Merge pull request #1420 from TheHive-Project/fix-csfalcon-ti-case-sensitive

nusantara-self · web-flow · commit 8065658e9bdf · 2026-01-26T11:06:42.000+01:00
CSFalcon TI Analyzer - Fix query for hashes
diff --git a/analyzers/CrowdstrikeFalcon/CrowdstrikeFalcon_ThreatIntel.py b/analyzers/CrowdstrikeFalcon/CrowdstrikeFalcon_ThreatIntel.py
@@ -33,10 +33,10 @@ def _build_filter(self, data_type, observable):
         if data_type == 'hash':
             hash_type = self._detect_hash_type(observable)
             if hash_type:
-                return f"type:'{hash_type}'+indicator:'{observable.upper()}'"
+                return f"type:'{hash_type}'+indicator:'{observable.lower()}'"
             else:
                 # Search across all hash types if we can't determine
-                return f"indicator:'{observable.upper()}'"
+                return f"indicator:'{observable.lower()}'"
         elif data_type == 'domain':
             return f"type:'domain'+indicator:'{observable}'"
         elif data_type == 'ip':
