MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Change incident description to title

pull/570/head
Richard van den Berg 2015-07-16 17:53:49 +02:00
parent 2e1864f28d
commit 27d09b4e22
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/files/scripts/misp2stix.py
View File

@ -146,7 +146,7 @@ def generateEventPackage(event):
# generate the incident information. MISP events are currently mapped to incidents with the event metadata being stored in the incident information
def generateSTIXObjects(event):
incident = Incident(id_ = namespace[1] + ":incident-" + event["Event"]["uuid"], description=event["Event"]["info"])
incident = Incident(id_ = namespace[1] + ":incident-" + event["Event"]["uuid"], title=event["Event"]["info"])
setDates(incident, event["Event"]["date"], int(event["Event"]["publish_timestamp"]))
addJournalEntry(incident, "Event Threat Level: " + event["ThreatLevel"]["name"])
ttps = []
@ -287,6 +287,7 @@ def generateIndicator(attribute):
indicator.description = attribute["comment"]
setTLP(indicator, attribute["distribution"])
indicator.title = attribute["category"] + ": " + attribute["value"] + " (MISP Attribute #" + attribute["id"] + ")"
indicator.description = indicator.title
confidence_description = "Derived from MISP's IDS flag. If an attribute is marked for IDS exports, the confidence will be high, otherwise none"
confidence_value = confidence_mapping.get(attribute["to_ids"], None)
if confidence_value is None: