Nic

Same issue here. This is being flagged as malicious by Carbon Black today as well. 1.1.105 is being blocked with the same message as above. Reopen this issue? Or create...

@andreasjordan - I agree. I did narrow down that Carbon Black doesn't like it when you create an object with GETPROCADDRESS and LOADLIBRARY in the same object. So something like...

Of course. Nothing you can really do to fix that. Also, like I mentioned, this was just one instance of CB flagging the code. Even if you got rid of...

Hey @To-om - Will this issue resolve the problems in the Search section of TheHive for Observables? In 4.1.11 and 4.1.12 when you search by dataType it will say Search...

Thanks, I will do that!

FYI, Elastic has added the Vulnerability schema to ECS: https://github.com/elastic/ecs/blob/master/schemas/vulnerability.yml

Stand by, I have what you desire. :)

Excellent work @Doserdog ! @olafhartong This is a rather large pull but I think it will extend all of the great work you have done to get even more benefits...

That is true on the readability, but think about the advantages to your SIEM as you will have the Tactic info available and you won't have to cross reference. Definitely...

Hey @olafhartong, what do you think of this PR? I would be happy to break it down further if needed.