MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Add Valid_Time_Position

pull/570/head
Richard van den Berg 2015-07-16 12:55:20 +02:00
parent f68bd3f785
commit ab2aeeb868
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/files/scripts/misp2stix.py
View File

@ -3,6 +3,7 @@ from misp2cybox import *
from misp2ciq import *
from dateutil.tz import tzutc
from stix.indicator import Indicator
from stix.indicator.valid_time import ValidTime
from stix.ttp import TTP, Behavior
from stix.ttp.malware_instance import MalwareInstance
from stix.incident import Incident, Time, ImpactAssessment, ExternalID, AffectedAsset
@ -186,6 +187,7 @@ def resolveAttributes(incident, ttps, attributes):
def handleIndicatorAttribute(incident, ttps, attribute):
indicator = generateIndicator(attribute)
indicator.add_indicator_type("Malware Artifacts")
indicator.add_valid_time_position(ValidTime())
if attribute["type"] == "email-attachment":
indicator.add_indicator_type("Malicious E-mail")
generateEmailAttachmentObject(indicator, attribute)