Paul Coccoli
Paul Coccoli
**Describe the bug** By default, stix-shifter-diag uses the time range 2000-01-01T00:00:00Z to 3000-01-01T00:00:00Z. This can cause multiple issues: - some data sources (like sumologic, apparently) don't support dates in the...
**Is your feature request related to a problem? Please describe.** There's no explicit way to express a sequential pattern (e.g. search for X followed by Y). STIX patterning actually supports...
**Describe the bug** After creating a variable in a Jupyter Notebook, you should be able to e.g. type `d` and hit `` to get the suggestion `DISP`. This does not...
**Is your feature request related to a problem? Please describe.** We have a table of known relationships (STIX 2.0 references between SCOs). Some data source may have reference properties not...
**Is your feature request related to a problem? Please describe.** STIX patterning is not well known, and having to use things like `src_ref.value` can be confusing to new users. We've...
All the relations supported by `FIND` are "first" degree: a direct reference from one SCO to another. While trying to write a hunt for DLL hijacking, I hit this: ```...
A way to implement #122 could be through "pattern adapters" - these would be modules that allow the user to specify patterns in something other than STIX patterns (or ECGPatterns)....
**Is your feature request related to a problem? Please describe.** The hunter doesn't care if an analytic is using docker or python. **Describe the solution you'd like** `APPLY my_analytic` should...
**What is the bug?** If I select the same column twice, with 2 different aliases, and specify `fetch_size`, then first alias is ignored. It works fine if I don't include...
When a SCO appears multiple times in a STIX 2.0 bundle, the stix_stepper 2.1 output includes duplicate copies of that SCO. Input file (conns2.json): ``` { "type": "bundle", "spec_version": "2.0",...