adam/cti
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update USAGE.md

Browse Source 
these changes to 'get_technique_users()' allowed it to work when attached to the ATT&CK Enterprise corpus via stix2.FileSystemSource. Please double check to make sure I didnt introduce bugs.
This commit is contained in:
Michael K
2018-02-28 09:33:39 -05:00
committed by GitHub
parent 4c62a07050
commit b21e260309
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
USAGE.md
+3 -3
View File
@@ -232,11 +232,11 @@ def get_technique_users(src, tech_stix_id):
software = [
r.target_ref
for r in src.relationships(tech_stix_id, 'uses', source_only=True)
if get_type_from_id(r.target_ref) in ['tool', 'malware']
if get_type_from_id(r.source_ref) in ['tool', 'malware']
]
return src.query([
Filter('type', 'in', ['intrusion-set', 'malware', 'tools']),
Filter('type', 'in', ['intrusion-set', 'malware', 'tool']),
Filter('id', 'in', groups + software)
], allow_custom=True)
@@ -289,4 +289,4 @@ def get_mitigations_by_technique(src, tech_stix_id):
tech = get_technique_by_name(fs, 'Rundll32')[0]
get_mitigations_by_technique(fs, tech.id)
```
```