fix: [stix1 import] Fixed galaxy tag_names fetching from TTP names

- Using the techniques identifier to look for tag names when the name does not match any known galaxy name - Prevents the galaxy names to be skipped when the provided TTP name is given with the identifier and the technique name in an inverted order (`Spearphishing Attachment - T1566.001` VS `T1566.001 - Spearphishing Attachment`)
2022-04-25 11:57:44 +02:00 · 2022-04-25 11:57:44 +02:00 · 15ce69dcc9
parent a5aa18567b
commit 15ce69dcc9
1 changed files with 9 additions and 4 deletions
--- a/app/files/scripts/stix2misp.py
+++ b/app/files/scripts/stix2misp.py
@ -745,10 +745,15 @@ class StixParser():
        for course_of_action in courses_of_action:
            self.parse_galaxy(course_of_action, 'title', 'mitre-course-of-action')

-    def _resolve_galaxy(self, name, default_value):
-        if name in self.synonyms_to_tag_names:
-            return self.synonyms_to_tag_names[name]
-        return [f'misp-galaxy:{default_value}="{name}"']
+    def _resolve_galaxy(self, galaxy_name, default_value):
+        if galaxy_name in self.synonyms_to_tag_names:
+            return self.synonyms_to_tag_names[galaxy_name]
+        for identifier in galaxy_name.split(' - '):
+            if identifier[0].isalpha() and any(character.isdecimal() for character in identifier[1:]):
+                for name, tag_names in self.synonyms_to_tag_names.items():
+                    if identifier in name:
+                        return tag_names
+        return [f'misp-galaxy:{default_value}="{galaxy_name}"']

    ################################################################################
    ##              UTILITY FUNCTIONS USED BY PARSING FUNCTION ABOVE              ##