From a3c01fa318b8b1a008e302885ff9161731349589 Mon Sep 17 00:00:00 2001
From: Jesse Hedden <jhedden@trustar.co>
Date: Mon, 10 Aug 2020 07:53:24 -0700
Subject: [PATCH] added comments

---
 misp_modules/modules/expansion/trustar_enrich.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/misp_modules/modules/expansion/trustar_enrich.py b/misp_modules/modules/expansion/trustar_enrich.py
index 7b6ff3c..33dd814 100644
--- a/misp_modules/modules/expansion/trustar_enrich.py
+++ b/misp_modules/modules/expansion/trustar_enrich.py
@@ -36,6 +36,7 @@ class TruSTARParser:
         'SHA256': "sha256"
     }
 
+    # Relevant fields from each TruSTAR endpoint
     SUMMARY_FIELDS = ["severityLevel", "source", "score", "attributes"]
     METADATA_FIELDS = ["sightings", "first_seen", "last_seen", "tags"]
 
@@ -140,13 +141,16 @@ class TruSTARParser:
             tags = self.extract_tags(enrichment_report)
 
             if enrichment_report:
+                # Create MISP trustar_report object and populate it with enrichment data
                 trustar_obj = MISPObject('trustar_report')
                 trustar_obj.add_attribute(indicator_type, attribute_type=self.ENTITY_TYPE_MAPPINGS[indicator_type],
                                           value=indicator)
                 trustar_obj.add_attribute("INDICATOR_SUMMARY", attribute_type="text",
                                           value=json.dumps(enrichment_report, indent=4))
+
                 report_link = self.generate_trustar_link(indicator_type, indicator)
                 trustar_obj.add_attribute("REPORT_LINK", attribute_type="link", value=report_link)
+
                 self.misp_event.add_object(**trustar_obj)
             elif not tags:
                 # If enrichment report is empty and there are no tags, nothing to add to attribute