Andreas Misje
Andreas Misje
Currently, the search field supports searching hostnames, IP addresses, MAC addresses and labels. When I need to investigate a particular client, my identifier is typically the computer owner (person the...
### Description Replace invalid IP address and fix SHA-256 hash generation so that the generated alerts contain valid data. ### Issues Resolved #6621 ### Test - The new IP address...
**Description** wazuh-alerts-generators generates events with invalid IP addresses (24.273.97.14) and SHA-256 hashes (60 hex. characters instead of 64). This causes issue when the data is validated in tools connecting to...
The current API appears to be [deprecated](http://netfilter.org/projects/libnetfilter_queue/doxygen/html/group__Queue.html). What can be used instead? I imagine a new API is aimed to work with nftables.
Create a test set up that can test packet mangling. It can be implemented using a docker container (remember `--cap-add=NET_ADMIN` and `--cap-add=SYS_PTRACE --security-opt seccomp=unconfined` would be handy to use container...
Make it possible to only mangle DHCP packets of a certain type. Add a command line option to filter incoming packets on their option 53 ("DHCP Message Type"). Or maybe...
In order to easily convey the purpose of _once_ a few good use cases should be presented in the README. Example test code should implement them. Personally I have a...
## Description Setting a filter on a shared data stream, like "Entity type != URL", does not seem to have any effect. ## Environment 1. OS (where OpenCTI server runs):...
## Description Imported sightings' confidence level is always "5 - Improbable" ## Environment 1. OS (where OpenCTI server runs): docker: opencti/platform:6.0.9 2. OpenCTI version: 6.0.9 3. OpenCTI client: 6.0.9 4....