ATTACK-Python-Client
ATTACK-Python-Client copied to clipboard
Should PRE-attack be removed?
hi Roberto!
Because pre-attack is retired/deprecated, I think it should be removed from attackcti as well. What do you think? The thing is that this pre-attack data is not updated anymore in the STIX objects. Functions as get_groups are using the full CompositeDataSource with enterprise+ics+mobile+pre-attack. In this get_groups case, you will also have the pre-attack groups while those groups do not have all fields that enterprise/ics/mobile do have (like x_mitre_domains).
I can imagine that you would like to keep it because of backwardscompatability. But we then can maybe think of a solution that when you create an instance of the attack_client, you can pass an optional parameter to exclude pre-attack. If you want, I can propose a PR for that.
Regards, Ruben