Skip to content

[ZeroFox] Entity mapping is sometimes inadequately structured #2780

New issue
New issue
Closed
Closed
[ZeroFox] Entity mapping is sometimes inadequately structured#2780

Description

@NiQuintin

NiQuintin
openedon Oct 11, 2024

Description

Malware:

  • Some malware is named using the hash of the indicator, which makes differentiation very difficult.
  • Some labels on malware refer to MITRE tactics. It would be useful to have this information included in the "Kill chain phases".
  • If specific techniques from these tactics are identified, it would also be desirable to link them to the corresponding attack pattern entity.

CVE:

Some CVEs are listed as "Tools" entities in addition to being listed as "Vulnerability" entities.

Indicators:

The indicators do not have any "Indicator types" specified.

Infrastructures:

Infrastructures are ingested in bulk, but they are just IP addresses. These same infrastructures are not linked to corresponding indicators/observables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    buguse for describing something not working as expectedcommunity supportuse to identify an issue related to feature developed & maintained by community.solveduse to identify issue that has been solved (must be linked to the solving PR)

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions