-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
90cb938
commit 4ea64b2
Showing
2 changed files
with
2 additions
and
2 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"description": "Sumo Logic MD5", "schema_version": "1.1.3", "type": "investigation", "search-txt": "md5:\"3dd9ed6a273180e986fbc46da81ccc65\"", "actions": "[{\"arg\":{\"text\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"omit\":false,\"reset\":true},\"created\":\"2021-07-12T13:26:32.755Z\",\"id\":\"collect-28160cc3\",\"result\":[{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"}],\"state\":\"ok\",\"type\":\"collect\",\"updated\":\"2021-07-12T13:26:32.953Z\",\"uuid\":\"9b83ba32-e478-4c26-aa06-7e2f531b14d9\"},{\"arg\":{\"type\":\"md5\",\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\"},\"created\":\"2021-07-12T13:26:32.980Z\",\"id\":\"investigate-526264eb\",\"result\":{\"data\":[{\"module\":\"Sumo Logic\",\"module_instance_id\":\"947937b2-0a11-414a-8741-60f7ed7009bb\",\"module_type_id\":\"bc485330-d5ae-4d45-81a5-13619193e5b6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"},\"judgement_id\":\"transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-04-11T13:24:20.000Z\",\"end_time\":\"2526-12-16T00:00:00.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-04-11T13:24:20.000Z\",\"end_time\":\"2526-12-16T00:00:00.000Z\"},\"schema_version\":\"1.1.6\",\"observable\":{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"},\"reason_uri\":\"https://www.crowdstrike.com/\",\"type\":\"judgement\",\"source\":\"Sumo Logic\",\"disposition\":2,\"external_references\":[],\"reason\":\"Found in CrowdStrike Intelligence\",\"source_uri\":\"https://service.us2.sumologic.com/\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b\",\"severity\":\"High\",\"tlp\":\"amber\",\"confidence\":\"High\"}]}}}]},\"state\":\"ok\",\"type\":\"investigate\",\"updated\":\"2021-07-12T13:26:52.026Z\",\"uuid\":\"d43df7f8-f474-4d76-a781-3765d0c8f9d2\"}]", "short_description": "Snapshot @ 20210712 13:27:31", "omittedObservables": [], "archivedObservables": [{"key": "54e44362-115a-446d-a448-aad24737dc6b", "value": "3dd9ed6a273180e986fbc46da81ccc65", "indicators": [], "type": "md5", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "type": "verdict", "disposition": 2, "module": "Sumo Logic", "module-type": null, "disposition_name": "Malicious", "id": "verdict:Sumo Logic:248a472d", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "judgement_id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b"}], "notifications": [], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d", "judgements": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "schema_version": "1.1.6", "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "reason_uri": "https://www.crowdstrike.com/", "type": "judgement", "source": "Sumo Logic", "disposition": 2, "module": "Sumo Logic", "external_references": [], "module-type": null, "reason": "Found in CrowdStrike Intelligence", "source_uri": "https://service.us2.sumologic.com/", "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b", "severity": "High", "tlp": "amber", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "ctr_uuid": "ec6725e6-5a54-46c4-a599-3645c8bd8a5d", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [], "revListOrder": 1}], "selectedObservables": [{"uuid": "a8bafed9-79b8-44d8-bca3-bc9f95a3109e", "observable": {"key": "54e44362-115a-446d-a448-aad24737dc6b", "value": "3dd9ed6a273180e986fbc46da81ccc65", "indicators": [], "type": "md5", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "type": "verdict", "disposition": 2, "module": "Sumo Logic", "module-type": null, "disposition_name": "Malicious", "id": "verdict:Sumo Logic:248a472d", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "judgement_id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b"}], "notifications": [], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d", "judgements": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "schema_version": "1.1.6", "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "reason_uri": "https://www.crowdstrike.com/", "type": "judgement", "source": "Sumo Logic", "disposition": 2, "module": "Sumo Logic", "external_references": [], "module-type": null, "reason": "Found in CrowdStrike Intelligence", "source_uri": "https://service.us2.sumologic.com/", "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b", "severity": "High", "tlp": "amber", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "ctr_uuid": "ec6725e6-5a54-46c4-a599-3645c8bd8a5d", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [], "revListOrder": 1}, "notifications": [], "disposition_name": "Malicious", "disposition": 2, "type": "md5", "value": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-e3942a1e-3bd3-420d-9196-61e61833ca32", "tlp": "amber", "groups": ["8952c102-9799-4d12-b8fb-fd6acc5a860a"], "timestamp": "2021-07-12T13:28:27.809Z", "owner": "43c79817-42b6-4010-ba53-cfbb5f832a4d", "source": "Olena Shynkarenko"} | ||
