Open advancedeng opened 8 years ago
I think this is interesting. Right now, everything is "manual pull," when you open an indicator page. If threat_note moves to pulling new info on those indicators in an automated fashion, on a schedule for example, this idea has a ton of merit!
Interesting idea for sure. I could definitely build in some monitoring capability. Maybe something like creating a new field for stuff like 'last_resolved' and store the last domain or IP the indicator resolved to, and if the new result is different, then alert the user. Definitely something to do in the future.
As swannysec said, this would be per user basis, so it would only use the data in your database to go off of. Not sure how well a long term cache of indicator would work. Until I move this to a web version for all users instead of locally.
Hi again,
Do you think that threat_note is the right tool for building and maintaining watchlists (domain names, hostnames, registration email addresses, IP addresses). If yes then there are some use cases:
Cheers, Andreas