Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable support for C2 DNS match type field in bulk import and batch edit #472

Closed
dspruell-i01 opened this issue Jul 15, 2023 · 2 comments · Fixed by #483
Closed

Enable support for C2 DNS match type field in bulk import and batch edit #472

dspruell-i01 opened this issue Jul 15, 2023 · 2 comments · Fixed by #483
Labels
threat-intel Issue originated from Threat Intel (TI) team

Comments

@dspruell-i01
Copy link

dspruell-i01 commented Jul 15, 2023
edited
Loading

A key feature of C2 DNS indicators is the match type field, enabling a domain to be matched as a wildcard (any/all subdomains of specified domain also match). This field is currently exposed in the object edit form, but it is not able to be set/changed at either the bulk import or the batch edit dialogs.

Changes:

  1. Update the bulk import and batch edit features to include ability to toggle/set match type.
  2. Set match type to default to wildcard for newly created C2 DNS objects.
@dspruell-i01 dspruell-i01 added the threat-intel Issue originated from Threat Intel (TI) team label Jul 15, 2023
dcuellar322 added a commit that referenced this issue Jul 31, 2023
@dcuellar322
#472 : adding match type to c2dns batch edit
2708406
@dspruell-i01
Copy link
Author

Pending TI Team to send David over an import file or two of domains for testing this feature.

@dspruell-i01
Copy link
Author

@dcuellar322 https://app.zenhub.com/files/98370220/7c047996-aace-46ce-a9da-d1b5084272f0/download

This set of domains are verified high risk/malicious and are representative of a set we'd import and would have marked for matching on all subdomains.

dcuellar322 added a commit that referenced this issue Aug 21, 2023
@dcuellar322
#472 : adding match type to import
860fe9d
dcuellar322 added a commit that referenced this issue Aug 22, 2023
@dcuellar322
#472 : adding match type to c2dns batch edit
1823379
dcuellar322 added a commit that referenced this issue Aug 22, 2023
@dcuellar322
#472 : adding match type to import
2e63702
@battleoverflow battleoverflow linked a pull request Aug 22, 2023 that will close this issue
Issue/472 enable match type bulk edit import #483
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
threat-intel Issue originated from Threat Intel (TI) team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue/472 enable match type bulk edit import InQuest/ThreatKB
2 participants
@battleoverflow @dspruell-i01