diff --git a/Qualys_IOC/Snapshot-with-domain.json b/Qualys_IOC/Snapshot-with-domain.json
index 8e95160b..1dc8af6a 100644
--- a/Qualys_IOC/Snapshot-with-domain.json
+++ b/Qualys_IOC/Snapshot-with-domain.json
@@ -1 +1 @@
-{"description": "domain for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "domain:\"a23-38-112-137.deploy.static.akamaitechnologies.com\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":12382619999.9894,\"updated-perf\":12382619999.9894,\"type\":\"collect\",\"created\":\"2020-12-02T13:17:22.316Z\",\"state\":\"ok\",\"arg\":\"domain: \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"result\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"id\":\"collect-27b7fa87\",\"uuid\":\"e05fd9c6-132b-4746-bf32-99309eb92f2a\"},{\"created-perf\":12828919999.999926,\"updated-perf\":12828919999.999926,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:17:22.762Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.coAm\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-07-26T13:17:22.607Z\",\"end_time\":\"2023-08-25T13:17:22.607Z\"}}]}}}]},\"id\":\"deliberate-9aa9f47f\",\"uuid\":\"a1046e70-e316-4d24-ac61-fe74a4dc9edd\"},{\"created-perf\":17501194999.989822,\"updated-perf\":17501194999.989822,\"type\":\"investigate\",\"created\":\"2020-12-02T13:17:27.434Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:8425d758-6a16-429f-97d6-6ec103f0a06d\",\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-07-26T13:17:23.015Z\",\"end_time\":\"2023-08-25T13:17:23.015Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":5,\"reason\":\"Neutral Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=a23-38-112-137.deploy.static.akamaitechnologies.com\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:8425d758-6a16-429f-97d6-6ec103f0a06d\",\"severity\":\"Low\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"id\":\"transient:relationship-859f4c80-d739-4c7c-bebc-75daf49abbb3\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"id\":\"transient:relationship-5e497152-deb3-47de-b6da-ae7721b6606e\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"id\":\"transient:relationship-8f8618c8-3171-43c5-bedb-bce51376133f\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"id\":\"transient:relationship-99e778cb-2f41-474a-9f4b-9296bd4f28e0\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"id\":\"transient:relationship-d850ca84-4522-44a1-88af-5a2305ade5d6\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"id\":\"transient:relationship-f4f5c618-fa11-4882-8e42-561e1838ac05\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-8ce38f41\",\"uuid\":\"e980ab16-acb9-46d6-b838-ad44ab097f5d\"},{\"created-perf\":17971829999.994953,\"updated-perf\":17971835000.00392,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:17:27.905Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"23.38.112.137\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ad9cbf1e\",\"uuid\":\"bfb7e8f3-82c7-46ed-b613-6456d0d28a0a\"}]", "short_description": "Snapshot @ 20201202 13:17:37", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-6c8be4fc-156f-47ed-b0fb-bcd343283295", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:18:03.525Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "domain for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "domain:\"a23-38-112-137.deploy.static.akamaitechnologies.com\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":12382619999.9894,\"updated-perf\":12382619999.9894,\"type\":\"collect\",\"created\":\"2020-12-02T13:17:22.316Z\",\"state\":\"ok\",\"arg\":\"domain: \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"result\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"id\":\"collect-27b7fa87\",\"uuid\":\"e05fd9c6-132b-4746-bf32-99309eb92f2a\"},{\"created-perf\":12828919999.999926,\"updated-perf\":12828919999.999926,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:17:22.762Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.coAm\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-08-02T13:17:22.607Z\",\"end_time\":\"2023-09-01T13:17:22.607Z\"}}]}}}]},\"id\":\"deliberate-9aa9f47f\",\"uuid\":\"a1046e70-e316-4d24-ac61-fe74a4dc9edd\"},{\"created-perf\":17501194999.989822,\"updated-perf\":17501194999.989822,\"type\":\"investigate\",\"created\":\"2020-12-02T13:17:27.434Z\",\"state\":\"ok\",\"arg\":{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"},\"result\":{\"data\":[{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"judgement_id\":\"transient:8425d758-6a16-429f-97d6-6ec103f0a06d\",\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-08-02T13:17:23.015Z\",\"end_time\":\"2023-09-01T13:17:23.015Z\"}}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.22\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Talos Intelligence\",\"disposition\":5,\"reason\":\"Neutral Talos Intelligence reputation score\",\"source_uri\":\"https://www.talosintelligence.com/reputation_center/lookup?search=a23-38-112-137.deploy.static.akamaitechnologies.com\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:8425d758-6a16-429f-97d6-6ec103f0a06d\",\"severity\":\"Low\",\"tlp\":\"white\",\"confidence\":\"High\"}]}}},{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"id\":\"transient:relationship-859f4c80-d739-4c7c-bebc-75daf49abbb3\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"id\":\"transient:relationship-5e497152-deb3-47de-b6da-ae7721b6606e\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"id\":\"transient:relationship-8f8618c8-3171-43c5-bedb-bce51376133f\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"id\":\"transient:relationship-99e778cb-2f41-474a-9f4b-9296bd4f28e0\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"id\":\"transient:relationship-d850ca84-4522-44a1-88af-5a2305ade5d6\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"id\":\"transient:relationship-f4f5c618-fa11-4882-8e42-561e1838ac05\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-e495a65f-e03b-4214-a9d9-78cc5d6b83de\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-e58f8a0c-05a4-486b-9da1-f5dfdeeaa930\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dfe88b52-d091-45ff-82e0-188b01c5d97a\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"a23-38-112-137.deploy.static.akamaitechnologies.com\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-d0399c8a-8bcd-4430-b9f8-e28a2fd2716f\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-8ce38f41\",\"uuid\":\"e980ab16-acb9-46d6-b838-ad44ab097f5d\"},{\"created-perf\":17971829999.994953,\"updated-perf\":17971835000.00392,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:17:27.905Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"23.38.112.137\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ad9cbf1e\",\"uuid\":\"bfb7e8f3-82c7-46ed-b613-6456d0d28a0a\"}]", "short_description": "Snapshot @ 20201202 13:17:37", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-6c8be4fc-156f-47ed-b0fb-bcd343283295", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:18:03.525Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-filename.json b/Qualys_IOC/Snapshot-with-filename.json
index 192326bf..4192cd02 100644
--- a/Qualys_IOC/Snapshot-with-filename.json
+++ b/Qualys_IOC/Snapshot-with-filename.json
@@ -1 +1 @@
