Noafr
Noafr
**Problem:** The current Attack object describes the involved technique (uid [string], name [string]) related to the attack and its associated tactics. As one technique may be associated with multiple tactics,...
**Problem**: In addition to the severity field, some vendors are also sending a "confidence" score to describe the certainty of the severity determined for the incident/event. For example, Vectra sends...
**Problem** Users may want to query for the threat score of the event as given by the ref (original) source. Vectra (AI-driven threat detection and response for hybrid and multi-cloud...
**Problem** The Scheduled Job Activity doesn`t contain an activity id to represent an event when the scheduled task is started **Suggestion** Add 'Start' Activity ID to Scheduled Job Activity
The Scan Class currently supports integers representing the number of scanned files/folders/network items but not a reference to the object themselves. For example, the Sha1 & path of a scanned...
SentinelOne Distinguishes between different Remote Process Activities. Code Injection & Process Termination are covered by Activity ID 4 (Inject) & 2 (Terminate), however missing Remote Memory Operations (e.g. readLsass, writeToEAT,...
**Problem** The Registry Key Activity doesn`t contain an activity id to represent an event when the registry key is exported into a file **Suggestion** Add 'Export' Activity ID to Registry...
**Problem** The Registry Key Activity doesn`t contain an activity id to represent an event when the registry key is imported to the registry **Suggestion** Add 'Import' Activity ID to Registry...