Do not search for URLs diregarding the host

misje / opencti-wazuh-connector

OpenCTI–Wazuh connector looking for indicators in Wazuh and creating sightings

Apache License 2.0

13 stars 1 forks source link

Closed misje closed 4 months ago

misje commented 4 months ago

This creates a huge amount of false positives in apache logs. Lots of indicators contains simple paths like "/i" and "/bin.sh".

misje commented 4 months ago

There is already a setting for this that I had enabled in my environment (the default is off).