Not all IOCs are imported

vmray / vmray-misp-feed

Automatically import VMRay Platform analyses into MISP as a feed.

MIT License

5 stars 2 forks source link

Not all IOCs are imported #8

Open padey opened 1 year ago

padey commented 1 year ago

Hi,

it looks like that not all of the IOCs generated by VMRay are imported to the MISP event. I have some examples where only hash values and "sample.url" are transmitted as payload delivery. When I call up the report in VMRay, file names, URLs, Domains, IPs, etc. are listed as IOC.

Our MISP version: 2.4.175 The config:

[misp_event]
include_report = false
use_vmray_tags = true
include_vtis = true
ioc_only = true

jthom-vmray commented 3 hours ago

Can you provide the summary_v2.json from the analysis which is missing the IOCs?