-{"description": "filename for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "file_name:\"kprocesshacker.sys\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":42363004999.991974,\"updated-perf\":42363004999.991974,\"type\":\"collect\",\"created\":\"2020-12-02T13:29:55.203Z\",\"state\":\"ok\",\"arg\":\"file_name:kprocesshacker.sys\",\"result\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"id\":\"collect-6cac53f9\",\"uuid\":\"34a483e7-ada1-4370-b964-11a2b95b93e9\"},{\"created-perf\":44353969999.99648,\"updated-perf\":44353969999.99648,\"type\":\"investigate\",\"created\":\"2020-12-02T13:29:57.194Z\",\"state\":\"ok\",\"arg\":{\"type\":\"file_name\",\"value\":\"kprocesshacker.sys\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"id\":\"transient:relationship-8663895b-affc-4d36-9e73-19a3026fd6be\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"id\":\"transient:relationship-7cb21e15-d45d-493d-9d64-88a1e559f8ab\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"id\":\"transient:relationship-a84eaff6-efc5-4677-ad5f-042fa188a8f5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"id\":\"transient:relationship-8c9ad125-2497-4d78-a089-5e7cb748e984\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"id\":\"transient:relationship-398a9a75-1c8e-495f-b5f2-3bc16df268d0\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"id\":\"transient:relationship-99f72d47-b018-4503-af42-1cb75ab5de50\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.PUA.Prochack\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.PUA.Prochack\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"kprocesshacker.sys\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x64\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x64\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:21.000Z\",\"end_time\":\"2022-11-08T12:19:21.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:21.000Z\",\"end_time\":\"2022-11-08T12:19:21.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"kprocesshacker.sys\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x86\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x86\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:22.000Z\",\"end_time\":\"2022-11-08T12:19:22.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:22.000Z\",\"end_time\":\"2022-11-08T12:19:22.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-f36b9483\",\"uuid\":\"8c18931f-3d91-4fec-aff6-09a664267e72\"},{\"created-perf\":45136020000.00537,\"updated-perf\":45136024999.98524,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:29:57.976Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\"},{\"type\":\"md5\",\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\"},{\"type\":\"sha256\",\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\"},{\"type\":\"md5\",\"value\":\"1b5c3c458e31bede55145d0644e88d75\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":4,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-c2c449af-c195-49b0-b12b-b9f75946bea5\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-06-16T04:30:00.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-2484ac21-4b72-43fc-b4d7-54dd1ece9cf1\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-07-29T14:32:55.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-44c16f1d-b054-4db6-a49b-1df7bd83e7d8\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-07-29T14:32:55.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-d233d203-a80f-4647-b881-467f9ddbab3b\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-06-16T04:30:00.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":2,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:29:57.636Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:29:57.619Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}}]}}}]},\"id\":\"deliberate-b62583fb\",\"uuid\":\"8e1380a0-8e18-4d38-b7b4-984a647efa26\"}]", "short_description": "Snapshot @ 20201202 13:30:16", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-183626c9-f6c9-4da2-9429-9e2d091f78a2", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:30:44.396Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "filename for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "file_name:\"kprocesshacker.sys\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":42363004999.991974,\"updated-perf\":42363004999.991974,\"type\":\"collect\",\"created\":\"2020-12-02T13:29:55.203Z\",\"state\":\"ok\",\"arg\":\"file_name:kprocesshacker.sys\",\"result\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"id\":\"collect-6cac53f9\",\"uuid\":\"34a483e7-ada1-4370-b964-11a2b95b93e9\"},{\"created-perf\":44353969999.99648,\"updated-perf\":44353969999.99648,\"type\":\"investigate\",\"created\":\"2020-12-02T13:29:57.194Z\",\"state\":\"ok\",\"arg\":{\"type\":\"file_name\",\"value\":\"kprocesshacker.sys\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"id\":\"transient:relationship-8663895b-affc-4d36-9e73-19a3026fd6be\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"id\":\"transient:relationship-7cb21e15-d45d-493d-9d64-88a1e559f8ab\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-abbbf82a-9bf4-5fb2-b991-bd5e2385b42c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"id\":\"transient:relationship-a84eaff6-efc5-4677-ad5f-042fa188a8f5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-4e8765da-4b66-59cc-9524-e703e488596c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"id\":\"transient:relationship-8c9ad125-2497-4d78-a089-5e7cb748e984\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"id\":\"transient:relationship-398a9a75-1c8e-495f-b5f2-3bc16df268d0\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"id\":\"transient:relationship-99f72d47-b018-4503-af42-1cb75ab5de50\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.PUA.Prochack\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-9eb6e72b-26ae-4855-a51d-30df936a25e6\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.PUA.Prochack\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-73008956-d36b-4787-9f1f-67a015e60de9\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"kprocesshacker.sys\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x64\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x64\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_2376737814815846729\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:21.000Z\",\"end_time\":\"2022-11-15T12:19:21.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-325e3db1-a809-4733-843b-fe120ccd1093\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:21.000Z\",\"end_time\":\"2022-11-15T12:19:21.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"kprocesshacker.sys\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"},\"related\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x86\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\processhacker-2.39-bin\\\\x86\\\\kprocesshacker.sys\",\"type\":\"file_path\"},\"related\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"kprocesshacker.sys\",\"type\":\"file_name\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_7581904126238844292\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:22.000Z\",\"end_time\":\"2022-11-15T12:19:22.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-9a10bc16-4484-4faa-8016-87d1f89440de\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:22.000Z\",\"end_time\":\"2022-11-15T12:19:22.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-f36b9483\",\"uuid\":\"8c18931f-3d91-4fec-aff6-09a664267e72\"},{\"created-perf\":45136020000.00537,\"updated-perf\":45136024999.98524,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:29:57.976Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\"},{\"type\":\"md5\",\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\"},{\"type\":\"sha256\",\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\"},{\"type\":\"md5\",\"value\":\"1b5c3c458e31bede55145d0644e88d75\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":4,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"6365fe1d37545c71cbe2719ac7831bdd\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-c2c449af-c195-49b0-b12b-b9f75946bea5\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-06-23T04:30:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-2484ac21-4b72-43fc-b4d7-54dd1ece9cf1\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-08-05T14:32:55.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"1b5c3c458e31bede55145d0644e88d75\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-44c16f1d-b054-4db6-a49b-1df7bd83e7d8\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-08-05T14:32:55.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-d233d203-a80f-4647-b881-467f9ddbab3b\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2021-06-23T04:30:00.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":2,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0f97f6d53fff47914174bc3a05fb016e2c02ed0b43c827e5e5aadba2d244aecc\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:29:57.636Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:29:57.619Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]}}}]},\"id\":\"deliberate-b62583fb\",\"uuid\":\"8e1380a0-8e18-4d38-b7b4-984a647efa26\"}]", "short_description": "Snapshot @ 20201202 13:30:16", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-183626c9-f6c9-4da2-9429-9e2d091f78a2", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:30:44.396Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-filepath.json b/Qualys_IOC/Snapshot-with-filepath.json
index 236bee82..2942a20d 100644
--- a/Qualys_IOC/Snapshot-with-filepath.json
+++ b/Qualys_IOC/Snapshot-with-filepath.json
@@ -1 +1 @@
