Closed yassine-ouaamou closed 1 month ago
Further information: The connector creates Reports, Organizations, and Threat actors. From what I understand, its purpose is to reference ransomware attacks. The reports it creates seem completely useless as is. It should:
From my point of view, we need to:
Hey @sudesh0sudesh,
First, I wanted to thank you for your contribution. Your work is greatly appreciated within our community. Could you consider adding the improvements highlighted in this issue so it meets the necessary standards for a production use?
Thanks!
@yassine-ouaamou I will make changes from threat actors to intrusion sets
@Lhorus6 Thank you for recommendations. I will consider ways to limit the relationships.
We create reports because we don't always have information about the organization and we use reports to track victims. We could include the information that the organization was compromised within the organization itself, but at that point, it wouldn't be useful to anyone.
I'm not sure how to link it to malware because only the organization that was attacked knows what malware was used.
Hi @sudesh0sudesh,
I see. Perhaps create Incidents rather than Reports in this case. 🤔 It’s debatable, both would be possible in reality.
But if we stay with the Reports, to improve them a little:
These are small things that would make a Report cleaner
I just tested the newest version, it seems to be broken due to missing dependencies.
While i got an error for the missing tldextract
, i fear the validators
library might also be missing.
opencti-connector-ransomware-1 | Traceback (most recent call last):
opencti-connector-ransomware-1 | File "/opt/connector/main.py", line 5, in <module>
opencti-connector-ransomware-1 | from lib.ransomConn import RansomwareAPIConnector
opencti-connector-ransomware-1 | File "/opt/connector/lib/ransomConn.py", line 8, in <module>
opencti-connector-ransomware-1 | import tldextract
opencti-connector-ransomware-1 | ModuleNotFoundError: No module named 'tldextract'
Great work on the connector nonetheless! @sudesh0sudesh
@screencoffee Sorry for that just created a new pull request.
Happy to say that it works! And these improvements are amazing!
Hi @sudesh0sudesh, Great Job! Thanks for your contribution. I just tested the connector. I see two tiny improvements that I noted in this new issue: https://github.com/OpenCTI-Platform/connectors/issues/2665
Description
Following some tests, here are some behaviours to fix in ransomware.live connector :