Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IOCs are incorrectly excluded when a general honeypot is disabled #429

Open
regulartim opened this issue Jan 15, 2025 · 3 comments
Open

IOCs are incorrectly excluded when a general honeypot is disabled #429

regulartim opened this issue Jan 15, 2025 · 3 comments
Assignees
@regulartim

Comments

@regulartim
Copy link
Collaborator

Disabling a general honeypot will exclude all IOCs from the feeds that were seen by that honeypot. Even if they have been seen by other honeypots. I do not think this behaviour is intended.

The bug is located here, I guess:

GreedyBear/api/views.py

Line 156 in 602fcf9

iocs = IOC.objects.exclude(general_honeypot__active=False).filter(**query_dict).order_by(ordering)[:5000]

@regulartim regulartim self-assigned this Jan 15, 2025
@regulartim
Copy link
Collaborator Author

The question is, which API behaviour is the right one in this case?

  1. Exclude every IOC that was seen by the disabled honeypot (as it does right now)
  2. Exclude every IOC that was only seen by the disabled honeypot
  3. Do not exclude any IOC, even if it only was seen by the disabled honeypot (this would mean that disabling a honeypot would only affect the extraction process)

@drosetti
Copy link
Contributor

Hi,
Nice catch! From my point of view the right solution is the number 2. What do you think about it ?

@regulartim
Copy link
Collaborator Author

That would be my preferred solution. I'll implement it. :)

regulartim added a commit to regulartim/GreedyBear that referenced this issue Jan 16, 2025
@regulartim
change the way data is excluded from inactive honeypots (see intelowl…
b7acf5d 
…project#429)
@regulartim regulartim mentioned this issue Jan 16, 2025
Open
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@regulartim regulartim

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@regulartim @drosetti