Closed hcristea closed 3 years ago
Is there a reason you submitted this as a draft PR? I have the ability to convert it on my end but I'm not sure if there was some other reason it's a draft.
@isaisabel, apologies for the late reply.
I marked it as draft PR because I realized the same issue exists in the example function software_used_by_groups
and I intend to submit a fix for that too in this PR. I'll add that change and ping you for a review.
@isaisabel, IMO this PR is ready to be merged. Please have a look at the latest commit. Thank you!
Looks great, thank you for helping us improve our documentation!
The problem
The example function
def software_using_technique(thesrc)
updates the malware dict with the related tools dict. The problem is thatdict.update()
overrides the values for the same keys. In this case, the keys are the stix IDs of the attack-patterns, and attack-patterns are used by both malware and tools. The function returns only the tools for the attack patterns that are used by both.The FIX
Replace
dict.update()
with a routine to extend the malware array with tools array if the attack pattern is used by tools.