Integrate more Stalkerware IOCs

Question

Integrate more Stalkerware IOCs

Te-k opened this issue 2 years ago · comments

Hi,

I would like to submit a PR to integrate IOCs from this repo https://github.com/Te-k/stalkerware-indicators in order to add more appids to your detection. Would that be ok ?

Naman Gupta · Answer 1 · Wed Dec 07 2022 08:35:56 GMT+0800 (China Standard Time)

Great suggestion! Do you have a preferred way to integrate IoC with isdi?

Naman Gupta · Answer 2 · Fri Dec 16 2022 14:36:06 GMT+0800 (China Standard Time)

@tek feel free to provide feedback on the above PR

Tek · Answer 3 · Wed Dec 21 2022 01:35:27 GMT+0800 (China Standard Time)

Hey, apologies for not following through on this. Is there any reason for you to get IOCs in static data in the repository instead of having the app download the file regularly? It would be more likely to have the last version of IOCs.
Something like :

On startup, the app check if therer is an IOC file and when it was created. if it doesn't exist or is older than a week, download it from github
Then load the IOC file in the IOCs directly
What do you think?

Naman Gupta · Answer 4 · Sat Mar 18 2023 07:06:46 GMT+0800 (China Standard Time)

@Te-k the PR proposes a Github action to pull IOC file every week

Tek · Answer 5 · Mon Mar 20 2023 23:38:20 GMT+0800 (China Standard Time)

Thanks, is there any reason to have the file in the repository rather than downloaded on use?