connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

Splitting MISP Tags

Open SYNchroACK opened this issue 3 years ago • 3 comments

https://github.com/OpenCTI-Platform/connectors/blob/6efe0a66cae94223f5b71e831793af6d84407841/external-import/misp/src/misp.py#L2067

From line 2067 to 2082. What is the goal of that code? Why do we need to split MISP tags, etc...? For example, a tag like security:report:middle-east it will be translated to a label in OpenCTI as report.

I would like to improve the code but I really don't understand the purpose of those lines.

SYNchroACK avatar Dec 01 '22 16:12 SYNchroACK

I will enhance the code.

The purpose of the code is to avoid useless content in tags coming from MISP.

SamuelHassine avatar Feb 10 '23 06:02 SamuelHassine

@SamuelHassine How do you plan to improve the code, and for what purpose?

Jipegien avatar Jul 26 '23 08:07 Jipegien

Hello @Jipegien,

The purpose here is to clean tags, but it is hardcoded to take the second part of the label splitted with ":". We need to take the last part.

An option is already available to not clean the labels.

Kind regards, Samuel

SamuelHassine avatar Jul 26 '23 13:07 SamuelHassine