New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
StixParser #31643
StixParser #31643
Conversation
@@ -1221,6 +1221,21 @@ def decode(props, **kwargs): | |||
return domains | |||
|
|||
|
|||
def detect_indicator_type_file(indicator_value: str): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't we have something similar in common server python?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks that it can be useful to write this one in CommonServerPython maybe
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does, I also thought we have it (I even remember writing something like it somewhere), but it should be as a different PR as CSP is the worst.
v = v.strip() | ||
if type := detect_indicator_type_file(v): | ||
result.append({ | ||
'indicator': v.strip(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'indicator': v.strip(), | |
'indicator': v, |
looks like v is already striped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice!
@@ -1221,6 +1221,21 @@ def decode(props, **kwargs): | |||
return domains | |||
|
|||
|
|||
def detect_indicator_type_file(indicator_value: str): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does, I also thought we have it (I even remember writing something like it somewhere), but it should be as a different PR as CSP is the worst.
…o XSUP31411/StixParser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
@@ -709,6 +709,30 @@ def get_schedule_metadata(context): | |||
return schedule_metadata | |||
|
|||
|
|||
def detect_file_indicator_type(indicator_value): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets add unit test for this method.
Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py
Outdated
Show resolved
Hide resolved
…o XSUP31411/StixParser
…o XSUP31411/StixParser
…o XSUP31411/StixParser
Pre commit failed due to a known issue CIAC-9294 |
* fix stix parser * fix docker image and ruff * ruff * ruff * fix CR * Update 1_33_6.md * fix CR * csp add rn * csp add rn * tests * update RN conflicts * cr review * add use case * Update CommonServerPython_test.py * add use case * fix coverge report * fix coverge report * fix coverge report * fix tests * Update CommonServerPython_test.py * fix_tests * Update CommonServerPython_test.py * Update CommonServerPython_test.py * add tests * add tests * add tests * add tests * add tests * remove tests * remove tests * Update 1_33_7.md
* fix stix parser * fix docker image and ruff * ruff * ruff * fix CR * Update 1_33_6.md * fix CR * csp add rn * csp add rn * tests * update RN conflicts * cr review * add use case * Update CommonServerPython_test.py * add use case * fix coverge report * fix coverge report * fix coverge report * fix tests * Update CommonServerPython_test.py * fix_tests * Update CommonServerPython_test.py * Update CommonServerPython_test.py * add tests * add tests * add tests * add tests * add tests * remove tests * remove tests * Update 1_33_7.md
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: https://jira-dc.paloaltonetworks.com/browse/XSUP-31411
Description
Fixed an issue where STIX indicators were not parsed when type information was missing.
Must have