-{"description": "filepath for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "file_path:\"C:\\Users\\User01\\Downloads\\Malware\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":49961065000.01042,\"updated-perf\":49961065000.01042,\"type\":\"collect\",\"created\":\"2020-12-02T13:33:07.692Z\",\"state\":\"ok\",\"arg\":\"file_path:C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"result\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"id\":\"collect-d1551c85\",\"uuid\":\"6c48036d-3811-4b2b-af76-88eef20b6406\"},{\"created-perf\":51895164999.994446,\"updated-perf\":51895164999.994446,\"type\":\"investigate\",\"created\":\"2020-12-02T13:33:09.626Z\",\"state\":\"ok\",\"arg\":{\"type\":\"file_path\",\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":6,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":18,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"id\":\"transient:relationship-7dabba04-9fe0-4899-8682-d2a2f4930647\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"id\":\"transient:relationship-88a90774-8fd7-411e-a755-15fb4ecf160e\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"id\":\"transient:relationship-fef95386-c62b-4f0e-89de-9185d8d285ab\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"id\":\"transient:relationship-206a47aa-8fec-4df7-b816-34273da9c30f\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"id\":\"transient:relationship-64ed72ba-d451-4500-bb0d-e081f7c7a027\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"id\":\"transient:relationship-33ae6f16-7510-4fe0-a3e0-4c17b468702b\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"id\":\"transient:relationship-5f072673-e2fd-4a2b-a9b8-d7894ab3ccf1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"id\":\"transient:relationship-52d9a764-eea7-4d1f-9957-7e49c6721355\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"id\":\"transient:relationship-f7b54e39-77e9-42a9-8280-563721e66108\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"id\":\"transient:relationship-f56eed32-6683-40fd-bff6-404bfa30f07d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"id\":\"transient:relationship-f95056b1-0828-4613-82af-3bb93d5413e1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"id\":\"transient:relationship-79be561e-5e14-489b-90e8-3d525c437476\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"id\":\"transient:relationship-0513a978-54f5-4516-a6ba-a6048b1af161\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"id\":\"transient:relationship-5cdbb1f4-be30-474d-9068-2ef33b65f4c5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"id\":\"transient:relationship-5b6c1108-3d02-4916-aab0-a5546ecd396d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"id\":\"transient:relationship-51bc83d9-93bd-4354-81e5-9ee628520ae1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"id\":\"transient:relationship-94088cfb-12dc-4088-9433-0b2e4024687f\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"id\":\"transient:relationship-7cbe8810-b847-4a97-965a-89aa6e333c0d\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":6,\"docs\":[{\"valid_time\":{},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"disposition\":2,\"external_references\":[],\"reason\":\"ByteCode-MSIL.Trojan.Razy\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Pincav\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Worm.Kolab\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Autorun\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Coinminer\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Virus.Sality\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":6,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"coinminer.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"coinminer.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\coinminer\\\\coinminer.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\coinminer\\\\coinminer.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:16.000Z\",\"end_time\":\"2022-11-08T12:19:16.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:16.000Z\",\"end_time\":\"2022-11-08T12:19:16.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bifrost.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bifrost.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bifrost\\\\bifrost.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bifrost\\\\bifrost.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-03T00:59:44.000Z\",\"end_time\":\"2022-10-03T00:59:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-03T00:59:44.000Z\",\"end_time\":\"2022-10-03T00:59:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"buzus.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"buzus.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\buzus\\\\buzus.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\buzus\\\\buzus.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"sality.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"sality.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\sality\\\\sality.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\sality\\\\sality.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:16.000Z\",\"end_time\":\"2022-11-08T12:19:16.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:16.000Z\",\"end_time\":\"2022-11-08T12:19:16.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bublik.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bublik.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"1577e6455a5d19413c9e0c7726983e8c\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bublik\\\\bublik.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bublik\\\\bublik.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"1577e6455a5d19413c9e0c7726983e8c\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"dridex.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"dridex.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\dridex\\\\dridex.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\dridex\\\\dridex.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-03T00:21:04.000Z\",\"end_time\":\"2022-10-03T00:21:04.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-03T00:21:04.000Z\",\"end_time\":\"2022-10-03T00:21:04.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-68ec2c4d\",\"uuid\":\"36040a20-ba0e-4a1b-8416-45f7e68badba\"},{\"created-perf\":53326750000.007454,\"updated-perf\":53326750000.007454,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:33:11.058Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\"},{\"type\":\"sha256\",\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\"},{\"type\":\"sha256\",\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\"},{\"type\":\"md5\",\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\"},{\"type\":\"sha256\",\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\"},{\"type\":\"md5\",\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\"},{\"type\":\"sha256\",\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\"},{\"type\":\"md5\",\"value\":\"1577e6455a5d19413c9e0c7726983e8c\"},{\"type\":\"sha256\",\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\"},{\"type\":\"sha256\",\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\"},{\"type\":\"md5\",\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\"},{\"type\":\"md5\",\"value\":\"d3bc48a1e4be898b47092821258890a3\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":2,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-ff9cc636-2f7e-4612-8ea7-fbf2ae7422ff\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2022-09-03T06:56:15.