NickS-2022
commented
11 months ago Not sure if it's ok to comment on something closed, but I was trying to understand what this thread was about. When using the Graph API version of this script I had issues with it "deleting" (changing the Active field to false in the ThreatIntelligenceIndicators table) for any indicator not seen between two runs of the script. This prohibited using the script to import specific indicators at a time as at the next run it would mark the previous as not active because they were not returned in the latest query. I'm not see this same behaviour using the new API. Has this -d option always existed?
Fixed in https://github.com/cudeso/misp2sentinel/commit/ffde3d9b132c33929e28675ca4abc7b22f96558c#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552