Open Lhorus6 opened 3 months ago
@Megafredo or @helene-nguyen could you have a look at this when you have time please?
@nino-filigran, we will check it and give you an update as soon as possible!
@Lhorus6, @nino-filigran, after some investigations, for some points, the connector needs to be reworked to:
To fix all bugs, it must be included as a complete feature.
Thanks @helene-nguyen, good to know, we will keep it mind to prioritze this cc @Jipegien
connector improvement scheduled for 6.3. Real bugs encompass into this issue can be solved before that (please create a dedicated github bug issue)
I've created the bug, see above. I've also listed, among @Lhorus6 's requests and your answers @helene-nguyen what can be tackled as a bug. So that we can use this ticket to track the feature. @Jipegien for awarness. Let me know if any of you disagree or have question or anything.
Description
Flashpoint provides now a new API, Ignite. We need to change the connector to use this new one. At the same time we will fetch more data and improve the overall quality.
API to take a look
Get Reports https://docs.flashpoint.io/flashpoint/reference/fireapireportssearch Creation of relations and entities based on tags is needed Pagination using since + limit and skip ?
Get IOCS https://docs.flashpoint.io/flashpoint/reference/indicators_apiappattributes First do a search using updated_since + limit and skip ? Maybe using scrolling?
Flashpoint contained in the report and nothing else
Bad labels
In the labels, we can see regions, countries, sectors, TTPs, ... things that are entities in their own and to be linked to the report, not to put on the label.
Other example that tnformation are not capitalized (not linked to the report)
You can still see in the description that the report talks about a threat actor yet I have no relationship. I only have one organization in my report -> Flashpoint