Skip to content

Add option in mass import to mass retire IOCs #460

Description

@PhilOrdo

We can currently resurrect existing retired IOCs imported via https://threatkb.inquest.net/#!/import. This is a feature request to add an option to retire imported IOCs if they exist in ThreatKB and are in "Released" state.

  • Ability to quick filter for key timestamp fields on indicators (evaluate as "if (date_now) > the timestamp field"):
    • Expiration timestamps
    • Next review on timestamp

This applies to indicators (C2 IP, C2 domains).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions