Skip to content

Commit

Permalink
Improve warning message
Browse files Browse the repository at this point in the history
  • Loading branch information
Charles Ngor committed Mar 13, 2024
1 parent bb6758f commit 756cb5e
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions _shared_content/ioccollections.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,7 @@ Each indicator inside the collection can have the following properties:
- Description: any text that would add additional context. It is limited to **500 characters**

!!! warning
If you select the kill chain ‘Command a Control’ when importing indicators in an IOC collection, our retrohunt engine will look only into `destination.ip`.
This reduces false positives, as C2 servers tend to scan networks a lot. By doing this, we look for slave servers that respond to a C2 server.
If you select the kill chain phase 'Command and Control' when importing IP addresses in an IOC collection, our detection engines will only look into `destination.ip`. This is meant to reduce false positives, such as network scans.

### Limitations

Expand Down

0 comments on commit 756cb5e

Please sign in to comment.