Xiaokui Shu
Xiaokui Shu
Hmm, this is an interesting case. Theoretically, it is possible to have one property mapped in `from_stix` but not in `to_stix`. This may confuses the upper layer (e.g., Kestrel) which...
Fully agree we should make `src_ref.value` into something like `src_addr` as the first step before our own conceptual data model. I also find `src_ref.value` not friendly to new users. I...
Yep. I am thinking if we can have a general rule for such alias naming. We can explicitly list all aliases Kestrel uses in [entity doc](https://kestrel.readthedocs.io/en/stable/language/eav.html#common-entities-and-attributes), yet there could be...
Good idea making the patterning sub-language extensible. We may want to have an ABC for any adapter to implement two functions: `to_stix()` and `to_firepit()`.
need to document it that to use `'binary_ref.name'` to tell Kestrel treat it as a string. This works: ``` procs = GET process FROM file:///tmp/lab101.json WHERE parent_ref.name = 'svchost.exe' START...
@mdazam1942 just to confirm, does it mean patching the STIX bundle in the transmission module to add additional fields in the raw data in order for the translation module to...
Thanks for reporting this @frequent6198 ! Could you update kestrel to 1.7.3 (`pip install -U kestrel-lang`) and then run the stix-shifter diagnosis tool in a terminal with the kestrel-installed python...
Interesting. It gives another error. This new error might be caused by different versions of stix-shifter. Could you run any huntflow you had once, e.g. ``` test = GET process...
I think I get the reason why it gives another error. The first testing query I put in the diagnosis tool is `[ipv4-addr:value LIKE '%']`. However, `LIKE` is not supported...
OpenCV supports it, but dvr-scan may need some upgrades to handle the input type: 1. dvr-scan cli currently [only supports local files](https://github.com/Breakthrough/DVR-Scan/blob/main/dvr_scan/cli/controller.py#L71) for `-i` ``` [DVR-Scan] DVR-Scan 1.6.2 [DVR-Scan] Error:...