Nothing quite fits parsing out the sha2 value in our malware alert we receive. I see ioc is a meta value but it looks like its based on ip's and domains from a list.
Nothing quite fits parsing out the sha2 value in our malware alert we receive. I see ioc is a meta value but it looks like its based on ip's and domains from a list.
Hi John,
I have moved this thread to the RSA NetWitness Platform so that you can get an answer to your question.
You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA NetWitness Platform page.
Thanks,
Jeff