[Improvement] Load observables from file + automatic addition of new observables discovered

[LetMeR00t]

Request Type

Feature Request

I would like to share with you two ideas for TheHive. 1) Add a button "Import observables from file" which will be able to load a list of observables.

• Advantages : The import allows to add several observables in one time.
• Difficulties : When the observable is a file, it will be more difficult to add it ... but we can start using several IP/domains/hashs ...

2) Automatic addition of new observables discovered from analysis. For example, Cuckoo is returning some IP/domains identified during the analysis. This automatic routine could add these new observables in the case (the analysis should be perform manually if needed for the new observables). We could add a new column on the report details page that indicate if the observable was added manually by the user or automatically by one of the analysis.

• Advantages : New interesting observables could be added to the case in order to have a lot of information concerning the threat
• Difficulties : Depending on each analysis, we need to define a parser that is able to identify the news observables.

I propose these features because I could be able to propose such kind of improvements but I want to know first of all if the project is interested with these ideas (and maybe they are already implemented and I haven't seen them yet :))

[saadkadhi]

Hi @LetMeR00t. Thanks for the feature request. In fact this is something we had in mind for a very long time and hopefully we'll get around to implement it by the end of the year.

[LetMeR00t]

Thanks for your reply. Great news that it will be implemented "soon" :)