Describe the bug
IOC files do not utilize a conversion to the proper fields when calling the process_search functions. A new function or additional code to reference the conversion fields needs to be added for using IOC files.
What side of Surveyor is impacted?
[ ] Definition File
[x] Code/Logic
What product is impacted?
[ ] Carbon Black Response
[ ] Carbon Black Threat Hunter
[x] Defender for Endpoints
[x] SentinelOne
[ ] Other
To Reproduce
run against S1 or DFE product with ioctype as ipaddr and an iocfile containing only IPs with one per line.
Expected behavior
a query is built out to search for any of the specified IPs or ioc specified.
Describe the bug IOC files do not utilize a conversion to the proper fields when calling the process_search functions. A new function or additional code to reference the conversion fields needs to be added for using IOC files.
What side of Surveyor is impacted?
What product is impacted?
To Reproduce run against S1 or DFE product with ioctype as ipaddr and an iocfile containing only IPs with one per line.
Expected behavior a query is built out to search for any of the specified IPs or ioc specified.