New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
get_software_used_by_group returns all tools for groups with no actual tools/ software #27
Comments
+1 I am getting the same behavior |
Hello @osV22 ! I think I know what is going on 😱 ! The FILTER method from stix2 when the filter returns zero and it is part of a multiple filters query, it treats the filters as OR statements and not AND statements. This is the filter in this function
As you can see in the filters above, I look for However, while looking at all the relationships of the GROUP FIN4, I only see objects of type
Therefore, it seems that when the |
Fixing it now and pushing a hotfix soon. |
Added a quick fix in my lab and it seems to work now I tried it with a different group and it seems to be working fine. There were similar loops in other functions, so I fixed those too. |
I tested it with groups However, group 61 (https://attack.mitre.org/groups/G0066/) does have 9 SOFTWARE |
I updated the library to version 0.3.4.4 https://pypi.org/project/attackcti/ it seems to be working fine now :) Thank you very much @osV22 and @beerMT ! Enjoy your weekend! |
Nicely done, thanks for jumping on that. Cheers! |
Hello Roberto,
When getting all the software/ tools used by a group, there is an issue with groups that have no software listed.
The result is getting all 605 tools listed for those groups that have no actual software listed on the site.
Example:
MITRE's site does not list any software for the group.
This is also the case with groups such as "APT34" (67) which is just an alias to "OilRig" (73/ G0049) which has the actual tools listed. Groups with the same issue include [2, 8, 20, 40, 41, 61, 67].
Possible reference: all_software_list
Apologies in advance if this was done by design which I know can be omitted if we choose to. I tried MITRE's live cti server to confirm this and indeed they did not list the tools or the group either if they had no software/ tools.
The text was updated successfully, but these errors were encountered: