jshcodes
commented
2 years ago Hi @jezkerwin -
We are in the process of updating this integration to speak to this concern, and will be testing aggregating indicators without these relationships by malware family in our next version. (v0.6.4, in flight now. You should see this branch post early this week.)
As this issue duplicates #45, I'm closing this one. We will use #45 to track this enhancement. 😃
I'm curious as to why events are being created in MISP that only have 1 indicator in them? It makes for a very messy MISP instance. It would be nice if there was a way to stop this or group all those individual indicators into a single MISP event for those not related to a CS report of actor.