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-144507b5-cc14-4531-997b-b2dbef1d8633\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2022-09-03T06:56:15.000Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":6,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.114Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.171Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.152Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.134Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.195Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-07-26T13:33:10.094Z\",\"end_time\":\"2527-08-25T00:00:00.000Z\"}}]}}}]},\"id\":\"deliberate-cdc1c728\",\"uuid\":\"883b2dcc-9b68-4786-b563-f1fa3ed11da5\"},{\"uuid\":\"871aa774-24bb-4715-9f6e-a812c6b0b9f4\",\"id\":\"aggregate-2e7318e\",\"state\":\"new\",\"created\":\"2020-12-02T13:33:11.387Z\",\"created-perf\":53655845000.00114,\"updated-perf\":53655845000.00114,\"type\":\"aggregate\",\"arg\":{\"aggregate\":true}}]", "short_description": "Snapshot @ 20201202 13:33:57", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-7ce7f2ca-9b87-4ce4-bf0f-1d5860ac1018", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:34:34.075Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "filepath for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "file_path:\"C:\\Users\\User01\\Downloads\\Malware\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":49961065000.01042,\"updated-perf\":49961065000.01042,\"type\":\"collect\",\"created\":\"2020-12-02T13:33:07.692Z\",\"state\":\"ok\",\"arg\":\"file_path:C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"result\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"id\":\"collect-d1551c85\",\"uuid\":\"6c48036d-3811-4b2b-af76-88eef20b6406\"},{\"created-perf\":51895164999.994446,\"updated-perf\":51895164999.994446,\"type\":\"investigate\",\"created\":\"2020-12-02T13:33:09.626Z\",\"state\":\"ok\",\"arg\":{\"type\":\"file_path\",\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":6,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":18,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"id\":\"transient:relationship-7dabba04-9fe0-4899-8682-d2a2f4930647\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"id\":\"transient:relationship-88a90774-8fd7-411e-a755-15fb4ecf160e\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"id\":\"transient:relationship-fef95386-c62b-4f0e-89de-9185d8d285ab\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"id\":\"transient:relationship-206a47aa-8fec-4df7-b816-34273da9c30f\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"id\":\"transient:relationship-64ed72ba-d451-4500-bb0d-e081f7c7a027\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"id\":\"transient:relationship-33ae6f16-7510-4fe0-a3e0-4c17b468702b\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"id\":\"transient:relationship-5f072673-e2fd-4a2b-a9b8-d7894ab3ccf1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"id\":\"transient:relationship-52d9a764-eea7-4d1f-9957-7e49c6721355\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"id\":\"transient:relationship-f7b54e39-77e9-42a9-8280-563721e66108\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-88457ce0-aa4a-5090-b9e7-9eb74685183b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"id\":\"transient:relationship-f56eed32-6683-40fd-bff6-404bfa30f07d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"id\":\"transient:relationship-f95056b1-0828-4613-82af-3bb93d5413e1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-65f44b15-daee-57af-a609-fb7e745ba623\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"id\":\"transient:relationship-79be561e-5e14-489b-90e8-3d525c437476\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-3a331ece-b6b5-5d53-a027-6f696d862267\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"id\":\"transient:relationship-0513a978-54f5-4516-a6ba-a6048b1af161\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"id\":\"transient:relationship-5cdbb1f4-be30-474d-9068-2ef33b65f4c5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-728cf092-b67c-5374-a91e-f4436765ad05\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"id\":\"transient:relationship-5b6c1108-3d02-4916-aab0-a5546ecd396d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-8d576040-49e4-591e-a7ba-7ff8042eaab7\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"id\":\"transient:relationship-51bc83d9-93bd-4354-81e5-9ee628520ae1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-eb08167a-77d1-5dcb-abdc-88df7332f116\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"id\":\"transient:relationship-94088cfb-12dc-4088-9433-0b2e4024687f\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"id\":\"transient:relationship-7cbe8810-b847-4a97-965a-89aa6e333c0d\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":6,\"docs\":[{\"valid_time\":{},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"disposition\":2,\"external_references\":[],\"reason\":\"ByteCode-MSIL.Trojan.Razy\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f26766fb-3078-459d-a8a0-8c5dec508bab\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Pincav\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-d627c68f-b157-462b-b02a-6a817cb75789\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Worm.Kolab\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-418f90a9-76c0-4694-9287-30155ae2a81c\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Autorun\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-db901a69-438a-4cfe-a94c-893dba219eda\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Trojan.Coinminer\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f85328d7-8cfb-4bba-920d-234b483b980e\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Virus.Sality\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-7380da81-f40a-4ff1-b4e3-1d97befbeb80\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":6,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"coinminer.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"coinminer.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\coinminer\\\\coinminer.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\coinminer\\\\coinminer.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_6167299107132265273\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:16.000Z\",\"end_time\":\"2022-11-15T12:19:16.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-e410b7d0-b6bb-4587-93fd-d6ddb410a482\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:16.000Z\",\"end_time\":\"2022-11-15T12:19:16.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bifrost.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bifrost.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bifrost\\\\bifrost.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bifrost\\\\bifrost.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5200415840457019478\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-10T00:59:44.000Z\",\"end_time\":\"2022-10-10T00:59:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-7e82eeb4-274a-4406-bf63-bcd2c23c4811\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-10T00:59:44.000Z\",\"end_time\":\"2022-10-10T00:59:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"buzus.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"buzus.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\buzus\\\\buzus.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\buzus\\\\buzus.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2978239615062082714\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-744a314c-c310-4f22-89b5-9958f257736a\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"sality.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"sality.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\sality\\\\sality.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\sality\\\\sality.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8215732612051924212\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:16.000Z\",\"end_time\":\"2022-11-15T12:19:16.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-3e11204e-f9e3-4a9e-bc3f-ba7c1f37aa8a\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:16.000Z\",\"end_time\":\"2022-11-15T12:19:16.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bublik.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"bublik.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"1577e6455a5d19413c9e0c7726983e8c\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bublik\\\\bublik.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\bublik\\\\bublik.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"1577e6455a5d19413c9e0c7726983e8c\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_181740640568015843\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-46951c18-ab25-459b-9d02-78b6c59dc064\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"dridex.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"dridex.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\dridex\\\\dridex.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\\\\dridex\\\\dridex.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Malware\",\"type\":\"file_path\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_5918002939071241641\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-10T00:21:04.000Z\",\"end_time\":\"2022-10-10T00:21:04.