mirror of https://github.com/MISP/misp-modules
Threat actors now get imported by stix
parent
c106aa662b
commit
3f7cdad0c3
|
@ -42,11 +42,25 @@ def handler(q=False):
|
||||||
for obs in package.observables:
|
for obs in package.observables:
|
||||||
r["results"].append(buildObservable(obs))
|
r["results"].append(buildObservable(obs))
|
||||||
|
|
||||||
|
if package.threat_actors:
|
||||||
|
for ta in package.threat_actors:
|
||||||
|
r["results"].append(buildActor(ta))
|
||||||
return r
|
return r
|
||||||
|
|
||||||
#Quick and dirty regex for IP addresses
|
#Quick and dirty regex for IP addresses
|
||||||
ipre = re.compile("([0-9]{1,3}.){3}[0-9]{1,3}")
|
ipre = re.compile("([0-9]{1,3}.){3}[0-9]{1,3}")
|
||||||
|
|
||||||
|
def buildActor(ta):
|
||||||
|
"""
|
||||||
|
Extract the name
|
||||||
|
and comment of a
|
||||||
|
threat actor
|
||||||
|
"""
|
||||||
|
|
||||||
|
r = {"values":[ta.title], "types":["threat-actor"]}
|
||||||
|
|
||||||
|
return r
|
||||||
|
|
||||||
def buildObservable(o):
|
def buildObservable(o):
|
||||||
"""
|
"""
|
||||||
Take a STIX observable
|
Take a STIX observable
|
||||||
|
|
Loading…
Reference in New Issue