From d6cf2362319aaaa78fcc53911be8de26de92e99f Mon Sep 17 00:00:00 2001 From: Claudiu Piu Date: Fri, 27 Feb 2026 12:13:47 +0200 Subject: [PATCH 1/2] Reducer and mock data updates --- mocks/details.json | 444 ++++++++++++++---------------------------- reducers/details.json | 184 +---------------- 2 files changed, 160 insertions(+), 468 deletions(-) diff --git a/mocks/details.json b/mocks/details.json index 1529c26..eff077e 100644 --- a/mocks/details.json +++ b/mocks/details.json @@ -40,303 +40,161 @@ "uuid": "report-uuid-def-456" } ], - "indicators": { - "tool": { - "name": "elastic", - "version": "7.10" + "indicators": [ + { + "created_at": "2026-01-10T10:00:00Z", + "entity_type": "indicator", + "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/pa1nUaXoVtuzyGb3HWKaBQ", + "id": "pa1nUaXoVtuzyGb3HWKaBQ", + "last_seen_at": "2026-02-26T09:17:28.933000Z", + "latest_sighting": { + "description": "Simulated sighting: test beacon activity [2026-02-26T08:29:34.054Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_source_pipeline", + "tags": [ + "simulated:true", + "scenario:test-beacon", + "protocol:http", + "source:mock_source_pipeline", + "category:test-data", + "type:command-and-control" + ] + }, + "modified_at": "2026-02-26T09:24:00.981000Z", + "platform_urls": { + "ignite": "https://app.flashpoint.io/cti/malware/iocs/pa1nUaXoVtuzyGb3HWKaBQ" + }, + "score": { + "last_scored_at": "2025-07-30T07:26:35.100000Z", + "value": "malicious" + }, + "sightings": [ + { + "description": "Simulated sighting: test beacon activity [2026-02-26T08:29:34.054Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_source_pipeline", + "tags": [ + "simulated:true", + "scenario:test-beacon", + "protocol:http", + "source:mock_source_pipeline", + "category:test-data", + "type:command-and-control" + ] + } + ], + "sort_date": "2026-02-26T09:17:28.933000Z", + "total_sightings": 27, + "type": "domain", + "value": "alpha.example.test" + }, + { + "created_at": "2026-01-12T12:30:00Z", + "entity_type": "indicator", + "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/5YFE1T4tW--r8H4ARmgDfQ", + "id": "5YFE1T4tW--r8H4ARmgDfQ", + "last_seen_at": "2026-02-26T09:17:28.933000Z", + "latest_sighting": { + "description": "Simulated sighting: suspicious DNS request [2026-02-26T08:31:10.111Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_dns_sensor", + "tags": [ + "simulated:true", + "protocol:dns", + "scenario:test-domain-resolution", + "source:mock_dns_sensor", + "category:test-data", + "type:infrastructure" + ] + }, + "modified_at": "2026-02-26T09:23:48.098000Z", + "platform_urls": { + "ignite": "https://app.flashpoint.io/cti/malware/iocs/5YFE1T4tW--r8H4ARmgDfQ" + }, + "score": { + "last_scored_at": "2025-07-30T07:26:25.981000Z", + "value": "suspicious" + }, + "sightings": [ + { + "description": "Simulated sighting: suspicious DNS request [2026-02-26T08:31:10.111Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_dns_sensor", + "tags": [ + "simulated:true", + "protocol:dns", + "scenario:test-domain-resolution", + "source:mock_dns_sensor", + "category:test-data", + "type:infrastructure" + ] + } + ], + "sort_date": "2026-02-26T09:17:28.933000Z", + "total_sightings": 14, + "type": "domain", + "value": "beta.example.test" }, - "took": 145, - "hits": { - "total": 3, - "hits": [ + { + "created_at": "2026-01-15T15:45:00Z", + "entity_type": "indicator", + "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/bO3Y4XA7WWqaHbHy-H11YA", + "id": "bO3Y4XA7WWqaHbHy-H11YA", + "last_seen_at": "2026-02-26T09:17:28.933000Z", + "latest_sighting": { + "description": "Simulated sighting: outbound callback pattern [2026-02-26T08:35:54.900Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_network_collector", + "tags": [ + "simulated:true", + "scenario:test-callback", + "protocol:https", + "source:mock_network_collector", + "category:test-data", + "type:command-and-control" + ] + }, + "modified_at": "2026-02-26T09:23:46.058000Z", + "platform_urls": { + "ignite": "https://app.flashpoint.io/cti/malware/iocs/bO3Y4XA7WWqaHbHy-H11YA" + }, + "score": { + "last_scored_at": "2025-07-30T07:26:22.823000Z", + "value": "malicious" + }, + "sightings": [ { - "_id": "indicator_id_001", - "_source": { - "fpid": "fp_indicator_88776", - "uuid": "indicator-uuid-aaa-111", - "event_uuid": "event-uuid-bbb-222", - "header_": "some_internal_header", - "first_observed_at": { - "date-time": "2024-01-05T10:20:30Z", - "timestamp": 1704450030 - }, - "last_observed_at": { - "date-time": "2024-01-15T16:45:22Z", - "timestamp": 1705337122 - }, - "Attribute": { - "type": "ip-dst", - "category": "Network activity", - "value": "192.168.100.50", - "timestamp": "1704450030" - }, - "mitre": { - "fpid": "fp_mitre_55443", - "created_at": { - "date-time": "2023-12-20T09:00:00Z", - "timestamp": 1703062800 - }, - "last_observed_at": { - "date-time": "2024-01-15T14:20:10Z", - "timestamp": 1705328410 - }, - "site": { - "fpid": "fp_site_33221", - "title": "MITRE ATT&CK Framework", - "description": { - "raw": "Adversarial tactics and techniques based on real-world observations", - "sanitized": "Adversarial tactics..." - }, - "created_at": { - "date-time": "2020-01-01T00:00:00Z", - "timestamp": 1577836800 - }, - "updated_at": { - "date-time": "2024-01-01T00:00:00Z", - "timestamp": 1704067200 - } - }, - "body": { - "text/html-sanitized": "
HTML body content
", - "text/plain": "Plain text body content", - "enrichments": { - "links": [ - { - "href": "https://attack.mitre.org/techniques/T1566/", - "title": "Phishing" - }, - { - "href": "https://attack.mitre.org/techniques/T1059/", - "title": "Command and Scripting Interpreter" - } - ] - } - } - }, - "nist": { - "fpid": "fp_nist_77665", - "created_at": { - "date-time": "2023-11-15T08:30:00Z", - "timestamp": 1700036600 - }, - "updated_at": { - "date-time": "2024-01-10T12:00:00Z", - "timestamp": 1704888000 - }, - "last_observed_at": { - "date-time": "2024-01-14T18:25:33Z", - "timestamp": 1705257933 - }, - "site": { - "fpid": "fp_nist_site_44332", - "title": "NIST Vulnerability Database", - "description": { - "raw": "National Vulnerability Database providing CVE information", - "sanitized": "National Vulnerability..." - }, - "created_at": { - "date-time": "2019-01-01T00:00:00Z", - "timestamp": 1546300800 - }, - "updated_at": { - "date-time": "2024-01-15T00:00:00Z", - "timestamp": 1705276800 - }, - "tags": [ - { - "name": "vulnerability", - "id": "tag_001" - }, - { - "name": "cve", - "id": "tag_002" - }, - { - "name": "exploit", - "id": "tag_003" - } - ] - }, - "body": { - "enrichments": { - "links": [ - { - "href": "https://nvd.nist.gov/vuln/detail/CVE-2023-12345", - "title": "CVE-2023-12345" - }, - { - "href": "https://nvd.nist.gov/vuln/detail/CVE-2023-67890", - "title": "CVE-2023-67890" - } - ] - } - } - }, - "cve": { - "nist": { - "configurations": [ - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.0"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.1"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.2"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.3"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.4"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.5"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.6"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.7"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.8"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:1.9"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:2.0"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:2.1"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:2.2"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:2.3"]}]}, - {"nodes": [{"operator": "OR", "cpe_match": ["cpe:2.3:a:vendor:product:2.4"]}]} - ] - } - }, - "enrichments": { - "v1": { - "email_addresses": [ - { - "email_address": "threat.actor@malicious.com", - "positions": [[0, 27]] - }, - { - "email_address": "contact@bad-domain.ru", - "positions": [[50, 72]] - } - ], - "urls": [ - { - "url": "https://malicious-site.com/payload", - "positions": [[100, 135]] - }, - { - "url": "http://phishing-domain.net/login", - "positions": [[200, 231]] - } - ], - "ip_addresses": [ - { - "ip_address": "45.123.67.89", - "positions": [[300, 313]] - }, - { - "ip_address": "198.51.100.42", - "positions": [[350, 364]] - } - ], - "vulnerability": [ - { - "CVE-2023-12345": { - "vulnerability": "CVE-2023-12345", - "cvss_score": 9.8 - }, - "positions": [[400, 414]] - }, - { - "CVE-2023-67890": { - "vulnerability": "CVE-2023-67890", - "cvss_score": 7.5 - }, - "positions": [[450, 464]] - }, - { - "CVE-2023-11111": { - "vulnerability": "CVE-2023-11111", - "cvss_score": 8.1 - }, - "positions": [[500, 514]] - }, - { - "CVE-2023-22222": { - "vulnerability": "CVE-2023-22222", - "cvss_score": 6.5 - }, - "positions": [[550, 564]] - }, - { - "CVE-2023-33333": { - "vulnerability": "CVE-2023-33333", - "cvss_score": 7.8 - }, - "positions": [[600, 614]] - }, - { - "CVE-2023-44444": { - "vulnerability": "CVE-2023-44444", - "cvss_score": 9.1 - }, - "positions": [[650, 664]] - }, - { - "CVE-2023-55555": { - "vulnerability": "CVE-2023-55555", - "cvss_score": 5.3 - }, - "positions": [[700, 714]] - }, - { - "CVE-2023-66666": { - "vulnerability": "CVE-2023-66666", - "cvss_score": 8.8 - }, - "positions": [[750, 764]] - }, - { - "CVE-2023-77777": { - "vulnerability": "CVE-2023-77777", - "cvss_score": 7.2 - }, - "positions": [[800, 814]] - }, - { - "CVE-2023-88888": { - "vulnerability": "CVE-2023-88888", - "cvss_score": 6.8 - }, - "positions": [[850, 864]] - }, - { - "CVE-2023-99999": { - "vulnerability": "CVE-2023-99999", - "cvss_score": 9.3 - }, - "positions": [[900, 914]] - }, - { - "CVE-2024-00001": { - "vulnerability": "CVE-2024-00001", - "cvss_score": 8.5 - }, - "positions": [[950, 964]] - } - ] - } - }, - "_meta": { - "size": 45632, - "enrichments": { - "v1": { - "email_addresses": { - "enriched_at": "2024-01-15T10:00:00Z", - "version": "1.0" - }, - "urls": { - "enriched_at": "2024-01-15T10:00:00Z", - "version": "1.0" - }, - "vulnerability": { - "enriched_at": "2024-01-15T10:00:00Z", - "version": "1.0" - } - } - } - } - } + "description": "Simulated sighting: outbound callback pattern [2026-02-26T08:35:54.900Z]", + "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", + "id": "AtlBmYHSXzeJXShr2MdqKA", + "sighted_at": "2026-02-26T08:29:34.054000Z", + "source": "mock_network_collector", + "tags": [ + "simulated:true", + "scenario:test-callback", + "protocol:https", + "source:mock_network_collector", + "category:test-data", + "type:command-and-control" + ] } - ] + ], + "sort_date": "2026-02-26T09:17:28.933000Z", + "total_sightings": 33, + "type": "domain", + "value": "gamma.example.test" } - }, + ], "vulnerabilities": [ { "cve_id": "CVE-2023-12345", diff --git a/reducers/details.json b/reducers/details.json index dd101b5..26b2d0c 100644 --- a/reducers/details.json +++ b/reducers/details.json @@ -45,180 +45,14 @@ { "op": "drop", "paths": [ - "reduced_results.indicators.tool", - "reduced_results.indicators.took", - "reduced_results[].fpid", - "reduced_results[].timestamp", - "reduced_results[].text/html+sanitized", - "reduced_results[].text/html-sanitized", - "reduced_results[].text/plain", - "reduced_results[].href", - "reduced_results[].uuid", - "reduced_results[].event_uuid", - "reduced_results.indicators.hits.hits[]._id", - "reduced_results.indicators.hits.hits[]._source.fpid", - "reduced_results.indicators.hits.hits[]._source.header_", - "reduced_results.indicators.hits.hits[]._source._meta.size" - ] - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.first_observed_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.last_observed_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.created_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.last_observed_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.site.created_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.site.updated_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.site.description", - "function": "extract_field", - "field": "raw" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.mitre.body.enrichments.links[].href", - "function": "collect_to_array" - }, - { - "op": "drop", - "paths": [ - "reduced_results.indicators.hits.hits[]._source.mitre.site.fpid", - "reduced_results.indicators.hits.hits[]._source.mitre.body.text/html-sanitized", - "reduced_results.indicators.hits.hits[]._source.mitre.body.text/plain", - "reduced_results.indicators.hits.hits[]._source.mitre.fpid" - ] - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.created_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.updated_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.last_observed_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.site.created_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.site.updated_at", - "function": "extract_field", - "field": "date-time" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.site.description", - "function": "extract_field", - "field": "raw" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.site.tags[].name", - "function": "collect_to_array" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.nist.body.enrichments.links[].href", - "function": "collect_to_array" - }, - { - "op": "drop", - "paths": [ - "reduced_results.indicators.hits.hits[]._source.nist.site.fpid", - "reduced_results.indicators.hits.hits[]._source.nist.fpid" - ] - }, - { - "op": "truncate_list", - "path": "reduced_results.indicators.hits.hits[]._source.cve.nist.configurations", - "max_size": 10, - "shape": { - "reduced_results.indicators.hits.hits[]._source.cve.nist.configurations": { - "configurationsCount": "$original_count", - "firstTenConfigurations": "$truncated" - } - }, - "condition": { - "min_size": 11 - } - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.enrichments.v1.email_addresses[].email_address", - "function": "collect_to_array" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.enrichments.v1.urls[].url", - "function": "collect_to_array" - }, - { - "op": "transform", - "path": "reduced_results.indicators.hits.hits[]._source.enrichments.v1.ip_addresses[].ip_address", - "function": "collect_to_array" - }, - { - "op": "truncate_list", - "path": "reduced_results.indicators.hits.hits[]._source.enrichments.v1.vulnerability", - "max_size": 10, - "shape": { - "reduced_results.indicators.hits.hits[]._source.enrichments.v1.vulnerability": { - "vulnerabilityCount": "$original_count", - "firstTenVulnerabilities": "$truncated" - } - }, - "condition": { - "min_size": 11 - } - }, - { - "op": "drop", - "paths": [ - "reduced_results.indicators.hits.hits[]._source.enrichments.v1.vulnerability[].positions", - "reduced_results.indicators.hits.hits[]._source._meta.enrichments.v1[].enriched_at", - "reduced_results.indicators.hits.hits[]._source._meta.enrichments.v1[].version" + "reduced_results.indicators[].id", + "reduced_results.indicators[].sort_date", + "reduced_results.indicators[].platform_urls", + "reduced_results.indicators[].entity_type", + "reduced_results.indicators[].href", + "reduced_results.indicators[].sightings", + "reduced_results.indicators[].latest_sighting.id", + "reduced_results.indicators[].latest_sighting.href" ] }, { @@ -235,4 +69,4 @@ "output": { "result": "$working.reduced_results" } -} +} \ No newline at end of file From 352f01fb703d677d7d3a10c2c6b3278dc796e69f Mon Sep 17 00:00:00 2001 From: Claudiu Piu Date: Fri, 27 Feb 2026 12:26:42 +0200 Subject: [PATCH 2/2] Comments resolved --- mocks/details.json | 170 ++++++++++++------------------------------ package-lock.json | 39 ++++++---- package.json | 2 +- reducers/details.json | 2 - 4 files changed, 73 insertions(+), 140 deletions(-) diff --git a/mocks/details.json b/mocks/details.json index eff077e..4d743eb 100644 --- a/mocks/details.json +++ b/mocks/details.json @@ -42,157 +42,79 @@ ], "indicators": [ { - "created_at": "2026-01-10T10:00:00Z", - "entity_type": "indicator", - "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/pa1nUaXoVtuzyGb3HWKaBQ", - "id": "pa1nUaXoVtuzyGb3HWKaBQ", - "last_seen_at": "2026-02-26T09:17:28.933000Z", + "created_at": "2024-01-01T00:00:00Z", + "last_seen_at": "2026-02-27T07:36:19.093000Z", "latest_sighting": { - "description": "Simulated sighting: test beacon activity [2026-02-26T08:29:34.054Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_source_pipeline", + "description": "Observation: cobaltstrike [2026-02-27T04:19:50.126Z]", + "sighted_at": "2026-02-27T04:19:50.126000Z", + "source": "flashpoint_extraction", "tags": [ - "simulated:true", - "scenario:test-beacon", - "protocol:http", - "source:mock_source_pipeline", - "category:test-data", - "type:command-and-control" + "beacontype:hybrid http dns", + "extracted_config:true", + "httpposturi:/n4215/adj/amzn.us.sr.aps", + "malware:cobaltstrike", + "source:flashpoint_extraction", + "type:backdoor" ] }, - "modified_at": "2026-02-26T09:24:00.981000Z", - "platform_urls": { - "ignite": "https://app.flashpoint.io/cti/malware/iocs/pa1nUaXoVtuzyGb3HWKaBQ" - }, + "modified_at": "2026-02-27T09:25:27.557000Z", "score": { - "last_scored_at": "2025-07-30T07:26:35.100000Z", + "last_scored_at": "2025-07-30T07:26:25.981000Z", "value": "malicious" }, - "sightings": [ - { - "description": "Simulated sighting: test beacon activity [2026-02-26T08:29:34.054Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_source_pipeline", - "tags": [ - "simulated:true", - "scenario:test-beacon", - "protocol:http", - "source:mock_source_pipeline", - "category:test-data", - "type:command-and-control" - ] - } - ], - "sort_date": "2026-02-26T09:17:28.933000Z", - "total_sightings": 27, + "total_sightings": 344776, "type": "domain", - "value": "alpha.example.test" + "value": "ns8.softline.top" }, { - "created_at": "2026-01-12T12:30:00Z", - "entity_type": "indicator", - "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/5YFE1T4tW--r8H4ARmgDfQ", - "id": "5YFE1T4tW--r8H4ARmgDfQ", - "last_seen_at": "2026-02-26T09:17:28.933000Z", + "created_at": "2024-01-01T00:00:00Z", + "last_seen_at": "2026-02-27T07:36:19.019000Z", "latest_sighting": { - "description": "Simulated sighting: suspicious DNS request [2026-02-26T08:31:10.111Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_dns_sensor", + "description": "Observation: cobaltstrike [2026-02-27T04:19:50.126Z]", + "sighted_at": "2026-02-27T04:19:50.126000Z", + "source": "flashpoint_extraction", "tags": [ - "simulated:true", - "protocol:dns", - "scenario:test-domain-resolution", - "source:mock_dns_sensor", - "category:test-data", - "type:infrastructure" + "beacontype:hybrid http dns", + "extracted_config:true", + "httpposturi:/n4215/adj/amzn.us.sr.aps", + "malware:cobaltstrike", + "source:flashpoint_extraction", + "type:backdoor" ] }, - "modified_at": "2026-02-26T09:23:48.098000Z", - "platform_urls": { - "ignite": "https://app.flashpoint.io/cti/malware/iocs/5YFE1T4tW--r8H4ARmgDfQ" - }, + "modified_at": "2026-02-27T09:25:25.234000Z", "score": { - "last_scored_at": "2025-07-30T07:26:25.981000Z", - "value": "suspicious" + "last_scored_at": "2025-07-30T07:26:22.823000Z", + "value": "malicious" }, - "sightings": [ - { - "description": "Simulated sighting: suspicious DNS request [2026-02-26T08:31:10.111Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_dns_sensor", - "tags": [ - "simulated:true", - "protocol:dns", - "scenario:test-domain-resolution", - "source:mock_dns_sensor", - "category:test-data", - "type:infrastructure" - ] - } - ], - "sort_date": "2026-02-26T09:17:28.933000Z", - "total_sightings": 14, + "total_sightings": 345024, "type": "domain", - "value": "beta.example.test" + "value": "ns7.softline.top" }, { - "created_at": "2026-01-15T15:45:00Z", - "entity_type": "indicator", - "href": "https://api.flashpoint.io/technical-intelligence/v2/indicators/bO3Y4XA7WWqaHbHy-H11YA", - "id": "bO3Y4XA7WWqaHbHy-H11YA", - "last_seen_at": "2026-02-26T09:17:28.933000Z", + "created_at": "2024-01-01T00:00:00Z", + "last_seen_at": "2026-02-27T07:36:19.093000Z", "latest_sighting": { - "description": "Simulated