Merge pull request #358 from Delta-Sierra/master

add attribution-confidence attribute to threat-actor
2019-03-11 13:51:55 +01:00 · 2019-03-11 13:51:55 +01:00 · ee66543210
parent 03be509459 ecf76178e7
commit ee66543210
2 changed files with 188 additions and 1 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
--- a/tools/add_missing_attribution-confidence.py
+++ b/tools/add_missing_attribution-confidence.py
@ -0,0 +1,22 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import json
+import argparse
+import uuid
+
+parser = argparse.ArgumentParser(description='Add missing attribution-confidence in threat-actor clusters')
+parser.add_argument("-f", "--filename", required=True, help="name of the cluster")
+args = parser.parse_args()
+
+with open(args.filename) as json_file:
+    data = json.load(json_file)
+    json_file.close()
+
+    for value in data['values']:
+        if value.get('meta'):
+            if not value.get('meta').get('attribution-confidence') and (value.get('meta').get('cfr-suspected-state-sponsor') or value.get('meta').get('country')):
+                value.get('meta')['attribution-confidence'] = 50
+
+with open(args.filename, 'w') as json_file:
+    json.dump(data, json_file, indent=2, sort_keys=True, ensure_ascii=False)