Conversation
| "malware-sample": { | ||
| "description": "The file itself (binary)", | ||
| "ui-priority": 1, | ||
| "misp-attribute": "malware-sample" |
There was a problem hiding this comment.
malware-sample is definitely correct here, and working: https://github.com/MISP/PyMISP/blob/master/tests/testlive_comprehensive.py#L995
How are you using the object?
There was a problem hiding this comment.
I was trying to import a text file.
if I place the file as a non malicious plain attachment, it does not render it as an object, which cannot be refrenced with other objects
There was a problem hiding this comment.
Did you use the API, or the web interface?
|
I am using the web interface
…On Tue, 16 Apr, 2019, 16:23 Raphaël Vinot, ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In objects/file/definition.json
<#176 (comment)>:
> @@ -108,9 +108,9 @@
"recommended": false
},
"malware-sample": {
- "description": "The file itself (binary)",
- "ui-priority": 1,
- "misp-attribute": "malware-sample"
Did you use the API, or the web interface?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#176 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AFx9dIP9zDOV5AABmWOA40F9rHbzbMkmks5vhau9gaJpZM4cxMuu>
.
|
|
Oh, sorry, I misunderstood what you were doing. Right now, MISP always create a simple attribute, not object, for the sane attachments, and you can only create a file object for malwares. I strongly discourage you to change the template that way, because the malware-samples are compressed and encrypted, not the attachments. @iglocska What do you think? Should we add an object reference "attachment" in the template and always create a file object when we add an attachment to an event? |
2 participants
solves issue #175