connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[Sekoia] Indicator name for network traffic

Open marckto-filigran opened this issue 1 year ago • 0 comments

Description

Indicators that indicate a network traffic don't have the main observable type "network traffic" but "ipv4" instead.

Also, sometimes name don't relate to the pattern: example: https://demo.octi.filigran.io/dashboard/observations/indicators/0ef643ca-58c0-4725-a835-02a9364759a0

name is the correct pattern, but actual pattern is not

https://demo.octi.filigran.io/dashboard/observations/indicators/36582b06-5517-40f5-9cb4-3e2c1fa2839c

name is correct, but pattern is not

Expected Output

main observable type should be "network traffic" name should be: network traffic to <IP> on port pattern should be: [network-traffic:dst_ref.value = 'IP' AND network-traffic:dst_port = port]

marckto-filigran avatar Sep 03 '24 09:09 marckto-filigran