AIL-framework Data compression and cleanup

Hi Team,

Can you add a feature or suggest a way to compress the data downloaded by IAL, screenshots etc. Also is there some script that I can run "without removing existing records in the AIL"

Thanks

Sep 05 '19 02:09 Malwar3Ninja

Hi @Malwar3Ninja !

Currently there is no way to delete pastes from the DB. We want to add some in the next month.

#290 #288

Sep 05 '19 14:09 Terrtia

@Terrtia So what is the best way at the moment to retain records but also enausre storage is there. I tried using sync between MISP and TheHive but there is no feed content, hence I am unable to see the data in the alert created. I did select tags to be synced with Thehive and MISP and the tags reflect data in AIL but not in MISP/TheHive. ANything I am missing ?

Process followed: Added Keys information in MISP and Thehive --> Enabled tags in AIL ---> Enabled MISP / Thehive Syncronization --> Feeds recieved in Thehive and MISP but without content.

Thanks

Sep 06 '19 03:09 Malwar3Ninja

This is how the alert comes in TheHive. I want thd data to also reflect in the alert created so that I can removve it from my AIL/ can use Thehive to search indicators centrally as my MISP also creates feeds in ThehIve

Sep 06 '19 07:09 Malwar3Ninja

Do you have the content of the paste ?

You can trigger manually a more complete export on a paste (Need to be added to the API).

Do you have an event created and populated each day in MISP ?

Sep 09 '19 07:09 Terrtia

@Terrtia Hi Any update on the original issue I had asked for ? A way to compress the data downloaded by AIL, screenshots etc ?

Oct 11 '19 03:10 Malwar3Ninja