Support request: Doesn't understand the "Creating events based on automated sandboxing" part in doc #229
Comments
|
Hello,
Some teams automatically index into splunk the output of sandboxing solutions ( open source or commercial) getting new attributes from detonating samples
With alert action, thoses attributes can be pushed to a MISP event
If investigation / scanner reports are indexed then it is possible to do the same
Different scenarios and actually whenever potential attributes are available on Splink they can be pushed to a misp event
Regards
Le 30 mars 2023 10:43:55 GMT+02:00, Nicolas ***@***.***> a écrit :
Hello,
I'm sorry to bothering you with this but i've some trouble to understand [this part](https://github.com/remg427/misp42splunk#creating-or-editing-events-based-on-automated-sandboxing) of the doc:
I've tried to search on internet what is "automated sandboxing" (linked to splunk or in general) but nothing revelant comes up... What is "sandboxing output"/"automated sandboxing" ?
And you talk about "if you have output of analysis pushed to splunk" you mean by this SOC analyst investigation report made to an incident is that it ?
I hope you could help me with that, thank you in advance.
--
Reply to this email directly or view it on GitHub:
#229
You are receiving this because you are subscribed to this thread.
Message ID: ***@***.***>
--
Sent with K-9 Mail.
|
|
Thanks a lot for these informations, It's much more clear ! I apologize for my late response, I missed your response, I thought until today that the support request went unanswered |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm sorry to bothering you with this but i've some trouble to understand this part of the doc:
I've tried to search on internet what is "automated sandboxing" (linked to splunk or in general) but nothing revelant comes up... What is "sandboxing output"/"automated sandboxing" ?
And you talk about "if you have output of analysis pushed to splunk" you mean by this SOC analyst investigation report made to an incident is that it ?
I hope you could help me with that, thank you in advance.
By the way, this sample in the doc redirect to an 404 error
The text was updated successfully, but these errors were encountered: