OpenCTI-Platform
IOC Extractor
Problem to be solved
There are connectors that allow you to ingest emails into OpenCTI, which will then be stored as reports and the email content will be displayed in the content tab. If IOCs could be extracted from this content and linked to the same report, this would create a more precise and ideal automation process for those of us who share IOCs via email and want to automatically record these shipments.
Current workaround
I wanted to develop a Python script to accomplish this process. By configuring rules in JSON format, I wanted to specify filters to consider only certain reports (e.g., labels:["threat-report"], status:["New"], etc.), an extract section, which extracts IOCs using regex, and a modify section, which establishes new statuses for the specified configurations (e.g., status:["Analyzed"]), but I haven't been able to build this project properly because there's no comprehensive API documentation.
Proposed Solution
You could either generate complete documentation related to the API or generate a connector with its relevant configurations. I was thinking of a connector-type system with rules, with someone configuring them and then applying them.