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-9f1dacf7-ff05-4373-9068-833eb553666f\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-10T00:21:04.000Z\",\"end_time\":\"2022-10-10T00:21:04.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-68ec2c4d\",\"uuid\":\"36040a20-ba0e-4a1b-8416-45f7e68badba\"},{\"created-perf\":53326750000.007454,\"updated-perf\":53326750000.007454,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:33:11.058Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"d9acb94f4fea9694fc707dd6494e7f8b\"},{\"type\":\"sha256\",\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\"},{\"type\":\"sha256\",\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\"},{\"type\":\"md5\",\"value\":\"1b18b6a1999cc79a005dbe050a02b9b8\"},{\"type\":\"sha256\",\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\"},{\"type\":\"md5\",\"value\":\"ebabdd7fcac4b9394fd4a1f8bfe484a9\"},{\"type\":\"sha256\",\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\"},{\"type\":\"md5\",\"value\":\"1577e6455a5d19413c9e0c7726983e8c\"},{\"type\":\"sha256\",\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\"},{\"type\":\"sha256\",\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\"},{\"type\":\"md5\",\"value\":\"d3e52b8179e9b4858f79b104b61b79f4\"},{\"type\":\"md5\",\"value\":\"d3bc48a1e4be898b47092821258890a3\"}],\"result\":{\"data\":[{\"module\":\"AMP Global Intelligence\",\"module_instance_id\":\"b37ff2ee-0ca1-4dbc-936d-a35bf7d5e18f\",\"module_type_id\":\"87563e81-ddc5-5f61-b4f8-dbe71252c922\",\"data\":{\"verdicts\":{\"count\":2,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-ff9cc636-2f7e-4612-8ea7-fbf2ae7422ff\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2022-09-10T06:56:15.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"d3bc48a1e4be898b47092821258890a3\",\"type\":\"md5\"},\"judgement_id\":\"https://intel.amp.cisco.com:443/ctia/judgement/judgement-144507b5-cc14-4531-997b-b2dbef1d8633\",\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2022-09-10T06:56:15.000Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]}}},{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":6,\"docs\":[{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"0ca3d4d4b3dafbfb55823ae9325a940ee05b9b9f15d345448d8d553a1b46af4d\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.114Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"31b2fd20f0f5cdf922009558d592514cfaa6c1fca1570a0f3c06df755613e024\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.171Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"21512c6d9e45954b514d43ad8f28323931a45548159a7c5d61cfbff04fc1756d\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.152Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"bb72b8aa82b48bc68a082f86a8a8f4262023a732b464f03e44a3a9eb83229105\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.134Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"70a353884d760269180efd5b578cc8442c519c5e5c8f02070b40e934d39cf318\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.195Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}},{\"type\":\"verdict\",\"disposition\":2,\"observable\":{\"value\":\"fc73cedf2da604327804f0e3df647ed6f12489d769d74cf0cc2bfb312f7a992f\",\"type\":\"sha256\"},\"disposition_name\":\"Malicious\",\"valid_time\":{\"start_time\":\"2023-08-02T13:33:10.094Z\",\"end_time\":\"2527-09-01T00:00:00.000Z\"}}]}}}]},\"id\":\"deliberate-cdc1c728\",\"uuid\":\"883b2dcc-9b68-4786-b563-f1fa3ed11da5\"},{\"uuid\":\"871aa774-24bb-4715-9f6e-a812c6b0b9f4\",\"id\":\"aggregate-2e7318e\",\"state\":\"new\",\"created\":\"2020-12-02T13:33:11.387Z\",\"created-perf\":53655845000.00114,\"updated-perf\":53655845000.00114,\"type\":\"aggregate\",\"arg\":{\"aggregate\":true}}]", "short_description": "Snapshot @ 20201202 13:33:57", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-7ce7f2ca-9b87-4ce4-bf0f-1d5860ac1018", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:34:34.075Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-ip.json b/Qualys_IOC/Snapshot-with-ip.json
index eb9eb4fb..e3bdda16 100644
--- a/Qualys_IOC/Snapshot-with-ip.json
+++ b/Qualys_IOC/Snapshot-with-ip.json
@@ -1 +1 @@
-{"description": "ip for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "ip:\"23.38.112.137\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":7253655000.007711,\"updated-perf\":7253659999.9875765,\"type\":\"collect\",\"created\":\"2020-12-02T13:51:12.316Z\",\"state\":\"ok\",\"arg\":\"ip:23.38.112.137\",\"result\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"id\":\"collect-68be4c06\",\"uuid\":\"7a742b96-1437-43d1-a303-e24e65719452\"},{\"created-perf\":7677735000.004759,\"updated-perf\":7677735000.004759,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:51:12.741Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"23.38.112.137\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ad9cbf1e\",\"uuid\":\"575324ca-7efd-4791-a2ba-7a8f3666af18\"},{\"created-perf\":9557165000.005625,\"updated-perf\":9557165000.005625,\"type\":\"investigate\",\"created\":\"2020-12-02T13:51:14.620Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"23.38.112.137\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"id\":\"transient:relationship-b369c4e9-bfba-404a-a06c-aa6cdba6f54d\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"id\":\"transient:relationship-41e95919-51c5-4c72-8b4e-5641eae2e003\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"id\":\"transient:relationship-4748684e-cc6e-49a5-9d8a-dc5263d4d140\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"id\":\"transient:relationship-49f1b205-9166-439d-a9f5-afa6e21aee44\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"id\":\"transient:relationship-ce05d8a9-334a-4c8a-a69b-0ceade05a9f1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"id\":\"transient:relationship-7924036c-b097-4eff-a8ec-d9a372f1eead\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"23.38.112.137\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"23.38.112.137\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-10T18:54:44.000Z\",\"end_time\":\"2022-11-10T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-adc85c87\",\"uuid\":\"abc96173-82ef-4753-904a-14953424aa7d\"},{\"created-perf\":9990614999.987883,\"updated-perf\":9990614999.987883,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:51:15.053Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-07-26T13:51:14.975Z\",\"end_time\":\"2023-08-25T13:51:14.975Z\"}}]}}}]},\"id\":\"deliberate-9aa9f47f\",\"uuid\":\"bc57346c-c50d-4de8-be37-9a2937290244\"}]", "short_description": "Snapshot @ 20201202 13:51:34", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-fa3c33be-0495-4c75-bbcf-01eae2ab918b", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:51:53.761Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "ip for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "ip:\"23.38.112.137\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":7253655000.007711,\"updated-perf\":7253659999.9875765,\"type\":\"collect\",\"created\":\"2020-12-02T13:51:12.316Z\",\"state\":\"ok\",\"arg\":\"ip:23.38.112.137\",\"result\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"id\":\"collect-68be4c06\",\"uuid\":\"7a742b96-1437-43d1-a303-e24e65719452\"},{\"created-perf\":7677735000.004759,\"updated-perf\":7677735000.004759,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:51:12.741Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"ip\",\"value\":\"23.38.112.137\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ad9cbf1e\",\"uuid\":\"575324ca-7efd-4791-a2ba-7a8f3666af18\"},{\"created-perf\":9557165000.005625,\"updated-perf\":9557165000.005625,\"type\":\"investigate\",\"created\":\"2020-12-02T13:51:14.620Z\",\"state\":\"ok\",\"arg\":{\"type\":\"ip\",\"value\":\"23.38.112.137\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":2,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":6,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"id\":\"transient:relationship-b369c4e9-bfba-404a-a06c-aa6cdba6f54d\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"id\":\"transient:relationship-41e95919-51c5-4c72-8b4e-5641eae2e003\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"id\":\"transient:relationship-4748684e-cc6e-49a5-9d8a-dc5263d4d140\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-d4026e20-a133-527a-a206-6a83c9099443\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"id\":\"transient:relationship-49f1b205-9166-439d-a9f5-afa6e21aee44\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-2952dfc5-dc9c-522c-a0ca-64894f1d1570\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"id\":\"transient:relationship-ce05d8a9-334a-4c8a-a69b-0ceade05a9f1\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"id\":\"transient:relationship-7924036c-b097-4eff-a8ec-d9a372f1eead\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-62afb920-10f9-430b-bb56-5fed500ad419\",\"severity\":\"None\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-f674b733-87d2-44df-afc9-111a764e7d65\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"23.38.112.137\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-2272388056076390980_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-15f8cb20-6efb-4cce-89a3-4ecebee64d1e\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"23.38.112.137\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Connected_To\",\"source\":{\"value\":\"QualysAgent.