False positive cps_cobaltstrike_domain.intel

CriticalPathSecurity / Zeek-Intelligence-Feeds

Zeek-Formatted Threat Intelligence Feeds

MIT License

345 stars 46 forks source link

False positive cps_cobaltstrike_domain.intel #12

Closed lvjurz closed 2 years ago

lvjurz commented 2 years ago

Hi, cps_cobaltstrike_domain.intel contains domains such as "seen.indicator":"code.jquery.com" "seen.indicator":"outlook.live.com" "seen.indicator":"www.adobe.com" "seen.indicator":"www.bing.com" "seen.indicator":"www.microsoft.com"

which all seem legitimate domains, please remove.

Patrick-Kelley commented 2 years ago

Will do! Seems to be an issue with the upstream source, but I can filter them out of this repository.

Patrick-Kelley commented 2 years ago

False positives are removed! Thank you @lvjurz for sending this over.