ATTACK-Python-Client icon indicating copy to clipboard operation
ATTACK-Python-Client copied to clipboard

Published 20 hours ago verified publisher icon OTRF

Should PRE-attack be removed?

Open rubinatorz opened this issue 1 year ago • 0 comments

hi Roberto!

Because pre-attack is retired/deprecated, I think it should be removed from attackcti as well. What do you think? The thing is that this pre-attack data is not updated anymore in the STIX objects. Functions as get_groups are using the full CompositeDataSource with enterprise+ics+mobile+pre-attack. In this get_groups case, you will also have the pre-attack groups while those groups do not have all fields that enterprise/ics/mobile do have (like x_mitre_domains).

I can imagine that you would like to keep it because of backwardscompatability. But we then can maybe think of a solution that when you create an instance of the attack_client, you can pass an optional parameter to exclude pre-attack. If you want, I can propose a PR for that.

Regards, Ruben

rubinatorz avatar Sep 16 '22 07:09 rubinatorz