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"Resolved_To\",\"source\":{\"value\":\"23.38.112.137\",\"type\":\"ip\"},\"related\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"}}],\"observables\":[{\"value\":\"23.38.112.137\",\"type\":\"ip\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"N_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-10378477620996457_1052\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dfacf957-fca8-46cf-993c-7cf71578088d\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-17T18:54:44.000Z\",\"end_time\":\"2022-11-17T18:54:44.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-adc85c87\",\"uuid\":\"abc96173-82ef-4753-904a-14953424aa7d\"},{\"created-perf\":9990614999.987883,\"updated-perf\":9990614999.987883,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:51:15.053Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"domain\",\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Talos Intelligence\",\"module_instance_id\":\"f14a7465-a77a-4e28-8b97-23706a56eab5\",\"module_type_id\":\"2460c99b-2f01-523b-a65d-30a3c6603245\",\"data\":{\"verdicts\":{\"count\":1,\"docs\":[{\"type\":\"verdict\",\"disposition\":5,\"observable\":{\"value\":\"a23-38-112-137.deploy.static.akamaitechnologies.com\",\"type\":\"domain\"},\"disposition_name\":\"Unknown\",\"valid_time\":{\"start_time\":\"2023-08-02T13:51:14.975Z\",\"end_time\":\"2023-09-01T13:51:14.975Z\"}}]}}}]},\"id\":\"deliberate-9aa9f47f\",\"uuid\":\"bc57346c-c50d-4de8-be37-9a2937290244\"}]", "short_description": "Snapshot @ 20201202 13:51:34", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-fa3c33be-0495-4c75-bbcf-01eae2ab918b", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:51:53.761Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-md5.json b/Qualys_IOC/Snapshot-with-md5.json
index fb4335e1..f5e58e11 100644
--- a/Qualys_IOC/Snapshot-with-md5.json
+++ b/Qualys_IOC/Snapshot-with-md5.json
@@ -1 +1 @@
-{"description": "md5 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "md5:\"415e5cc23e106483711abe70ad78c8e2\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":43296329999.98284,\"updated-perf\":43296329999.98284,\"type\":\"collect\",\"created\":\"2020-12-02T13:40:44.039Z\",\"state\":\"ok\",\"arg\":\"md5:415e5cc23e106483711abe70ad78c8e2\",\"result\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"id\":\"collect-2998cabe\",\"uuid\":\"2b0e0774-8095-47d8-a637-72fed05c0af5\"},{\"created-perf\":43715079999.994484,\"updated-perf\":43715079999.994484,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:44.458Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ba58ab94\",\"uuid\":\"4d32cbcf-af33-4de3-b38b-cdde04938182\"},{\"created-perf\":45724350000.00405,\"updated-perf\":45724354999.98392,\"type\":\"investigate\",\"created\":\"2020-12-02T13:40:46.467Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"id\":\"transient:relationship-cf9f24d8-8ade-4e43-b885-9a88f9987ee5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-6c088feb-1f2b-4de9-bb66-f329794f0d60\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-5d9bd911-0e49-450f-b1ca-807d447a934d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"id\":\"transient:relationship-47c60d32-27fc-4a66-8bfc-bd6b10560c72\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-11d06008-2d66-4e92-9bf4-9df687a3683e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Hacktool.PwDump\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"415e5cc23e106483711abe70ad78c8e2\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-02T23:37:27.000Z\",\"end_time\":\"2022-10-02T23:37:27.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-02T23:37:27.000Z\",\"end_time\":\"2022-10-02T23:37:27.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-84faa9d9\",\"uuid\":\"cbdc960b-1935-4c16-bd22-bef448a587b4\"},{\"created-perf\":46235779999.98815,\"updated-perf\":46235779999.98815,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:46.978Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-fe2808c4\",\"uuid\":\"7cd391e9-92ee-4389-938c-002254824533\"}]", "short_description": "Snapshot @ 20201202 13:42:49", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-945d2e3f-8682-48d4-a390-9003acf3f920", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:43:05.094Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "md5 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "md5:\"415e5cc23e106483711abe70ad78c8e2\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":43296329999.98284,\"updated-perf\":43296329999.98284,\"type\":\"collect\",\"created\":\"2020-12-02T13:40:44.039Z\",\"state\":\"ok\",\"arg\":\"md5:415e5cc23e106483711abe70ad78c8e2\",\"result\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"id\":\"collect-2998cabe\",\"uuid\":\"2b0e0774-8095-47d8-a637-72fed05c0af5\"},{\"created-perf\":43715079999.994484,\"updated-perf\":43715079999.994484,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:44.458Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-ba58ab94\",\"uuid\":\"4d32cbcf-af33-4de3-b38b-cdde04938182\"},{\"created-perf\":45724350000.00405,\"updated-perf\":45724354999.98392,\"type\":\"investigate\",\"created\":\"2020-12-02T13:40:46.467Z\",\"state\":\"ok\",\"arg\":{\"type\":\"md5\",\"value\":\"415e5cc23e106483711abe70ad78c8e2\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"title\":\"Malicious File event\",\"id\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":5,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"id\":\"transient:relationship-cf9f24d8-8ade-4e43-b885-9a88f9987ee5\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-6c088feb-1f2b-4de9-bb66-f329794f0d60\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-5d9bd911-0e49-450f-b1ca-807d447a934d\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-0c43b778-28fc-5bd3-b3ec-d8177742806f\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"id\":\"transient:relationship-47c60d32-27fc-4a66-8bfc-bd6b10560c72\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"id\":\"transient:relationship-11d06008-2d66-4e92-9bf4-9df687a3683e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":2,\"external_references\":[],\"reason\":\"Win32.Hacktool.PwDump\",\"disposition_name\":\"Malicious\",\"priority\":90,\"id\":\"transient:judgement-f21338b9-75f6-4c17-a33a-80a5c24ac378\",\"severity\":\"High\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-f0f9f8b7-63fc-4285-9c0f-04884efc2181\",\"severity\":\"High\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":1,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"415e5cc23e106483711abe70ad78c8e2\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"PwDump7.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\Tools\\\\pwdump7\\\\PwDump7.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"415e5cc23e106483711abe70ad78c8e2\",\"type\":\"md5\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8729057863409581450\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-10-09T23:37:27.000Z\",\"end_time\":\"2022-10-09T23:37:27.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a2292670-0ae3-4343-ae85-43604c3109d9\",\"count\":1,\"severity\":\"High\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-10-09T23:37:27.000Z\",\"end_time\":\"2022-10-09T23:37:27.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-84faa9d9\",\"uuid\":\"cbdc960b-1935-4c16-bd22-bef448a587b4\"},{\"created-perf\":46235779999.98815,\"updated-perf\":46235779999.98815,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:40:46.978Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"701fb8ed9d1f72c901e207dd01b481266be8458f6e03750c1a139c901f2995fa\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-fe2808c4\",\"uuid\":\"7cd391e9-92ee-4389-938c-002254824533\"}]", "short_description": "Snapshot @ 20201202 13:42:49", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-945d2e3f-8682-48d4-a390-9003acf3f920", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:43:05.094Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-mutex.json b/Qualys_IOC/Snapshot-with-mutex.json
