Ability to multi-select attachments in order to download or delete, or perform other actions.
Not having this functionality is causing us to create hacky ways to get around this that aren't straightforward for us or the incident response team using the platform.
As others have mentioned there are many use cases for having actions on multiple artifacts. In my opinion this should be implemented as soon as possible.
+1 on this. Super important to be able to manage multiple IOCs and run automation on them, rather than only one Artifact at a time or building a custom function to pull all Artifacts via API. It should be intuitive in the UI to select Artifacts and run a Menu Item rule on them.
+1 on this. We would leverage the possibility of bulk download several attachments, instead of downloading each single attachment one-by-one.
+1 on this being needed. Here's another situation we'd use:
We are limited to 5 concurrent FireEye HX enterprise searches. We want to add the ability to launch a FireEye HX enterprise search on artifacts, using the values as parameters for the search. Currently we'd have to launch one search per artifact. It would be great if there was functionality to select multiple artifacts and launch an action on all of said artifacts. This way we could launch one enterprise search with whatever artifacts the analyst wanted to search for.
I think this functionality would be useful beyond what was mentioned above.
This should be prioritized, and seems like it should be a basic necessity. Bulk managing IOCs without this ability is nearly impossible.
Examples include blocking many URLs, banning hashes, adding IPs to a SIEM reference set, sending multiple attachments for file analysis, etc.
You won't be notified about changes to this idea.