From 9d26a162a2715bad939d8cf9ee6c3b68c291d1b7 Mon Sep 17 00:00:00 2001 From: Samuel Hassine Date: Sun, 15 Sep 2024 10:15:42 +0200 Subject: [PATCH] [misp] Align all connectors --- external-import/flashpoint/src/mispfeed.py | 16 ++++++++++------ external-import/misp-feed/src/misp-feed.py | 16 ++++++++++------ external-import/misp/src/misp.py | 16 ++++++++++------ .../import-file-misp/src/import-file-misp.py | 16 ++++++++++------ 4 files changed, 40 insertions(+), 24 deletions(-) diff --git a/external-import/flashpoint/src/mispfeed.py b/external-import/flashpoint/src/mispfeed.py index 907da1b226..504f47fff5 100644 --- a/external-import/flashpoint/src/mispfeed.py +++ b/external-import/flashpoint/src/mispfeed.py @@ -908,7 +908,15 @@ def _process_attribute( observable_resolver = resolved_attribute["resolver"] observable_type = resolved_attribute["type"] observable_value = resolved_attribute["value"] - name = resolved_attribute["value"] + name = ( + resolved_attribute["value"] + if len(resolved_attribute["value"]) > 2 + else ( + attribute["comment"] + if len(attribute["comment"]) > 2 + else observable_type + ) + ) pattern_type = "stix" pattern = None # observable type is yara or sigma for instance @@ -918,11 +926,7 @@ def _process_attribute( name = ( attribute["comment"] if len(attribute["comment"]) > 2 - else ( - observable_value - if len(observable_value) > 2 - else observable_type - ) + else observable_type ) # observable type is not in stix 2 elif observable_resolver not in OPENCTISTIX2: diff --git a/external-import/misp-feed/src/misp-feed.py b/external-import/misp-feed/src/misp-feed.py index 5ed26a0654..a3ca093e3a 100644 --- a/external-import/misp-feed/src/misp-feed.py +++ b/external-import/misp-feed/src/misp-feed.py @@ -1033,7 +1033,15 @@ def _process_attribute( observable_resolver = resolved_attribute["resolver"] observable_type = resolved_attribute["type"] observable_value = resolved_attribute["value"] - name = resolved_attribute["value"] + name = ( + resolved_attribute["value"] + if len(resolved_attribute["value"]) > 2 + else ( + attribute["comment"] + if len(attribute["comment"]) > 2 + else observable_type + ) + ) pattern_type = "stix" pattern = None # observable type is yara or sigma for instance @@ -1043,11 +1051,7 @@ def _process_attribute( name = ( attribute["comment"] if len(attribute["comment"]) > 2 - else ( - observable_value - if len(observable_value) > 2 - else observable_type - ) + else observable_type ) # observable type is not in stix 2 elif observable_resolver not in OPENCTISTIX2: diff --git a/external-import/misp/src/misp.py b/external-import/misp/src/misp.py index 046f538802..d136ba3844 100644 --- a/external-import/misp/src/misp.py +++ b/external-import/misp/src/misp.py @@ -1088,7 +1088,15 @@ def process_attribute( observable_resolver = resolved_attribute["resolver"] observable_type = resolved_attribute["type"] observable_value = resolved_attribute["value"] - name = resolved_attribute["value"] + name = ( + resolved_attribute["value"] + if len(resolved_attribute["value"]) > 2 + else ( + attribute["comment"] + if len(attribute["comment"]) > 2 + else observable_type + ) + ) pattern_type = "stix" pattern = None # observable type is yara or sigma for instance @@ -1098,11 +1106,7 @@ def process_attribute( name = ( attribute["comment"] if len(attribute["comment"]) > 2 - else ( - observable_value - if len(observable_value) > 2 - else observable_type - ) + else observable_type ) # observable type is not in stix 2 elif observable_resolver not in OPENCTISTIX2: diff --git a/internal-import-file/import-file-misp/src/import-file-misp.py b/internal-import-file/import-file-misp/src/import-file-misp.py index f110762057..4f54616603 100644 --- a/internal-import-file/import-file-misp/src/import-file-misp.py +++ b/internal-import-file/import-file-misp/src/import-file-misp.py @@ -963,7 +963,15 @@ def _process_attribute( observable_resolver = resolved_attribute["resolver"] observable_type = resolved_attribute["type"] observable_value = resolved_attribute["value"] - name = resolved_attribute["value"] + name = ( + resolved_attribute["value"] + if len(resolved_attribute["value"]) > 2 + else ( + attribute["comment"] + if len(attribute["comment"]) > 2 + else observable_type + ) + ) pattern_type = "stix" pattern = None # observable type is yara or sigma for instance @@ -973,11 +981,7 @@ def _process_attribute( name = ( attribute["comment"] if len(attribute["comment"]) > 2 - else ( - observable_value - if len(observable_value) > 2 - else observable_type - ) + else observable_type ) # observable type is not in stix 2 elif observable_resolver not in OPENCTISTIX2: