Xiaokui Shu
Xiaokui Shu
Thanks to `stix-shifter`'s effort supporting process UUID from data sources (https://github.com/opencybersecurityalliance/stix-shifter/pull/1051), and `firepit` is using it to generate deterministic process id (https://github.com/opencybersecurityalliance/firepit/blob/2ce4b0c3c642bc4324243515872b72573e0f3a7a/firepit/stix21.py#L25). Now we can have a simpler and better...
Wanna create a Kestrel analytics that other hunters will clone and reuse? Try to do one for VirusTotal. Useful information: - How to install Kestrel: https://kestrel.readthedocs.io/en/stable/installation/ - Basic concepts of...
https://d3fend.mitre.org/ Each _detect_ step might be a good Kestrel analytics. Current STIX data may not support many. Yet we should not be limited to what we have now. If they...
Update the README for each analytics to better describe the usage, requirements, and expectation of it.
**Describe the bug** library deprecation warning when running Kestrel unit test ``` tests/test_command_assign.py::test_assign_after_new[x = p-2] /lib/python3.11/site-packages/antlr4/Lexer.py:12: DeprecationWarning: typing.io is deprecated, import directly from typing instead. typing.io will be removed in...
**Describe the bug** stix-shifter v4.6.0 requires 4 backslash chars to match 1 backslash char in data for regex, which should not be expected. **To Reproduce** Add the two test cases...
**Is your feature request related to a problem? Please describe.** Editing the `api_client.py` for `elastic_ecs`, I find there are lots of format strings like: ``` endpoint = "{}?size={}".format(endpoint, length) ```...