From 6711c7441ff646759fe5a7fef93fcd7789c88bf2 Mon Sep 17 00:00:00 2001 From: Iglocska Date: Mon, 4 Jan 2016 10:28:41 +0100 Subject: [PATCH] Added malware sample to the file attribute filter --- app/Model/Attribute.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index f731f0f15..bef869c0d 100755 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -251,7 +251,7 @@ class Attribute extends AppModel { // whilst filenames and hashes are all file related attribute types // This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?) public $typeGroupings = array( - 'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash'), + 'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample'), 'network' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-traffic', 'link'), 'financial' => array('btc', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn') );