[usage] document diamond model

docs/usage/overview.md

@@ -98,6 +98,7 @@ In the `Knowledge` tab, which is the central part of the entity, you will find a
 
 - The `Knowledge` tab of those entities (who represents Analyses or Cases that can contains a collection of Objects) is the place to integrate and link together entities. For more information on how to integrate information in OpenCTI using the knowledge tab of a report, please refer to the part [Manual creation](manual-creation.md).
 - The `Knowledge` tabs of any other entity (that does not aim to contain a collection of Objects) gather all the entities which have been at some point linked to the entity the user is looking at. For instance, as shown in the following capture, the `Knowledge` tab of Intrusion set APT29, gives access to the list of all entities APT29 is attributed to, all victims the intrusion set has targeted, all its campaigns, TTPs, malware etc. For entities to appear in these tabs under `Knowledge`, they need to have been linked to the entity directly or have been computed with the inference engine.
+- When consulting an `Incident`, `Infrastructure`, `Threat Actor (group)`, `Threat Actor (individual)`, `Intrusion Set`,  `Malware`, `Channel` or `Tool` entity in OpenCTI, you may consult its auto-populated `Diamond` model from the `Knowledge` tab. The `Diamond` model illustrates the relationships that exist between the viewed entity and other entities in OpenCTI and automatically maps them to one of the four relevant quadrants: Adversary (e.g. Threat Actors), Infrastructure (e.g. Observables), Victimology (e.g. Sectors) and Capabilities (e.g. Attack Patterns). Each Diamond quadrant is interactive and can be clicked on to navigate to a full list (or only a subset) of its relevant entities.
 
 ![The Intrusion Set's Knowledge tab](assets/apt41_knowledge_view.png)