Import indicators (mostly YARA or SIGMA) in bulk

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform

https://opencti.io

Other

5.17k stars 819 forks source link

Import indicators (mostly YARA or SIGMA) in bulk #5169

Open SamuelHassine opened 7 months ago

SamuelHassine commented 7 months ago

Use case

How to import 450 YARA rules at the format .yar or .yara that are in my local folder?

Jipegien commented 7 months ago

So we need the importDocument to be able to ingest yara or sigma contained in files into adequate Indicators and we need an interface where multiple files could be listed for ingestion.