From b21e2603092b4b4b83caaa8690d220718ddadd55 Mon Sep 17 00:00:00 2001
From: Michael K <mkouremetis16@gmail.com>
Date: Wed, 28 Feb 2018 09:33:39 -0500
Subject: [PATCH] Update USAGE.md

these changes to 'get_technique_users()' allowed it to work when attached to the ATT&CK Enterprise corpus via stix2.FileSystemSource. Please double check to make sure I didnt introduce bugs.
---
 USAGE.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/USAGE.md b/USAGE.md
index 6a4502cf57..cf78fe8383 100644
--- a/USAGE.md
+++ b/USAGE.md
@@ -232,11 +232,11 @@ def get_technique_users(src, tech_stix_id):
     software = [
         r.target_ref
         for r in src.relationships(tech_stix_id, 'uses', source_only=True)
-        if get_type_from_id(r.target_ref) in ['tool', 'malware']
+        if get_type_from_id(r.source_ref) in ['tool', 'malware']
     ]
 
     return src.query([
-        Filter('type', 'in', ['intrusion-set', 'malware', 'tools']),
+        Filter('type', 'in', ['intrusion-set', 'malware', 'tool']),
         Filter('id', 'in', groups + software)
     ], allow_custom=True)
     
@@ -289,4 +289,4 @@ def get_mitigations_by_technique(src, tech_stix_id):
 
 tech = get_technique_by_name(fs, 'Rundll32')[0]
 get_mitigations_by_technique(fs, tech.id)
-```
\ No newline at end of file
+```