Skip to content

Custom detections and MVT community of interest #313

Answered by Te-k
loudmoat asked this question in Q&A
Discussion options

You must be logged in to vote

Hi,

  1. Not all STIX2 indicators types are implemented (phone numbers for instance are not so far) and not all module implements a detection (the iOS Calls module for instance doesn't). You can find the list of STIX2 indicator types implemented in the _process_indicators function (some of them are not standard)
  2. Detections are made by module based on IOCs or suspicious patterns. When a module identifies a malicious entry, it should highlight it with a warning in the console, and, if results are dumped in a folder, add the detection to a file ending by _detected.json. Have you seen another warning in the console? Is there any file ending by _detected.json in the result folder?

No, there is no…

Replies: 5 comments 2 replies

Comment options

You must be logged in to vote
0 replies
Answer selected by loudmoat
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
1 reply
@Te-k
Comment options

Te-k Nov 2, 2022
Maintainer

Comment options

You must be logged in to vote
1 reply
@Te-k
Comment options

Te-k Feb 21, 2023
Maintainer

# for free to join this conversation on GitHub. Already have an account? # to comment
Category
Q&A
Labels
None yet
2 participants