adding new type of tag #97
Replies: 1 comment
-
|
Hi @huyusukesan and thanks for the suggestion. I think such a tag isn't needed as the rules specific to malware and threat actors are already located in a specific folder called Emerging-Threats and every one is hosted inside a specific folder. We can already use ATT&CK tags to tag threats such as malware or APTs. A custom tag doesn't make sense in this case imo as the naming isn't really in a 1 to 1 mapping. Depends usually on the reporter. I suggest you use the contents of the folder as indicator as well as the name of the file itself uses special convention to indicate it as well. Hope this answer your question and feel free to follow up or re-open the discussion. Regards. |
Beta Was this translation helpful? Give feedback.
-
all,
it's interresting for survey to integrate new types of tag:
"threat"
this goal is to indicate in rules, the "threat" are view with the behavior detection
format: threat.
ex: threat.BunnyLoader threat.Darkgate
hive a nice day
stay safe.
Beta Was this translation helpful? Give feedback.
All reactions