You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Given an event full of JSON blobs, get all blobs and look for relevant similarities. Ideally all the stuff that's important to pivot on would be added to the object, but there's likely too many relevant fields for the object/event to then remain legible.
When dealing with HTML, keys become the lowest level of css notated, e.g. p=blah, not html.body.p=blah
All potential similarities should be normalized across different services (e.g. shodan and censys).
Each result should be grouped into misphunter-suggestion objects containing text attributes with auto-populated search suggestions and comments as to why they might be relevant. (e.g. service.html.body.hash:12345 comment=2 IPs [192.168.1.1.json, 192.168.1.2.json] contain this html body hash).
A suggestion object should only ever contain one suggestion, one comment explaining it, and pivots (JSON blobs or host-ip? Both?) to the MISPHunter objects that generated that suggestion.
The text was updated successfully, but these errors were encountered:
Given an event full of JSON blobs, get all blobs and look for relevant similarities. Ideally all the stuff that's important to pivot on would be added to the object, but there's likely too many relevant fields for the object/event to then remain legible.
When dealing with HTML, keys become the lowest level of css notated, e.g. p=blah, not html.body.p=blah
All potential similarities should be normalized across different services (e.g. shodan and censys).
Each result should be grouped into misphunter-suggestion objects containing text attributes with auto-populated search suggestions and comments as to why they might be relevant. (e.g. service.html.body.hash:12345 comment=2 IPs [192.168.1.1.json, 192.168.1.2.json] contain this html body hash).
A suggestion object should only ever contain one suggestion, one comment explaining it, and pivots (JSON blobs or host-ip? Both?) to the MISPHunter objects that generated that suggestion.
The text was updated successfully, but these errors were encountered: