Open packet-rat opened 3 years ago
Rafiot
commented
3 years ago This is the mainstream template: https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json
It doesn't have a THREAT_ACTOR. Is it possible that someone updated the template in your MISP instance and didn't share it with us?
Either way, can you point us to the json file of the template you're referring to? If we get it before tomorrow, it will be in the upcoming release of MISP/PyMISP.
adulau
commented
3 years ago There is a pull-request for the TruStar object but it seems to be incorrect. Another question, It might be more appropriate to use the treat-actor galaxy on TruStar object at the end.
packet-rat
commented
3 years ago Operations against Threat_Actor Attribute are failing because TruSTAR Report Object has reverted to the original version ( as of at least 2.4.135)
[JSON File] (https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json)
pwrenn
commented
3 years ago @adulau I was trying to update https://github.com/MISP/misp-objects/pull/273 with that new Threat Actor attribute. Please tell me what needs to happen to get this PR pushed through. TruSTAR now supports Threat Actors as an IOC type and this change ensures that they will easily be passed into MISP as part of the trustar_report definition.
pwrenn
commented
3 years ago @packet-rat they have pushed the fix, you can close this issue
TruSTAR MISP Object Template is V1 Should be V2:
misp-objects/objects/trustar_report/definition.json
Version 2 incorporates:
THREAT_ACTOR | threat-actor | | 1 | A string identifying a Threat Actor
Mainstream MISP has the correct version in 2.4.131, pymisp does not...