Multi-select artifacts or attachments

Ability to multi-select attachments in order to download or delete, or perform other actions.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Feb 20 2019
  • Future consideration
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    7 Nov, 2020 01:19am

    +1 on this. Super important to be able to manage multiple IOCs and run automation on them, rather than only one Artifact at a time or building a custom function to pull all Artifacts via API. It should be intuitive in the UI to select Artifacts and run a Menu Item rule on them.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    3 Nov, 2020 08:59am

    +1 on this. We would leverage the possibility of bulk download several attachments, instead of downloading each single attachment one-by-one.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    1 Sep, 2020 02:29pm

    +1 on this being needed. Here's another situation we'd use:

    We are limited to 5 concurrent FireEye HX enterprise searches. We want to add the ability to launch a FireEye HX enterprise search on artifacts, using the values as parameters for the search. Currently we'd have to launch one search per artifact. It would be great if there was functionality to select multiple artifacts and launch an action on all of said artifacts. This way we could launch one enterprise search with whatever artifacts the analyst wanted to search for.

    I think this functionality would be useful beyond what was mentioned above.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    8 Jul, 2019 03:40pm

    This should be prioritized, and seems like it should be a basic necessity. Bulk managing IOCs without this ability is nearly impossible.

     

    Examples include blocking many URLs, banning hashes, adding IPs to a SIEM reference set, sending multiple attachments for file analysis, etc.