fix(ttp/stix): extract commands from both 'command' and 'command_text' keys

2026-05-09 07:43:44 -04:00
parent e548be3c49
commit d6a091be75
2 changed files with 3 additions and 3 deletions
--- a/decnet/ttp/stix_export.py
+++ b/decnet/ttp/stix_export.py
@@ -323,9 +323,9 @@ def build_fleet_bundle(
            except Exception:
                raw_cmds = []
        cmds = [
-            str(e.get("command_text", "")).strip()
+            str(e.get("command_text") or e.get("command") or "").strip()
            for e in raw_cmds
-            if isinstance(e, dict) and e.get("command_text")
+            if isinstance(e, dict) and (e.get("command_text") or e.get("command"))
        ]

        intel = row.get("threat_intel")