Composites are not taken into account about pymisp HOT 14 CLOSED

I'm on it!

from pymisp.

thanks :)

from pymisp.

I wanted to compare the changes you made, can you please revert the change from spaces to tab, please? it makes it very hard to review.

Just to make sure we're talking bout the same thing: you made changes in the openioc library, and it isn't reflected in the misp-modules, but works properly when you dump the json from the library?

Did you make sure you installed the pymisp version containing your changes? Because the misp-modules openioc module is picking the output of the openioc library as-is: https://github.com/MISP/misp-modules/blob/master/misp_modules/modules/import_mod/openiocimport.py#L56

from pymisp.

Done

from pymisp.

ha ok :(
I don't merge misp-modules ...

all my bad :(
I work with multiple instance sorry again

from pymisp.

from pymisp.

\o/ Looks great.

Just one thing: are you sure you want to use "External Analysis" as category? This is an information you can pass as a tag for example. I'd recommend to use the default sane values set by the server for each types

from pymisp.

I thinks "External Analysis" is maybe the good category because when you import an ioc it often comes from an external analysis. No ?

Can I add some tag on attribut when I import an ioc.
The idea is to define in "userConfig" or in "moduleconfig" a "tag by default" (ex : tlp:white).
But I do not think that misp can take it into account on its side.

from pymisp.

Well, not necessarily: it can come from an internal tool and be push into MISP.

We generally recommend to use "External Analysis" for a few attributes in an event (for example the link to the external analysis).

from pymisp.

And suddenly what are you recommend ?

Next, I make change and do the pull/request

from pymisp.

Not sure I get your question. The recommended values per type are here: https://github.com/MISP/PyMISP/blob/master/pymisp/data/describeTypes.json But you don't need to care, they are set automatically by the server.

from pymisp.

Not sure I get your question. For default tag ?

Otherwise ok, I will remove the category :)

from pymisp.

Thanks Raphaël,

You can close this issue. I have make the request #82

I think I open a new issue to add possibility to set default tag when you import something with module.

from pymisp.

Excellent, thanks!

from pymisp.