Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Add support for domain definition field in Cortex #147

Open
2 of 10 tasks
rc-csmith opened this issue Aug 30, 2023 · 0 comments
Open
2 of 10 tasks

[FR] Add support for domain definition field in Cortex #147

rc-csmith opened this issue Aug 30, 2023 · 0 comments
Labels
feature

Comments

@rc-csmith
Copy link
Contributor

Which category is the feature part of?

  • Definition File
  • Code/Logic Feature
  • Other (please explain)

Which product is the feature part of?

  • All Products
  • Carbon Black Response
  • Carbon Black Threat Hunter
  • Defender for Endpoints
  • SentinelOne
  • Cortex
  • Other

Use Cases

Ability to search for domain IOCs and/or use the domain field in definition files against a Cortex EDR environment

Proposal

Add support for the domain field as it maps to action_external_hostname in the native Cortex XQL.

Additional Context

N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rc-csmith