search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
9.16k stars 472 forks source link

Improve `CTIHelper` and its methods #2793

Open buixor opened 10 months ago

buixor commented 10 months ago

What would you like to be added?

We currently expose a CTIHelper expr method, but it has a few shortcoming:

  1. We might make its usage easier than currently (ie. we need to do CTIHelper(evt.Overflow.GetSources()[0]) or something similar.
  2. We are exposing only a few properties via helpers
  3. The SmokeItem isn't up-to-date (ie. no mitre techniques)
  4. We lack "convenience" helpers

Why is this needed?

make cti helpers great again

github-actions[bot] commented 10 months ago

@buixor: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 10 months ago

@buixor: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
buixor commented 10 months ago

/kind enhancement

mmetc commented 9 months ago

wip https://github.com/crowdsecurity/crowdsec/pull/2812

LaurenceJJones commented 5 months ago

1.6.3 or move timeline to 1.6.4?