anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ttp/stix): extract commands from both 'command' and 'command_text' keys

Browse Source
This commit is contained in:
anti
2026-05-09 07:43:44 -04:00
parent e548be3c49
commit d6a091be75
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
decnet/ttp/stix_export.py
View File

@@ -323,9 +323,9 @@ def build_fleet_bundle(
except Exception: except Exception:
raw_cmds = [] raw_cmds = []
cmds = [ cmds = [
str(e.get("command_text", "")).strip() str(e.get("command_text") or e.get("command") or "").strip()
for e in raw_cmds for e in raw_cmds
if isinstance(e, dict) and e.get("command_text") if isinstance(e, dict) and (e.get("command_text") or e.get("command"))
] ]
intel = row.get("threat_intel") intel = row.get("threat_intel")

2
decnet/web/db/sqlmodel_repo/attackers/activity.py
View File

@@ -53,7 +53,7 @@ class AttackerActivityMixin(_MixinBase):
seen: set[str] = set() seen: set[str] = set()
out: list[str] = [] out: list[str] = []
for entry in commands: for entry in commands:
text = str(entry.get("command_text", "")).strip() text = str(entry.get("command_text") or entry.get("command") or "").strip()
if text and text not in seen: if text and text not in seen:
seen.add(text) seen.add(text)
out.append(text) out.append(text)