brianwarehime
commented
8 years ago I apologize for getting to this so late, as I've been updating the other issues, I've been swamped and in between moves right now. In about two weeks, I'll be able to sit down and go over all the suggestions you've made and work with the others that have been helping and talk through some of the development and database changes in the works.
Thanks for all your suggestions, really great feedback! Again, sorry I can't dig into this right away, but, it's definitely on my plate and I will review it as soon as I can.
CyberIntelJunkie
Threat Actors (
http://0.0.0.0:5000/threatactors) feel empty as they stand right now. When I think of Threat Actors, I think of a collection of attributes/indicators associated with an actor, versus right now, it feels like any other indicator.Issue 1: Threat actors feel like indicators
http://0.0.0.0:5000/threatactors/[actor]/info) layout to be more of an overview of the actor. Possibly include free form comment field that an analyst can add information about the actor (date of activity, aliases (#137), attribution, etc). Also another thought - include graphs of indicators associated with actor (i.e. - pie graph of domains, IPs, hashes, etc). I think a dashboard similar to the one fromhttps://almsaeedstudio.com/previewwould be a good overview tab (UI mentioned in #93).Issue 2: No easy way to tie indicators/campaigns to actors
Issue 3: No way to export all indicators associated with actor
Now I understand this is a big enhancement and may not be possible with the current database or layout. Love the project and the commitment you guys are showing. I personally feel like if these requests add bloat or complexity, it may not be worth it to add since threat_note is awesome at being lightweight and simple.