-
Notifications
You must be signed in to change notification settings - Fork 930
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Observables : expiration date #58
Comments
Can you explain more about the logic used for this here ? How do you plan to compute an expiration date ? |
We have a logic in our current platform, but we need to revise it based on a few years of experience. For each observable, the expiration date is equal to : last observed + TTL (time to live) The TTL is calculated based on:
Here is how it works now: IP addresses URLs etc We have not yet decided for new values. |
@Fred-certeu Can you elaborate more on |
@Fred-certeu, @HarishHary: in the next version, the expiration date will be computed here: https://github.com/OpenCTI-Platform/opencti/blob/master/opencti-platform/opencti-graphql/src/domain/indicator.js [Line 23]. |
Please feel free to open other tickets to add new logic based on other types. |
@HarishHary: For |
Problem to Solve
We use it for selecting observable at SOC level: filter out observables which are too old.
Current Workaround
N/A
Proposed Solution
Calculate an expiration date based on:
CERT-EU can propose a logic
Additional Information
N/A
The text was updated successfully, but these errors were encountered: