[QUESTION] Type of observables - definition

TheHive-Project / TheHiveDocs

Documentation of TheHive

https://docs.strangebee.com/

GNU Affero General Public License v3.0

393 stars 280 forks source link

[QUESTION] Type of observables - definition #159

Closed KRUXLEX closed 4 years ago

KRUXLEX commented 4 years ago

Hi, Can someone tell were is some definition with example of observable types. Because I have some problem with classification. VirusTotal returns name of family malware, for example Trojan.Win32.XYZ. I want to add it to observable, but suggested type are FQDN or domain. What should be?

KRUXLEX commented 4 years ago

@nadouani can you help and answer?

nadouani commented 4 years ago

If you need to have more datatypes, you need to add them from the administration section. Once you have added the new datatypes, you will see them listed in observable creation page.

KRUXLEX commented 4 years ago

Hi, I know that, this is technically, But it' is a sense? I ask someone more experience. How professionally named that observable type? Or this isn't sense to use it?