-
Notifications
You must be signed in to change notification settings - Fork 396
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ransomware.live] improvements #2665
Comments
@yassine-ouaamou sorry but i am creating it between organisation and sector |
sorry, there is one place i used individual, will modify it 👍 |
Thanks @sudesh0sudesh! |
Nope, it was a mistake, I was testing organisations with name less than two words, I should have replaced it in organisation. |
It will not be ingesting full data, it is limited to past 24 hrs. Sometimes, there may be an updated dataset with the same timestamp in the fields. I can adjust the capture window to be between the previous run and the current run, but this may cause some issues with certain reports. |
On the other hand, they can decrease the frequency of ingestion |
What could be the issues with the reports in the case you are describing? |
Few of those are Wrong Country assignment, assignments to Wrong org. |
It would be great to be able to turn off the generation of threat actors. I'm using intrusion sets exclusively instead of threat actors to keep things simple. |
@seanthegeek will be looking at both of those, will priortise sector and will be making threat actors optional in future release |
@sudesh0sudesh Thanks. I just thought of other improvements for future releases:
|
The ransomware.live does not currently provide the list of tools or YARA rules via the API. I'll contact them about that. The reference links are included in a list named |
Following some tests after the improvements made by @sudesh0sudesh in this issue #2351 , here are two other improvements I see:
I have seen the following error in the ingestion:
The relationship type part-of is not allowed between Individual and Sector
The text was updated successfully, but these errors were encountered: