Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ENHANCEMENT] Allow operations for Analyzers #1406

Open
jeromeleonard opened this issue Jun 26, 2020 · 2 comments
Open

[ENHANCEMENT] Allow operations for Analyzers #1406

jeromeleonard opened this issue Jun 26, 2020 · 2 comments
Labels
analyzer enhancement feature request TheHive3 TheHive4 TheHive4 related issues

Comments

@jeromeleonard
Copy link
Contributor

Like for Responders, it could be useful to run operations with Analyzers.
Example of useful operations would be: AddArtifactToCase (this action is already supported for Responders. This could be useful for Analyzers to selects some observables that we are sure they should be added as new observables (ex: source email address of a malspam, URL of a malicious connexion reported by SIEM/proxies, download a VT sample from a hash report...)
This was referenced Jun 26, 2020
Open
Merged
Open
@mnmnc
Copy link

mnmnc commented Jun 27, 2020

Very usefull indeed. However in some cases, it would be usefull to set on an analyzer configuration level, which type of artifact to add. From Virust Total report it might be usefull to add domains and IPs maybe. Hundreds of urls - also benign ones - not so much.

@DarrenSykes
Copy link

If we could support (at least) the same actions as with responders, that’d be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer enhancement feature request TheHive3 TheHive4 TheHive4 related issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mnmnc @jeromeleonard @DarrenSykes