Brian Warehime
Brian Warehime
When running the script for the first time in a channel, I notice that it's attempting to capture all the messages, and not just from the 24 hours of today...
Since the pulse entity inherits properties from websites, we need to make sure these transforms don't show up for the user to attempt to use.
Right now you can't throw a pulse into the graph and pivot off of it unless you add in the field value for pulseid. Ideally, you should be able to...
For instance, when a large-scale event (I.e. Corona Virus, heartbleed, etc.) happens, generate a default intelligence requirement that customers can pull down from threatnote to get started.
These may be more generic standing intel reqs that could apply to a broad range of issues but specific gaps could be filled in.
When you paste in IOC's in a fanged format (e.g. 192[.]168[.]1[.]1) remove the brackets to make them actual IOC's.