For No detection or in case no rule available to analyze the uploaded file

JawedCIA / ArkThor

Threat Categorization Based on Malware’s C2 Communication in PCAP file

https://arkthor.azurewebsites.net/

1 stars 0 forks source link

For No detection or in case no rule available to analyze the uploaded file #7

Closed JawedCIA closed 1 year ago

JawedCIA commented 1 year ago

Make sure to update the status in case there is no detection. Dont leave the status as Inprogress (this was set when core pickedup the file). better would be to create json file as below and upload [ { "SHA256":"SHA256_Of_File", "rule_name": "No THREAT", "authored_timestamp": 1679144203, "severity": 0, "Status":"Done",
"c2_countries" : [ "CN", "JP", "US" ]
} ]

You can use below option for rule_name

like iceid,botbot,rat etc Ambigous Suspicous No Threat

SriramP commented 1 year ago

Implemented

JawedCIA commented 1 year ago

No its not, I am just getting Status Update as DONE, This is not what i expected. My expectation was to get Final Json file as in the format mentioned above.

I clearly mentioned the format which i am expected in case you are not able to detect anything or you dont have rule to find it out.

but core is not returning anything :( just the status

SriramP commented 1 year ago

Committed now as instructed.