[Feat] IoC Type Selectable #4
Description
Why
Not every company has the same data in its Splunk system, so file hashes or other IoC data types may not be needed in the system. However, each IoC data type costs Splunk index volume, download and processing time, time and disk space.
What
Every available IoC data type should be selectable via the web interface and only the activated data types should be downloaded and processed. The default should be selected and the rest should be available via advanced setting button.
The following IoC data types are available in the TIE and should be usable:
- Domain Name
- IPv4
- IPv6
- ExactHash
- URL (verbatim)
- URL (regex)
- SSDEEP
- PEHASH
- Filesize
- Filename
- YaraRule
- YaraString
Default activated:
- Domain Name
- IPv4
- IPv6
- ExactHash
- URL (verbatim)
- URL (regex)
How
- Add parameter to tie2index.py script
- Add parameter to web configuration
- Test