shusei tomonaga

We have a lot of attack data due to incident response in many organizations. However, the original data contains infected organization information, it can not be published.

Yes, you can add tags by using the following cypher query. ``` MATCH (m1:Malware) WHERE m1.cluster=64 CREATE (m1) set m1.tag="Turla" RETURN m1 ```

How about the following cypher query? ``` MATCH (m1:Malware) WHERE m1.cluster=64 MERGE (m) set m1.tag="Turla" RETURN m1 ``` Please use the following query to change the cluster id. ``` MATCH...

Yes. This is future work.

The current version can't import from Splunk, but I've put this request into the task.

It looks like an error with py2neo v4. The latest version supports py2neo v4 (not support 1.3.1), so please use the latest version.

We use Event viewer or PowerShell.

Please show a block example of your xml.

You can easily export using the wevtutil command. ``` > wevtutil qe Security /f:XML ```

Please report on your system and log details.