Matthias Vallentin
Matthias Vallentin
Intuitively, `EXISTS` is the natural fit. It's listed as set operation, though, indicating that it's basically set membership. But I would argue that you could argue that field existence is...
How do you switch between listening and connecting? Is hard-coding the former the primary use case?
@tobim can you try whether that fixes the issue with your Nix setup?
We'll bring this one back to life after #2058.
So I found this function: ```py def _load_sighting(self, sighting: _SIGHTING_TYPING): misp_sighting = MISPSighting() sighting_args = { 'date_sighting': self._timestamp_from_date(sighting.modified), 'type': '0' } if hasattr(sighting, 'description'): sighting_args['source'] = sighting.description if hasattr(sighting, 'where_sighted_refs'):...
As I am going down the rabbit hole, here's an attempt to wrap my Sighting into a bundle to load it afterwards: ```py parser = misp_stix_converter.ExternalSTIX2toMISPParser() bundle = stix2.Bundle(objects=sighting) parser.load_stix_bundle(bundle)...
Good to know, thanks! Until then I'll unpack the Sighting by hand.
For example, the script generates the following output: ```json { "1": { "name": "ProcessCreate", "desc": "PROCESS CREATION", "args": [ "UtcTime", "ProcessGuid", "ProcessID", "Image", "FileVersion", "Description", "Product", "Company", "CommandLine", "CurrentDirectory", "User",...
Yep, this is exactly the implementation I'm using now.
Thanks a lot for noting these issues! I've fixed the 2nd errata already in the main branch. Regarding the 1st. I'm not exactly sure what it is that you are...