Unanswered questions

Did you know SAM understands Diamond Model Analysis? You can ask Sam to create a report on a violation, something that usually takes a LOT of time to do manually.  While working a Violation, Ask Sam: Please prepare a diamond model analysisorFor this incident, build a Diamond Model. Identify the Adversary, Infrastructure, Capability, and Victim — and map any observed TTPs to each vertex. And you will get back a comprehensive report like below - you can of course fine tune your prompt for verbosity and content.  What are your favorite SAM questions? Please share!  

Ability to Modify Alert Disposition After ClosureCurrently, if an alert is mistakenly closed as “True Positive” instead of “False Positive,” there is no option available to revert or modify the disposition after closure.Request:It would be very helpful if Securonix could provide an option to edit/change the alert disposition after closure, especially for analyst operational errors or review corrections.

Greetings,I have an ask from a client to integrate CyberArk API instead of the syslog connector. Currently there is no OOTB parser for it. Would I have to get a cloud collector setup for it?Thank you,Martel

We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to identify the IOCs within this data and add them to the event as an indicator so we can send it to over to Tines. I am wondering if anyone else has been able to do this successfully before? We have put in a feature request to get an ace parser created that can hopefully do what we are needing but, I want to see if there is an alternative method.  

Hello!I tried to register for a partner account and log in, but I was unsuccessful. I received a message that my account was blocked. I tried to recover my forgotten password, but I didn't receive an email requesting password recovery.

Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone else ever had this issue? Thank you,