Add false positives - Githubissues

MISP / misp-sighting-server

MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.

https://misp.github.io/misp-sighting-server/

15 stars 4 forks source link

Add false positives #1

Closed iglocska closed 6 years ago

iglocska commented 6 years ago

Naive way of adding false positives, without a real performance impact.
Simply use a second db to store the FP sightings in the same format
pass -d "type=0" or -d "type=1" for sightings/fp sightings respectively. If not set, sightings are always assumed.

adulau commented 6 years ago

Thank you!