anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(stix_export): wire fingerprint bounties through all endpoints + tests

Browse Source 
Remaining files from the fingerprint-bounties + characterizes-SRO commit:
misp_export, repository, bounties mixin, all 4 router endpoints, and test suite
updates. Prerequisite: previous commit added _extract_fingerprint_bounty_data
and the stix_export changes.
This commit is contained in:
anti
2026-05-09 09:14:48 -04:00
parent 51d0fc7b6c
commit 4c6b12dcf8
13 changed files with 181 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
decnet/web/router/attackers/api_export_attackers_misp.py
View File

@@ -43,15 +43,17 @@ async def api_export_attackers_misp(
user: dict[str, Any] = Depends(require_viewer),
) -> Response:
"""Download a MISP collection JSON covering every observed attacker."""
rows, ttp_by_attacker, obs_by_attacker = await asyncio.gather(
rows, ttp_by_attacker, obs_by_attacker, fp_by_ip = await asyncio.gather(
repo.get_all_attackers_for_export(),
repo.get_all_ttp_rollups_for_export(),
repo.get_all_observations_for_export(),
repo.get_all_fingerprint_bounties_for_export(),
)
collection = build_fleet_misp_collection(
rows=rows,
ttp_by_attacker=ttp_by_attacker,
observations_by_attacker=obs_by_attacker,
fingerprint_bounties_by_ip=fp_by_ip,
)
ts = datetime.now(timezone.utc).strftime("%Y%m%dT%H%M%SZ")
return Response(