Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zeek intel support for Mandiant Advantage threat intelligence feed #358

Closed
mmguero opened this issue Nov 4, 2024 · 1 comment
Closed

Zeek intel support for Mandiant Advantage threat intelligence feed #358

mmguero opened this issue Nov 4, 2024 · 1 comment
Assignees
@mmguero
Labels
enhancement New feature or request external Depends on a bug or feature external to this project zeek Relating to Malcolm's use of Zeek
Milestone
v24.11.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Nov 4, 2024

@mmguero cloned issue idaholab/Malcolm#601 on 2024-10-24:

We need to add an integration for using Mandiant threat intelligence feeds the way we do for MISP and STIIX.

Would this library help?
@mmguero mmguero added enhancement New feature or request external Depends on a bug or feature external to this project zeek Relating to Malcolm's use of Zeek labels Nov 4, 2024
@mmguero mmguero mentioned this issue Nov 4, 2024
Closed
@mmguero mmguero added this to Malcolm Nov 5, 2024
@mmguero mmguero added this to the z.staging milestone Nov 5, 2024
@mmguero mmguero moved this to In Progress in Malcolm Nov 5, 2024
@mmguero mmguero self-assigned this Nov 5, 2024
@mmguero mmguero modified the milestones: z.staging, v24.11.0 Nov 5, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Nov 5, 2024

I've been asked to drop everything and work on this, so I'm moving this up to v24.11.0 and moving most everything else down.

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 5, 2024
@mmguero
added google/mandiant-ti-client library to Zeek docker container for c…
34bdf85 
…isagov#358
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
c02b1b8
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
1e14ac4
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
7a2610c
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
4d3219d
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
c73b9ce
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
866e30f
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
208f9b6
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 6, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
fcd95d8
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 7, 2024
@mmguero
have threat intel happen once under supervisord on startup, not in co…
68f416a 
…ntainer entrypoint for zeek non-live container, to support cisagov#358
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 7, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
45ab9ce
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 7, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
6fb54ab
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 7, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
c3aeb5c
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 7, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
fa0d731
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
b07504f
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
7810d02
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
3c8d301
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
0505fee
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
875c0d1
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
231ad13
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
13bf9a7
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
d970aba
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
e870532
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358; …
76399a9 
…major remapping of the zeek.intel fields to ECS, some stuff may be busted
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 8, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
5aa50ef
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 12, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
0010e1a
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 12, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
f95bb05
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Nov 12, 2024
@mmguero
work in progress for mandiant threat intel integration, cisagov#358
b75d4a4
@mmguero mmguero moved this from In Progress to Testing in Malcolm Nov 12, 2024
@mmguero mmguero moved this from Testing to Done in Malcolm Nov 14, 2024
@mmguero mmguero closed this as completed by moving to Done in Malcolm Nov 14, 2024
This was referenced Nov 14, 2024
Merged
Merged
@mmguero mmguero moved this from Done to Released in Malcolm Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request external Depends on a bug or feature external to this project zeek Relating to Malcolm's use of Zeek
Projects
Malcolm
Status: Released
Milestone
v24.11.0
Development

No branches or pull requests
1 participant
@mmguero