Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] IOC files do not work with S1 and DFE #97

Closed
3 of 7 tasks
xC0uNt3r7hr34t opened this issue Feb 25, 2023 · 0 comments · Fixed by #98
Closed
3 of 7 tasks

[BUG] IOC files do not work with S1 and DFE #97

xC0uNt3r7hr34t opened this issue Feb 25, 2023 · 0 comments · Fixed by #98
Assignees
Labels

Comments

@xC0uNt3r7hr34t
Copy link
Contributor

Describe the bug
IOC files do not utilize a conversion to the proper fields when calling the process_search functions. A new function or additional code to reference the conversion fields needs to be added for using IOC files.

What side of Surveyor is impacted?

  • Definition File
  • Code/Logic

What product is impacted?

  • Carbon Black Response
  • Carbon Black Threat Hunter
  • Defender for Endpoints
  • SentinelOne
  • Other

To Reproduce
run against S1 or DFE product with ioctype as ipaddr and an iocfile containing only IPs with one per line.

Expected behavior
a query is built out to search for any of the specified IPs or ioc specified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants