TruSTAR MISP Object Template is the wrong version

[packet-rat]

TruSTAR MISP Object Template is V1 Should be V2:

misp-objects/objects/trustar_report/definition.json

Version 2 incorporates:

THREAT_ACTOR | threat-actor |   | 1 | A string identifying a Threat Actor

Mainstream MISP has the correct version in 2.4.131, pymisp does not...

[Rafiot]

This is the mainstream template: https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json

It doesn't have a THREAT_ACTOR. Is it possible that someone updated the template in your MISP instance and didn't share it with us? Either way, can you point us to the json file of the template you're referring to? If we get it before tomorrow, it will be in the upcoming release of MISP/PyMISP.

[adulau]

There is a pull-request for the TruStar object but it seems to be incorrect. Another question, It might be more appropriate to use the treat-actor galaxy on TruStar object at the end.

[packet-rat]

Operations against Threat_Actor Attribute are failing because TruSTAR Report Object has reverted to the original version ( as of at least 2.4.135)

[JSON File] (https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json)

[pwrenn]

@adulau I was trying to update https://github.com/MISP/misp-objects/pull/273 with that new Threat Actor attribute. Please tell me what needs to happen to get this PR pushed through. TruSTAR now supports Threat Actors as an IOC type and this change ensures that they will easily be passed into MISP as part of the trustar_report definition.

[pwrenn]

@packet-rat they have pushed the fix, you can close this issue