Update MISP operator - Githubissues

InQuest / ThreatIngestor

Extract and aggregate threat intelligence.

https://inquest.readthedocs.io/projects/threatingestor/

GNU General Public License v2.0

821 stars 135 forks source link

Update MISP operator #83

Closed ninoseki closed 4 years ago

ninoseki commented 4 years ago

This PR contains two changes in MISP operator.

1. Catching up to the latest PyMISP.

Remove deprecated / deleted methods and use ExpandedPyMISP to catch up the latest PyMISP.

2. Grouping attributes by a reference link

Current MISP operator implementation creates an event per an attribute. IMO it's useful to create an event per a reference link. It means that if there is an event which has the same reference link, add an attribute(artifact) to that event.

ninoseki commented 4 years ago

@cmmorrow Thank you for reviewing my PR. I made changes reflecting your comments. Could you review it again, please?