Open marckto-filigran opened 2 months ago
Indicators that indicate a network traffic don't have the main observable type "network traffic" but "ipv4" instead.
Also, sometimes name don't relate to the pattern: example: https://demo.octi.filigran.io/dashboard/observations/indicators/0ef643ca-58c0-4725-a835-02a9364759a0
name is the correct pattern, but actual pattern is not
https://demo.octi.filigran.io/dashboard/observations/indicators/36582b06-5517-40f5-9cb4-3e2c1fa2839c
name is correct, but pattern is not
main observable type should be "network traffic" name should be: network traffic to on port pattern should be: [network-traffic:dst_ref.value = 'IP' AND network-traffic:dst_port = port]
Description
Indicators that indicate a network traffic don't have the main observable type "network traffic" but "ipv4" instead.
Also, sometimes name don't relate to the pattern: example: https://demo.octi.filigran.io/dashboard/observations/indicators/0ef643ca-58c0-4725-a835-02a9364759a0
https://demo.octi.filigran.io/dashboard/observations/indicators/36582b06-5517-40f5-9cb4-3e2c1fa2839c
Expected Output
main observable type should be "network traffic" name should be: network traffic to on port
pattern should be: [network-traffic:dst_ref.value = 'IP' AND network-traffic:dst_port = port]