DECNET

anti/DECNET

Fork 0

Commit Graph

Author	SHA1	Message	Date
anti	4c6b12dcf8	feat(stix_export): wire fingerprint bounties through all endpoints + tests Remaining files from the fingerprint-bounties + characterizes-SRO commit: misp_export, repository, bounties mixin, all 4 router endpoints, and test suite updates. Prerequisite: previous commit added _extract_fingerprint_bounty_data and the stix_export changes.	2026-05-09 09:14:48 -04:00
anti	97c99a4e03	feat(ttp): rich ThreatActor STIX extensions via CustomExtension + CustomObject - stix_custom.py: DecnetActorFingerprintExt (@CustomExtension) wrapping network_behavior (os_guess/hop_distance/tcp_fingerprint/timing_stats/ phase_sequence/behavior_class/beacon fields/tool_guesses) and protocol_fingerprints (ja3_hashes/hassh_hashes/kex_order_raw/ ssh_client_banners/tls_cert_sha256/payload_simhashes/c2_endpoints). XDecnetBehaveProfile (@CustomObject x-decnet-behave-profile) carrying full BEHAVE-SHELL observation envelopes + kd_digraph_simhash. FINGERPRINT_EXT_DEF singleton extension-definition SDO. - Drop legacy flat x_decnet_ja3_hashes / x_decnet_hassh_hashes / x_decnet_c2_endpoints (pre-v1, no consumers). - stix_export: _threat_actor() wired to behavior + observations; build_attacker_bundle/build_fleet_bundle grow observations parameter. - Repo: list_observations_by_attacker + get_all_observations_for_export abstract + sqlmodel impl; all four export endpoints extended. - 18 new tests; inter-DECNET round-trip (stix2.parse → typed objects) is the primary fidelity assertion.	2026-05-09 08:52:19 -04:00
anti	1200ac9132	feat(stix): STIX→MISP download export (per-attacker + fleet) Adds GET /api/v1/attackers/{uuid}/export/misp and GET /api/v1/attackers/export/misp backed by misp_export.py, which converts existing STIX bundles to MISP events via misp-stix ExternalSTIX2toMISPParser. Fleet endpoint emits {response:[...]} collection (one event per attacker). Frontend: STIX/MISP buttons on AttackerDetail header and Attackers list. 13 new tests green.	2026-05-09 08:04:25 -04:00

Author

SHA1

Message

Date

anti

4c6b12dcf8

feat(stix_export): wire fingerprint bounties through all endpoints + tests

Remaining files from the fingerprint-bounties + characterizes-SRO commit:
misp_export, repository, bounties mixin, all 4 router endpoints, and test suite
updates. Prerequisite: previous commit added _extract_fingerprint_bounty_data
and the stix_export changes.

2026-05-09 09:14:48 -04:00

anti

97c99a4e03

feat(ttp): rich ThreatActor STIX extensions via CustomExtension + CustomObject

- stix_custom.py: DecnetActorFingerprintExt (@CustomExtension) wrapping
  network_behavior (os_guess/hop_distance/tcp_fingerprint/timing_stats/
  phase_sequence/behavior_class/beacon fields/tool_guesses) and
  protocol_fingerprints (ja3_hashes/hassh_hashes/kex_order_raw/
  ssh_client_banners/tls_cert_sha256/payload_simhashes/c2_endpoints).
  XDecnetBehaveProfile (@CustomObject x-decnet-behave-profile) carrying
  full BEHAVE-SHELL observation envelopes + kd_digraph_simhash.
  FINGERPRINT_EXT_DEF singleton extension-definition SDO.
- Drop legacy flat x_decnet_ja3_hashes / x_decnet_hassh_hashes /
  x_decnet_c2_endpoints (pre-v1, no consumers).
- stix_export: _threat_actor() wired to behavior + observations;
  build_attacker_bundle/build_fleet_bundle grow observations parameter.
- Repo: list_observations_by_attacker + get_all_observations_for_export
  abstract + sqlmodel impl; all four export endpoints extended.
- 18 new tests; inter-DECNET round-trip (stix2.parse → typed objects)
  is the primary fidelity assertion.

2026-05-09 08:52:19 -04:00

anti

1200ac9132

feat(stix): STIX→MISP download export (per-attacker + fleet)

Adds GET /api/v1/attackers/{uuid}/export/misp and
GET /api/v1/attackers/export/misp backed by misp_export.py, which
converts existing STIX bundles to MISP events via misp-stix
ExternalSTIX2toMISPParser. Fleet endpoint emits {response:[...]}
collection (one event per attacker). Frontend: STIX/MISP buttons on
AttackerDetail header and Attackers list. 13 new tests green.

2026-05-09 08:04:25 -04:00

3 Commits