fix(ttp/stix): extract commands from both 'command' and 'command_text' keys

2026-05-09 07:43:44 -04:00
parent e548be3c49
commit d6a091be75
2 changed files with 3 additions and 3 deletions
--- a/decnet/web/db/sqlmodel_repo/attackers/activity.py
+++ b/decnet/web/db/sqlmodel_repo/attackers/activity.py
@@ -53,7 +53,7 @@ class AttackerActivityMixin(_MixinBase):
            seen: set[str] = set()
            out: list[str] = []
            for entry in commands:
-                text = str(entry.get("command_text", "")).strip()
+                text = str(entry.get("command_text") or entry.get("command") or "").strip()
                if text and text not in seen:
                    seen.add(text)
                    out.append(text)