remg427
commented
1 year ago added to dashboard on this custom command thanks
Closed ipfyx closed 1 year ago
remg427
commented
1 year ago added to dashboard on this custom command thanks
Hi,
could you update the mispdight doc please ?
Here are the new fields :
misp_sight_t0_count misp_sight_t0_et misp_sight_t0_first_a_id misp_sight_t0_first_e_id misp_sight_t0_first_org_id misp_sight_t0_first_source misp_sight_t0_last_a_id misp_sight_t0_last_e_id misp_sight_t0_last_org_id misp_sight_t0_last_source misp_sight_t0_lt
misp_sight_t1_count misp_sight_t1_et misp_sight_t1_first_a_id misp_sight_t1_first_e_id misp_sight_t1_first_org_id misp_sight_t1_first_source misp_sight_t1_last_a_id misp_sight_t1_last_e_id misp_sight_t1_last_org_id misp_sight_t1_last_source misp_sight_t1_lt
misp_sight_t2_count misp_sight_t2_et misp_sight_t2_first_a_id misp_sight_t2_first_e_id misp_sight_t2_first_org_id misp_sight_t2_first_source misp_sight_t2_last_a_id misp_sight_t2_last_e_id misp_sight_t2_last_org_id misp_sight_t2_last_source
Here is my guess :
t0 is for type 0 : IOC sighted t1 is for type 1 : IOC false positive t2 is for type 2 : IOC expired
misp_sight_t0_count : number of times sighted misp_sight_t0_et : timestamp when first sighted misp_sight_t0_first_a_id : first misp attribute_id the IOC was sighted misp_sight_t0_first_e_id : first misp event_id where the IOC was sighted misp_sight_t0_first_org_id : first misp organisation_idthe IOC was sighted misp_sight_t0_first_source : first source name misp_sight_t0_last_a_id : last misp attribute_id the IOC was sighted misp_sight_t0_last_e_id : last misp event_id where the IOC was sighted misp_sight_t0_last_org_id : last misp organisation_idthe IOC was sighted misp_sight_t0_last_source : last source name misp_sight_t0_lt : timestamp when last sighted
Thank you for the addition of all these fields !