index 26f849ec..02ec077d 100644
--- a/Qualys_IOC/Snapshot-with-mutex.json
+++ b/Qualys_IOC/Snapshot-with-mutex.json
@@ -1 +1 @@
-{"description": "mutex for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "mutex:\"MSFTHISTORY!\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":19832415000.01168,\"updated-perf\":19832415000.01168,\"type\":\"collect\",\"created\":\"2020-12-02T13:37:21.594Z\",\"state\":\"ok\",\"arg\":\"mutex:MSFTHISTORY!\",\"result\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"id\":\"collect-c5350faa\",\"uuid\":\"e97095c7-5318-4182-9ad3-1aa77325e6fd\"},{\"created-perf\":22115415000.00749,\"updated-perf\":22115415000.00749,\"type\":\"investigate\",\"created\":\"2020-12-02T13:37:23.877Z\",\"state\":\"ok\",\"arg\":{\"type\":\"mutex\",\"value\":\"MSFTHISTORY!\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":3,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"id\":\"transient:relationship-0186d7b7-1a92-4c02-9809-1178457b26a8\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"id\":\"transient:relationship-21f1f762-12b2-443a-a150-3cde8a233dab\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"id\":\"transient:relationship-6a7f0355-70af-4faf-8fc6-4550295ecf48\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"MSFTHISTORY!\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[],\"observables\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8234710287906914123_4040\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T13:06:10.000Z\",\"end_time\":\"2022-11-08T13:06:10.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a80ec85b-8c15-4aee-8bf0-529ec991d4ba\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T13:06:10.000Z\",\"end_time\":\"2022-11-08T13:06:10.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"MSFTHISTORY!\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[],\"observables\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T13:06:10.000Z\",\"end_time\":\"2022-11-08T13:06:10.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T13:06:10.000Z\",\"end_time\":\"2022-11-08T13:06:10.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-f2f11b1f\",\"uuid\":\"3dae1ab0-0d71-4f19-a5b0-593e6e33112e\"}]", "short_description": "Snapshot @ 20201202 13:38:04", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-ac39e84d-958e-40ed-a959-b63464359914", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:38:18.930Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "mutex for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "mutex:\"MSFTHISTORY!\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":19832415000.01168,\"updated-perf\":19832415000.01168,\"type\":\"collect\",\"created\":\"2020-12-02T13:37:21.594Z\",\"state\":\"ok\",\"arg\":\"mutex:MSFTHISTORY!\",\"result\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"id\":\"collect-c5350faa\",\"uuid\":\"e97095c7-5318-4182-9ad3-1aa77325e6fd\"},{\"created-perf\":22115415000.00749,\"updated-perf\":22115415000.00749,\"type\":\"investigate\",\"created\":\"2020-12-02T13:37:23.877Z\",\"state\":\"ok\",\"arg\":{\"type\":\"mutex\",\"value\":\"MSFTHISTORY!\"},\"result\":{\"data\":[{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"indicators\":{\"count\":1,\"docs\":[{\"valid_time\":{},\"producer\":\"Qualys IOC\",\"schema_version\":\"1.0.17\",\"type\":\"indicator\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"title\":\"Known Good\",\"id\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"relationships\":{\"count\":3,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"id\":\"transient:relationship-0186d7b7-1a92-4c02-9809-1178457b26a8\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:indicator-e0db7e75-1e07-520e-a633-cdf96494d61b\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"id\":\"transient:relationship-21f1f762-12b2-443a-a150-3cde8a233dab\",\"relationship_type\":\"sighting-of\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"id\":\"transient:relationship-6a7f0355-70af-4faf-8fc6-4550295ecf48\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":1,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"disposition\":1,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Clean\",\"priority\":90,\"id\":\"transient:judgement-cda9fd63-f2f2-4e93-ade9-422c6318290a\",\"severity\":\"None\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"MSFTHISTORY!\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[],\"observables\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-8234710287906914123_4040\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T13:06:10.000Z\",\"end_time\":\"2022-11-15T13:06:10.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-a80ec85b-8c15-4aee-8bf0-529ec991d4ba\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T13:06:10.000Z\",\"end_time\":\"2022-11-15T13:06:10.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"MSFTHISTORY!\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[],\"observables\":[{\"value\":\"MSFTHISTORY!\",\"type\":\"mutex\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"M_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_-45949253236031160_1236\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T13:06:10.000Z\",\"end_time\":\"2022-11-15T13:06:10.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-dbddd532-cc07-4efd-ae24-35152656c4b3\",\"count\":1,\"severity\":\"None\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T13:06:10.000Z\",\"end_time\":\"2022-11-15T13:06:10.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-f2f11b1f\",\"uuid\":\"3dae1ab0-0d71-4f19-a5b0-593e6e33112e\"}]", "short_description": "Snapshot @ 20201202 13:38:04", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-ac39e84d-958e-40ed-a959-b63464359914", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:38:18.930Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
diff --git a/Qualys_IOC/Snapshot-with-sha256.json b/Qualys_IOC/Snapshot-with-sha256.json
index 94f61cef..56454025 100644
--- a/Qualys_IOC/Snapshot-with-sha256.json
+++ b/Qualys_IOC/Snapshot-with-sha256.json
@@ -1 +1 @@
-{"description": "sha256 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "sha256:\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":11924715000.001015,\"updated-perf\":11924715000.001015,\"type\":\"collect\",\"created\":\"2020-12-02T13:47:01.414Z\",\"state\":\"ok\",\"arg\":\"sha256:585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"result\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"id\":\"collect-3ec42ac5\",\"uuid\":\"aa906f3c-ce21-405d-ac59-671966a5a25a\"},{\"created-perf\":12309275000.006891,\"updated-perf\":12309275000.006891,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:47:01.799Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-abd9269b\",\"uuid\":\"e6202f21-20f6-4d95-80aa-9b7bd05d8090\"},{\"created-perf\":14314000000.013039,\"updated-perf\":14314000000.013039,\"type\":\"investigate\",\"created\":\"2020-12-02T13:47:03.803Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"},\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]},\"judgements\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-6ed301a9-6709-4491-976c-927e9cd82142\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-b02d87f6-1577-499c-9daf-c1a1479d85e5\",\"id\":\"transient:relationship-f752105c-e27b-4799-8f42-2846295d3c99\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-7a787f70-626e-4521-b15f-2a4dbb221959\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-6f2139c5-35a3-45b1-a586-8f259d376dfa\",\"id\":\"transient:relationship-70eb5c11-1051-4146-92c1-9d46e13da49e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_3480527008110556743\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-6ed301a9-6709-4491-976c-927e9cd82142\",\"severity\":\"Unknown\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-09-28T15:00:23.015Z\",\"end_time\":\"2023-10-05T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_4587478263657037927\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-7a787f70-626e-4521-b15f-2a4dbb221959\",\"severity\":\"Unknown\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"GoogleUpdateSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"GoogleUpdateSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\1.3.35.442\\\\GoogleUpdateSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\1.3.35.442\\\\GoogleUpdateSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_4587478263657037927\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-09T02:25:30.000Z\",\"end_time\":\"2022-11-09T02:25:30.