Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add a sighted flag for IOCs #365
While observables can be flagged as IOCs, this doesn't mean they have been sighted on the network.
Think for example about a malicious sample received by email. When submitted through Cortex to a sandbox which declares it malicious and extracts C2 addresses, an analyst might add those C2s to the observable list and flag them as IOCs then search them on a SIEM. If found, they might add a