-
Receiving, Falcon API] Error getting Indicators: 403 Client Error: Forbidden for url: https://api.crowdstrike.com/intel/queries/indicators/v1?limit=10000&sort=published_date%7Cdesc&filter=type:'url'%2…
-
My understanding of this is that with regard to the ioc, we could either put it under the references list under the vulnerabilities property, or create a new ioc property under vulnerabilities. It ma…
-
CIF can apply a confidence value to a whole feed. My understanding is that it does not have the ability to apply confidence to individual items within in a feed. As it exists right now, if you have …
-
There is an 'IOC' section in the plus section of the VCDB schema and I have _no_ clue what it means.
-
[Amnesty International](https://www.amnesty.org) maintains lists of malicious domains they've encountered.
> This repository contains indicators of compromise extracted from some of Amnesty Interna…
-
While working on a feature for expiring indicators of compromise (IOC) of threat intel (TI) packages, we took an approach that involves `latest` transform. Essentially the transform ([example transfor…
-
**Describe the feature:**
Add support for CCS for indicator match rules; thus removing the limitation.
**Describe a specific use case for the feature:**
The documentation at says:
> * …
-
### Proposal Due Date
04/15/2025
### Proposal Overview
[SoraShield_FlowChart (real)-pdf.pdf](https://github.com/user-attachments/files/15914478/SoraShield_FlowChart.real.-pdf.pdf)
Sora…
-
**Describe the feature:**
Field names that are interesting for a case can be tagged or manually added as IOCs (indicators of compromise) within a case. These IOCs are displayed in a list in the case …
aarju updated
2 years ago
-