Improvement to the O365 API Miner #340

jtschichold · 2019-08-12T14:50:52Z

Improves handling of O365 "indicators":

attributes are now aggregated among multiple occurrences of the same indicator
the list of attribute values are now stored in o365_<attribute name>_list attributes
it's now easier to create filters based on specific attribute values

Example:

{
    "confidence": 100,
    "first_seen": 1565616931749,
    "last_seen": 1565616931749,
    "o365_category": "Allow",
    "o365_category_list": [
        "optimize",
        "allow"
    ],
    "o365_expressRoute": true,
    "o365_expressRoute_list": [
        "true"
    ],
    "o365_id": 6,
    "o365_id_list": [
        "1",
        "2",
        "5",
        "6"
    ],
    "o365_notes": "Exchange Online POP3 migration",
    "o365_notes_list": [
        "exchange online imap4 migration",
        "exchange online pop3 migration"
    ],
    "o365_required": false,
    "o365_required_list": [
        "false",
        "true"
    ],
    "o365_serviceArea": "Exchange",
    "o365_serviceArea_list": [
        "exchange"
    ],
    "o365_tcpPorts": "995",
    "o365_tcpPorts_list": [
        "995",
        "587",
        "143",
        "993",
        "443",
        "80"
    ],
    "o365_udpPorts_list": [],
    "share_level": "green",
    "sources": [
        "worldwide-any"
    ],
    "type": "IPv6"
}

Improvement to the O365 API Miner

479bc68

jtschichold merged commit 3b69b9e into PaloAltoNetworks:develop Aug 12, 2019

jtschichold deleted the o365-api-improvs branch August 12, 2019 14:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improvement to the O365 API Miner #340

Improvement to the O365 API Miner #340

jtschichold commented Aug 12, 2019

Improvement to the O365 API Miner #340

Improvement to the O365 API Miner #340

Conversation

jtschichold commented Aug 12, 2019