Open PhilOrdo opened 1 year ago
@PhilOrdo We reviewed this a bit with @dcuellar322 and next steps that could move this ahead are to basically provide an input file, like what we'd use in this use case, and pass that over to David as an example of the workflow and for him to test with locally.
We can currently resurrect existing retired IOCs imported via https://threatkb.inquest.net/#!/import. This is a feature request to add an option to retire imported IOCs if they exist in ThreatKB and are in "Released" state.
This applies to indicators (C2 IP, C2 domains).