| {"description": "Sumo Logic MD5", "schema_version": "1.1.3", "type": "investigation", "search-txt": "md5:\"3dd9ed6a273180e986fbc46da81ccc65\"", "actions": "[{\"arg\":{\"text\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"omit\":false,\"reset\":true},\"created\":\"2021-07-12T13:26:32.755Z\",\"id\":\"collect-28160cc3\",\"result\":[{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"}],\"state\":\"ok\",\"type\":\"collect\",\"updated\":\"2021-07-12T13:26:32.953Z\",\"uuid\":\"9b83ba32-e478-4c26-aa06-7e2f531b14d9\"},{\"arg\":{\"type\":\"md5\",\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\"},\"created\":\"2021-07-12T13:26:32.980Z\",\"id\":\"investigate-526264eb\",\"result\":{\"data\":[{\"module\":\"Sumo Logic\",\"module_instance_id\":\"947937b2-0a11-414a-8741-60f7ed7009bb\",\"module_type_id\":\"bc485330-d5ae-4d45-81a5-13619193e5b6\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"},\"judgement_id\":\"transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-04-18T13:24:20.000Z\",\"end_time\":\"2526-12-23T00:00:00.000Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-04-18T13:24:20.000Z\",\"end_time\":\"2526-12-23T00:00:00.000Z\"},\"schema_version\":\"1.1.6\",\"observable\":{\"value\":\"3dd9ed6a273180e986fbc46da81ccc65\",\"type\":\"md5\"},\"reason_uri\":\"https://www.crowdstrike.com/\",\"type\":\"judgement\",\"source\":\"Sumo Logic\",\"disposition\":2,\"external_references\":[],\"reason\":\"Found in CrowdStrike Intelligence\",\"source_uri\":\"https://service.us2.sumologic.com/\",\"disposition_name\":\"Malicious\",\"priority\":85,\"id\":\"transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b\",\"severity\":\"High\",\"tlp\":\"amber\",\"confidence\":\"High\"}]}}}]},\"state\":\"ok\",\"type\":\"investigate\",\"updated\":\"2021-07-12T13:26:52.026Z\",\"uuid\":\"d43df7f8-f474-4d76-a781-3765d0c8f9d2\"}]", "short_description": "Snapshot @ 20210712 13:27:31", "omittedObservables": [], "archivedObservables": [{"key": "54e44362-115a-446d-a448-aad24737dc6b", "value": "3dd9ed6a273180e986fbc46da81ccc65", "indicators": [], "type": "md5", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "type": "verdict", "disposition": 2, "module": "Sumo Logic", "module-type": null, "disposition_name": "Malicious", "id": "verdict:Sumo Logic:248a472d", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "judgement_id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b"}], "notifications": [], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d", "judgements": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "schema_version": "1.1.6", "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "reason_uri": "https://www.crowdstrike.com/", "type": "judgement", "source": "Sumo Logic", "disposition": 2, "module": "Sumo Logic", "external_references": [], "module-type": null, "reason": "Found in CrowdStrike Intelligence", "source_uri": "https://service.us2.sumologic.com/", "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b", "severity": "High", "tlp": "amber", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "ctr_uuid": "ec6725e6-5a54-46c4-a599-3645c8bd8a5d", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [], "revListOrder": 1}], "selectedObservables": [{"uuid": "a8bafed9-79b8-44d8-bca3-bc9f95a3109e", "observable": {"key": "54e44362-115a-446d-a448-aad24737dc6b", "value": "3dd9ed6a273180e986fbc46da81ccc65", "indicators": [], "type": "md5", "state": "investigated", "targets": [], "disposition": 2, "verdicts": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "type": "verdict", "disposition": 2, "module": "Sumo Logic", "module-type": null, "disposition_name": "Malicious", "id": "verdict:Sumo Logic:248a472d", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "judgement_id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b"}], "notifications": [], "disposition_name": "Malicious", "obsListSortOrder": 1, "listOrder": 0, "label": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d", "judgements": [{"valid_time": {"start_time": "2021-04-27T13:24:20.000Z", "end_time": "2525-01-01T00:00:00.000Z"}, "schema_version": "1.1.6", "observable": {"value": "3dd9ed6a273180e986fbc46da81ccc65", "type": "md5"}, "reason_uri": "https://www.crowdstrike.com/", "type": "judgement", "source": "Sumo Logic", "disposition": 2, "module": "Sumo Logic", "external_references": [], "module-type": null, "reason": "Found in CrowdStrike Intelligence", "source_uri": "https://service.us2.sumologic.com/", "disposition_name": "Malicious", "priority": 85, "id": "transient:judgement-1c902fd8-4b5f-581d-946f-7660342d635b", "severity": "High", "tlp": "amber", "action": "d43df7f8-f474-4d76-a781-3765d0c8f9d2", "ctr_uuid": "ec6725e6-5a54-46c4-a599-3645c8bd8a5d", "confidence": "High", "ctr_dispositionOrder": 1, "ctr_hide": false}], "sightings": [], "revListOrder": 1}, "notifications": [], "disposition_name": "Malicious", "disposition": 2, "type": "md5", "value": "3dd9ed6a273180e986fbc46da81ccc65", "id": "248a472d"}], "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-e3942a1e-3bd3-420d-9196-61e61833ca32", "tlp": "amber", "groups": ["8952c102-9799-4d12-b8fb-fd6acc5a860a"], "timestamp": "2021-07-12T13:28:27.809Z", "owner": "43c79817-42b6-4010-ba53-cfbb5f832a4d", "source": "Olena Shynkarenko"} |