Hostname Artifact

[zpriddy]

Request Type

Feature Request

Problem Description

hostname is probably a common artifact type and it would be useful to be able to mark something as hostname that could also get passed to cortex to have analyzers run on it.

i dont like to use fqdn for this as hostnames are usually internal, so i wouldnt want a fqdn analyzer to process this as an fqdn, instead an analyzer that is internal that would look up info about a hostname

[nadouani]

I can understand the difference you are talking about, but I don't see the question :)

You can add a hostname data type and build analyzers that only enrich hostname observables.

[zpriddy]

Am I misunderstanding something? I thought Cortex really only supported the built in data types?

[nadouani]

No, Cortex can even run an analyzer on blabla if you define an blabla data type and an analyzer for it :)

So replace blabla by hostname and that's it

[zpriddy]

Ah, I see its more of a Cortex issue.. But if Cortex were to add hostname then I feel like it shoul dbe a standard Hive data type.

https://github.com/TheHive-Project/CortexDocs/blob/master/api/how-to-create-an-analyzer.md#datatypelist

[zpriddy]

So you're saying cortex doesn't really care and as long as i set whatever i want as the data types for the analyzer... then it will work?

If this is the case then you have made me very happy :)

[nadouani]

So you're saying cortex doesn't really care and as long as i set whatever i want as the data types for the analyzer... then it will work?

Yes

[zpriddy]

That works for me! Thanks!