anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ttp): STIX 2.1 bundle export for individual attackers

Browse Source 
GET /api/v1/attackers/{uuid}/export/stix returns a self-contained STIX
2.1 bundle: ip observation, threat-actor, ATT&CK attack-patterns with
canonical MITRE IDs, uses relationships, per-tag sightings, file SCOs
for artifacts, domain-name SCOs for SMTP targets, and a provider intel
note. Attack-pattern SDOs carry the MITRE bundle IDs so consumers
deduplicating against the public ATT&CK bundle get exact matches.
This commit is contained in:
anti
2026-05-09 07:21:22 -04:00
parent c4d6eb5bb3
commit fe0ed4a251
7 changed files with 653 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/db/test_base_repo.py
View File

@@ -127,6 +127,8 @@ class DummyRepo(BaseRepository):
await super().list_tags_by_scope_and_technique(**kw); return []
async def list_distinct_techniques(self):
await super().list_distinct_techniques(); return []
async def list_ttp_tags_by_attacker(self, uuid, limit=2000):
await super().list_ttp_tags_by_attacker(uuid, limit); return []
# Iter helpers — async generators, can't `await super()` on them
# because the base raises in the body before any yield. Just yield
# nothing so the consumer's ``async for`` exits cleanly.