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-6f2139c5-35a3-45b1-a586-8f259d376dfa\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-09T02:25:30.000Z\",\"end_time\":\"2022-11-09T02:25:30.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"ChromeSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"ChromeSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\ChromeSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\ChromeSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_3480527008110556743\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-b02d87f6-1577-499c-9daf-c1a1479d85e5\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-08T12:19:15.000Z\",\"end_time\":\"2022-11-08T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-ad18126\",\"uuid\":\"8de6f16f-0eb8-443b-a472-5ddde115e8a6\"},{\"created-perf\":14761165000.00353,\"updated-perf\":14761165000.00353,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:47:04.251Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-dfe5148a\",\"uuid\":\"f2be3585-8800-4fe8-80b1-1b6d829a186b\"}]", "short_description": "Snapshot @ 20201202 13:47:11", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-ba8da446-5b68-4811-99ce-13bfcc140a68", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:47:27.883Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file
+{"description": "sha256 for qualys", "schema_version": "1.0.22", "type": "investigation", "search-txt": "sha256:\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"", "source": "Test_company Company_test", "actions": "[{\"created-perf\":11924715000.001015,\"updated-perf\":11924715000.001015,\"type\":\"collect\",\"created\":\"2020-12-02T13:47:01.414Z\",\"state\":\"ok\",\"arg\":\"sha256:585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"result\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"id\":\"collect-3ec42ac5\",\"uuid\":\"aa906f3c-ce21-405d-ac59-671966a5a25a\"},{\"created-perf\":12309275000.006891,\"updated-perf\":12309275000.006891,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:47:01.799Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"sha256\",\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-abd9269b\",\"uuid\":\"e6202f21-20f6-4d95-80aa-9b7bd05d8090\"},{\"created-perf\":14314000000.013039,\"updated-perf\":14314000000.013039,\"type\":\"investigate\",\"created\":\"2020-12-02T13:47:03.803Z\",\"state\":\"ok\",\"arg\":{\"type\":\"sha256\",\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\"},\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]},\"judgements\":{\"count\":0,\"docs\":[]}}},{\"module\":\"Qualys IOC\",\"module_instance_id\":\"20b0e3f7-688b-40f6-b165-ed719266c2e7\",\"module_type_id\":\"f0f6ecac-4861-40bc-bcef-753fd783aaed\",\"data\":{\"relationships\":{\"count\":2,\"docs\":[{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-6ed301a9-6709-4491-976c-927e9cd82142\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-b02d87f6-1577-499c-9daf-c1a1479d85e5\",\"id\":\"transient:relationship-f752105c-e27b-4799-8f42-2846295d3c99\",\"relationship_type\":\"based-on\"},{\"schema_version\":\"1.0.17\",\"target_ref\":\"transient:judgement-7a787f70-626e-4521-b15f-2a4dbb221959\",\"type\":\"relationship\",\"source\":\"Qualys IOC\",\"external_ids\":[],\"source_uri\":\"\",\"source_ref\":\"transient:sighting-6f2139c5-35a3-45b1-a586-8f259d376dfa\",\"id\":\"transient:relationship-70eb5c11-1051-4146-92c1-9d46e13da49e\",\"relationship_type\":\"based-on\"}]},\"judgements\":{\"count\":2,\"docs\":[{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_3480527008110556743\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-6ed301a9-6709-4491-976c-927e9cd82142\",\"severity\":\"Unknown\",\"confidence\":\"High\"},{\"valid_time\":{\"start_time\":\"2023-10-05T15:00:23.015Z\",\"end_time\":\"2023-10-12T13:15:00.015Z\"},\"schema_version\":\"1.0.17\",\"observable\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"},\"type\":\"judgement\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_4587478263657037927\"],\"disposition\":5,\"external_references\":[],\"reason\":\"\",\"disposition_name\":\"Unknown\",\"priority\":90,\"id\":\"transient:judgement-7a787f70-626e-4521-b15f-2a4dbb221959\",\"severity\":\"Unknown\",\"confidence\":\"High\"}]},\"sightings\":{\"count\":2,\"docs\":[{\"description\":\"A Qualys IOC event related to \\\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"GoogleUpdateSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"GoogleUpdateSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\1.3.35.442\\\\GoogleUpdateSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Program Files (x86)\\\\Google\\\\Update\\\\1.3.35.442\\\\GoogleUpdateSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_4587478263657037927\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-16T02:25:30.000Z\",\"end_time\":\"2022-11-16T02:25:30.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-6f2139c5-35a3-45b1-a586-8f259d376dfa\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-16T02:25:30.000Z\",\"end_time\":\"2022-11-16T02:25:30.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}},{\"description\":\"A Qualys IOC event related to \\\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\\\"\",\"schema_version\":\"1.0.17\",\"relations\":[{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"ChromeSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Name_Of\",\"source\":{\"value\":\"ChromeSetup.exe\",\"type\":\"file_name\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\ChromeSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}},{\"origin\":\"Qualys IOC\",\"relation\":\"File_Path_Of\",\"source\":{\"value\":\"C:\\\\Users\\\\User01\\\\Downloads\\\\ChromeSetup.exe\",\"type\":\"file_path\"},\"related\":{\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\",\"type\":\"md5\"}}],\"observables\":[{\"value\":\"585e878e9fd0a0c1771d5859402c466a7e94681caef2c93cdc5b4a990867c7b0\",\"type\":\"sha256\"}],\"type\":\"sighting\",\"source\":\"Qualys IOC\",\"external_ids\":[\"F_5b49017b-90dd-4a6d-92ea-7651bafdc1ec_3480527008110556743\"],\"targets\":[{\"type\":\"endpoint\",\"observables\":[{\"value\":\"WIN7-HOST-01\",\"type\":\"hostname\"},{\"value\":\"10.10.10.29\",\"type\":\"ip\"},{\"value\":\"fe80::f183:4a7b:3ee8:1576\",\"type\":\"ip\"}],\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"os\":\"Microsoft Windows 7 Enterprise 6.1.1130 Service Pack 1 Build 1130\"}],\"external_references\":[],\"id\":\"transient:sighting-b02d87f6-1577-499c-9daf-c1a1479d85e5\",\"count\":1,\"severity\":\"Unknown\",\"confidence\":\"High\",\"observed_time\":{\"start_time\":\"2022-11-15T12:19:15.000Z\",\"end_time\":\"2022-11-15T12:19:15.000Z\"},\"sensor\":\"endpoint\",\"data\":{\"columns\":[{\"name\":\"Active\",\"type\":\"string\"}],\"rows\":[[\"True\"]],\"row_count\":1}}]}}}]},\"id\":\"investigate-ad18126\",\"uuid\":\"8de6f16f-0eb8-443b-a472-5ddde115e8a6\"},{\"created-perf\":14761165000.00353,\"updated-perf\":14761165000.00353,\"type\":\"deliberate\",\"created\":\"2020-12-02T13:47:04.251Z\",\"state\":\"ok\",\"arg\":[{\"type\":\"md5\",\"value\":\"3d5a85655842f5e66d6462eca8f04aa0\"}],\"result\":{\"data\":[{\"module\":\"AMP File Reputation\",\"module_instance_id\":\"ddcf41a2-3ecb-43e8-b5b2-0e36ad2e16f3\",\"module_type_id\":\"1898d0e8-45f7-550d-8ab5-915f064426dd\",\"data\":{\"verdicts\":{\"count\":0,\"docs\":[]}}}]},\"id\":\"deliberate-dfe5148a\",\"uuid\":\"f2be3585-8800-4fe8-80b1-1b6d829a186b\"}]", "short_description": "Snapshot @ 20201202 13:47:11", "id": "https://private.intel.amp.cisco.com:443/ctia/investigation/investigation-ba8da446-5b68-4811-99ce-13bfcc140a68", "tlp": "amber", "groups": ["60c63e6e-a341-4990-8da8-9d432e8be7c0"], "timestamp": "2020-12-02T13:47:27.883Z", "owner": "d67071e5-7738-49a4-b315-4117b30a086b"}
\ No newline at end of file