ACE
ACE copied to clipboard
IntegralDefense
Analysis Correlation Engine
I'm getting this error when submitting an alert to ace using ace_api. I've attached a copy of the ace alert I'm trying to submit as alert.zip (it's really a 7z...
I created a pdfparser in golang that does everything the existing pdfparser does and much much more, plus its like 30x faster. Details on it can be found [here](https://github.com/KarmaPenny/pdfparser) Usage:...
alert direct=f29083f5-8b9c-4d9e-85bb-4aa16a86b2c1 for details
Currently we just track malware/threat names+types. It would also be beneficial to add in a risk rating especially since some of the types we track are VERY broad categories of...
Shouldn't be able to make an event with a blank or otherwise empty (like a space) name.
In some cases, it's desirable to perform some additional CbR process inspection on process or process tree events before firing a detection. It's also desirable to chain together queries and...
- get rid of the hal9000 module entirely (and the database) - use the existing observable database table to compute it's malicious % - display this value for each observable...
Currently when alerts are added to a new event in ACE, we automatically prepend the YYYYMMDD of the earliest ACE alert to the event name the analyst gives. However, due...
internal reference - https://wiki.local/display/integral/20190314+docs.google.com-all+residents+of+the+house+52938-exe
like sharepoint, word online allows for editing in a browser vs downloading the file (internal reference - /saq/analysis?direct=ace04db2-8133-404f-ad03-657871c0c2b6