search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.1k stars 419 forks source link

Improve `CTIHelper` and its methods #2793

Open buixor opened 5 months ago

buixor commented 5 months ago

What would you like to be added?

We currently expose a CTIHelper expr method, but it has a few shortcoming:

  1. We might make its usage easier than currently (ie. we need to do CTIHelper(evt.Overflow.GetSources()[0]) or something similar.
  2. We are exposing only a few properties via helpers
  3. The SmokeItem isn't up-to-date (ie. no mitre techniques)
  4. We lack "convenience" helpers

Why is this needed?

make cti helpers great again

github-actions[bot] commented 5 months ago

@buixor: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 5 months ago

@buixor: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
buixor commented 5 months ago

/kind enhancement

mmetc commented 4 months ago

wip https://github.com/crowdsecurity/crowdsec/pull/2812

LaurenceJJones commented 3 days ago

1.6.3 or move timeline to 1.6.4?