-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve Ransomware Live connector #2351
Comments
Further information:
From my point of view, we need to:
"targets" and "attributed to" relation with the same Organization ?!"related to" relation with ReportThreat actor that might be Intrusion set |
Hey @sudesh0sudesh, First, I wanted to thank you for your contribution. Your work is greatly appreciated within our community. Thanks! |
@yassine-ouaamou I will make changes from threat actors to intrusion sets |
@Lhorus6 Thank you for recommendations. We create reports because we don't always have information about the organization and we use reports to track victims. We could include the information that the organization was compromised within the organization itself, but at that point, it wouldn't be useful to anyone. I'm not sure how to link it to malware because only the organization that was attacked knows what malware was used. |
Hi @sudesh0sudesh, I see. Perhaps create Incidents rather than Reports in this case. 🤔 It’s debatable, both would be possible in reality. But if we stay with the Reports, to improve them a little:
These are small things that would make a Report cleaner |
I just tested the newest version, it seems to be broken due to missing dependencies.
Great work on the connector nonetheless! @sudesh0sudesh |
@screencoffee Sorry for that just created a new pull request. |
Happy to say that it works! |
Solved by #2474 |
Hi @sudesh0sudesh, |
Description
Following some tests, here are some behaviours to fix in ransomware.live connector :
The text was updated successfully, but these errors were encountered: