Threat actors now get imported by stix

pull/41/head
Hannah Ward 2016-08-12 10:06:53 +01:00
parent c106aa662b
commit 3f7cdad0c3
No known key found for this signature in database
GPG Key ID: BA89E572EE1B4C5F
1 changed files with 15 additions and 1 deletions

View File

@ -41,12 +41,26 @@ def handler(q=False):
if package.observables:
for obs in package.observables:
r["results"].append(buildObservable(obs))
if package.threat_actors:
for ta in package.threat_actors:
r["results"].append(buildActor(ta))
return r
#Quick and dirty regex for IP addresses
ipre = re.compile("([0-9]{1,3}.){3}[0-9]{1,3}")
def buildActor(ta):
"""
Extract the name
and comment of a
threat actor
"""
r = {"values":[ta.title], "types":["threat-actor"]}
return r
def buildObservable(o):
"""
Take a STIX observable