  • Added a report post-processing step in MandiantReport.generate() to enrich report.object_refs with:
    • relationship IDs where relationship_type == "based-on" and source_ref is an indicator in the bundle
    • the corresponding observable IDs (target_ref) from those relationships
  • Deduplicates while preserving insertion order so existing refs remain stable.

• Scoped behavior

  • Only based-on relationships sourced from indicators are considered.
  • Non-indicator based-on relationships and unrelated relationship types are ignored.

• Regression coverage

  • Added focused tests in external-import/mandiant/tests/test_reports.py for:
    • inclusion of indicator-linked observable + based-on refs
    • exclusion of non-indicator or non-based-on relationships

for relationship in utils.retrieve_all(self.bundle, "type", "relationship"):
    if relationship["relationship_type"] != "based-on":
        continue
    if relationship["source_ref"] not in indicator_ids:
        continue
    additional_refs.append(relationship["id"])
    additional_refs.append(relationship["target_ref"])

report["object_refs"] = list(dict.fromkeys(report["object_refs"] + additional_refs))