mirror of https://github.com/MISP/MISP
add: [stix2 import] Parsing 'valid_until' in indicators as expiration date in Sightings
parent
f378e521f1
commit
b290713634
|
@ -250,6 +250,10 @@ class StixParser():
|
|||
else:
|
||||
if stix_type == 'indicator':
|
||||
o_date = o.get('valid_from')
|
||||
if hasattr(o, 'valid_until'):
|
||||
org_uuid = o['created_by_ref'].split('--')[1]
|
||||
attribute['Sighting'] = {'type': '2', 'date_sighting': str(self.getTimestampfromDate(o['valid_until'])),
|
||||
'Organisation': {'uuid': org_uuid, 'name': self.event['identity'][org_uuid]['name']}}
|
||||
pattern = o.get('pattern').replace('\\\\', '\\')
|
||||
value = self.parse_pattern_with_data(pattern) if attribute_type in ('malware-sample', 'attachment') else self.parse_pattern(pattern)
|
||||
attribute['to_ids'] = True
|
||||
|
|
Loading…
Reference in New Issue