sighting: outbound callback pattern [2026-02-26T08:35:54.900Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_network_collector", + "description": "Observation: cobaltstrike [2026-02-27T04:24:23.734Z]", + "sighted_at": "2026-02-27T04:24:23.734000Z", + "source": "flashpoint_extraction", "tags": [ - "simulated:true", - "scenario:test-callback", - "protocol:https", - "source:mock_network_collector", - "category:test-data", - "type:command-and-control" + "beacontype:hybrid http dns", + "extracted_config:true", + "httpposturi:/n4215/adj/amzn.us.sr.aps", + "malware:cobaltstrike", + "source:flashpoint_extraction", + "type:backdoor" ] }, - "modified_at": "2026-02-26T09:23:46.058000Z", - "platform_urls": { - "ignite": "https://app.flashpoint.io/cti/malware/iocs/bO3Y4XA7WWqaHbHy-H11YA" - }, + "modified_at": "2026-02-27T09:25:18.078000Z", "score": { - "last_scored_at": "2025-07-30T07:26:22.823000Z", + "last_scored_at": "2025-07-30T07:26:35.100000Z", "value": "malicious" }, - "sightings": [ - { - "description": "Simulated sighting: outbound callback pattern [2026-02-26T08:35:54.900Z]", - "href": "https://api.flashpoint.io/technical-intelligence/v2/sightings/AtlBmYHSXzeJXShr2MdqKA", - "id": "AtlBmYHSXzeJXShr2MdqKA", - "sighted_at": "2026-02-26T08:29:34.054000Z", - "source": "mock_network_collector", - "tags": [ - "simulated:true", - "scenario:test-callback", - "protocol:https", - "source:mock_network_collector", - "category:test-data", - "type:command-and-control" - ] - } - ], - "sort_date": "2026-02-26T09:17:28.933000Z", - "total_sightings": 33, + "total_sightings": 344874, "type": "domain", - "value": "gamma.example.test" + "value": "ns9.softline.top" } ], "vulnerabilities": [ diff --git a/package-lock.json b/package-lock.json index 242cd54..c7bec1d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "Flashpoint", - "version": "3.6.0", + "version": "3.6.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "Flashpoint", - "version": "3.6.0", + "version": "3.6.1", "dependencies": { "async": "^3.2.6", "bottleneck": "^2.19.5", @@ -1746,13 +1746,26 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", - "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz", + "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==", "dev": true, "license": "MIT", "dependencies": { - "balanced-match": "^1.0.0" + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" + } + }, + "node_modules/brace-expansion/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" } }, "node_modules/braces": { @@ -3750,13 +3763,13 @@ } }, "node_modules/minimatch": { - "version": "9.0.5", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", - "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.8.tgz", + "integrity": "sha512-reYkDYtj/b19TeqbNZCV4q9t+Yxylf/rYBsLb42SXJatTv4/ylq5lEiAmhA/IToxO7NI2UzNMghHoHuaqDkAjw==", "dev": true, "license": "ISC", "dependencies": { - "brace-expansion": "^2.0.1" + "brace-expansion": "^5.0.2" }, "engines": { "node": ">=16 || 14 >=14.17" @@ -4760,9 +4773,9 @@ } }, "node_modules/test-exclude/node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz", + "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==", "dev": true, "license": "ISC", "dependencies": { diff --git a/package.json b/package.json index e1f1f7f..29a485e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "Flashpoint", - "version": "3.6.0", + "version": "3.6.1", "main": "./integration.js", "private": true, "scripts": { diff --git a/reducers/details.json b/reducers/details.json index 26b2d0c..2023c6f 100644 --- a/reducers/details.json +++ b/reducers/details.json @@ -45,9 +45,7 @@ { "op": "drop", "paths": [ - "reduced_results.indicators[].id", "reduced_results.indicators[].sort_date", - "reduced_results.indicators[].platform_urls", "reduced_results.indicators[].entity_type", "reduced_results.indicators[].href", "reduced_results.indicators[].sightings",