Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ransomwarelive] ingests victims with asterisks in the title #2841

Open
fwuest opened this issue Oct 25, 2024 · 0 comments
Open

[Ransomwarelive] ingests victims with asterisks in the title #2841

fwuest opened this issue Oct 25, 2024 · 0 comments
Labels
community support use to identify an issue related to feature developed & maintained by community. feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team

Comments

@fwuest
Copy link

fwuest commented Oct 25, 2024

Use case

I would like the Ransomwarelive connector to only ingest victims, that are final and not victims that are listed with an asterisk in the title.

Current Workaround

Delete any reports and victims with an asterisk in the title.

Proposed Solution

Modify the code, perhaps like this (See section - Skip processing if the victim name contains an asterisk in the title):

# Creating Victim object
        post_title = item.get("post_title")

        # Skip processing if the victim name contains an asterisk in the title
        if '*' in post_title:
            self.helper.log_info(f"Skipping victim '{post_title}' because it contains an asterisk.")
            return None

        victim_name, identity_class = (
            (post_title, "organization")
            if len(post_title) > 2
            else ((post_title + ":<)"), "individual")
        )
        victim = Identity(
            id=pycti.Identity.generate_id(victim_name, identity_class.capitalize()),
            name=victim_name,
            identity_class=identity_class,
            type="identity",
            created_by_ref=self.author.get("id"),
            object_marking_refs=[self.marking.get("id")],
        )

Additional Information

I have edited the code and built a docker image for testing in my environment. OpenCTI version 6.3.6

If the feature request is approved, would you be willing to submit a PR?

Yes, but Help would be required and some assistance for submitting a PR would be greatly appreciated.
@fwuest fwuest added feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team labels Oct 25, 2024
@SamuelHassine SamuelHassine transferred this issue from OpenCTI-Platform/opencti Oct 25, 2024
@nino-filigran nino-filigran added the community support use to identify an issue related to feature developed & maintained by community. label Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community support use to identify an issue related to feature developed & maintained by community. feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fwuest @nino-filigran