Threat actors now get imported by stix

2016-08-12 10:06:53 +01:00 · 2016-08-12 10:06:53 +01:00 · 3f7cdad0c3
parent c106aa662b
commit 3f7cdad0c3
1 changed files with 15 additions and 1 deletions
--- a/misp_modules/modules/expansion/stiximport.py
+++ b/misp_modules/modules/expansion/stiximport.py
@ -41,12 +41,26 @@ def handler(q=False):
    if package.observables:
      for obs in package.observables:
        r["results"].append(buildObservable(obs))
-      
+
+    if package.threat_actors:
+      for ta in package.threat_actors:
+        r["results"].append(buildActor(ta))      
    return r

 #Quick and dirty regex for IP addresses
 ipre = re.compile("([0-9]{1,3}.){3}[0-9]{1,3}")

+def buildActor(ta):
+  """
+    Extract the name
+    and comment of a 
+    threat actor
+  """
+  
+  r = {"values":[ta.title], "types":["threat-actor"]}
+ 
+  return r
+
 def buildObservable(o):
  """
    Take a STIX observable