Paul Coccoli
Paul Coccoli
Forgot to mention what version I'm using: ``` $ flatpak info com.github.alecaddd.sequeler Sequeler - Friendly SQL Client ID: com.github.alecaddd.sequeler Ref: app/com.github.alecaddd.sequeler/x86_64/stable Arch: x86_64 Branch: stable Version: 0.8.0 License: GPL-3.0+ Origin:...
I also need to remove the legend (since there's only a single data category in my charts). This is required for my 1Q release. @cameroncalder does your comment above count...
Note that the darktrace module creates an extension on `x509-certificate` when ja3/ja3s hashes are done on the TLS handshake, not the certificate.
I don't know anything about MongoDB, but some data sources have aggregations. For example in QRadar AQL you can GROUP BY and then use an aggregation function (IIUC). In STIX...
Here's an example of Windows "Process Create" sysmon event that came via QRadar. There is no network traffic being reported here, but the IP address of the event sender (presumably)...
Yes @delliott90 - that's a good summary. Whenever possible, we want UUID5 (i.e. "deterministic") IDs. Of the standard SCOs, only `process` has no ID contributing properties. `user-account` uses account_type, user_id,...
Duplicate of https://github.com/opencybersecurityalliance/stix-shifter/issues/919
Can't we import the STIX grammar into the Kestrel grammar? I think that way we could make autocomplete work.
After extracting the values, we probably want to propagate the relationship of the origin entities to the derived entities. E.g. if `urls` were a list of 3 entities, url1, url2,...
Related: https://github.com/opencybersecurityalliance/stix-shifter/issues/922