add pr comments

OpenCTI-Platform · Sep 12, 2024 · 8a02831 · 8a02831
1 parent 835c4f3
commit 8a02831
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/external-import/zerofox/src/collectors/mappers/c2DomainsToInfrastructure.py b/external-import/zerofox/src/collectors/mappers/c2DomainsToInfrastructure.py
@@ -14,7 +14,7 @@
 
 
 def c2_domains_to_infrastructure(
-    created_by: Identity,
+    created_by : str,
     now: str,
     entry: C2Domain,
 ) -> List[Union[Infrastructure, Relationship, IPv4Address, IPv6Address]]:

diff --git a/external-import/zerofox/src/collectors/mappers/ransomwareToMalware.py b/external-import/zerofox/src/collectors/mappers/ransomwareToMalware.py
@@ -9,7 +9,9 @@
 
 
 def ransomware_to_malware(
-    created_by, now: str, entry: Ransomware
+    created_by,
+    now: str,
+    entry: Ransomware
 ) -> List[Union[Relationship, Indicator, File, stixMalware]]:
     """
     Based on a ZeroFox Ransomware object, creates the following STIX objects:

diff --git a/external-import/zerofox/src/main.py b/external-import/zerofox/src/main.py
@@ -7,7 +7,7 @@
 import stix2
 from collectors.builder import build_collectors
 from collectors.collector import Collector
-from pycti import OpenCTIConnectorHelper
+from pycti import OpenCTIConnectorHelper, Identity
 from time_.interval import delta_from_interval, seconds_from_interval
 from zerofox.app.zerofox import ZeroFox
 
@@ -16,6 +16,7 @@
     url="https://www.zerofox.com/threat-intelligence/",
     description="ZeroFox provides comprehensive, accurate, and timely intelligence bundles through its API.",
 )
+ZEROFOX = "ZeroFox"
 
 
 class ZeroFoxConnector:
@@ -44,7 +45,8 @@ def __init__(self):
             logger=self.helper.connector_logger,
         )
         self.author = stix2.Identity(
-            name="ZeroFox Connector",
+            id = Identity.generate_id(ZEROFOX, "organization"),
+            name=ZEROFOX,
             identity_class="organization",
         )
 
@@ -149,7 +151,7 @@ def collect_intelligence_for_endpoint(
             self.send_bundle(work_id=work_id, bundle_objects=[self.author])
             self.helper.log_info(f"Running collector: {collector_name}")
             missed_entries, bundle_objects = collector.collect_intelligence(
-                created_by=self.author,
+                created_by=self.author.id,
                 now=now,
                 last_run_date=datetime.fromtimestamp(last_run, UTC),
                 logger=self.helper.connector_logger,

diff --git a/external-import/zerofox/src/open_cti/observables.py b/external-import/zerofox/src/open_cti/observables.py
@@ -1,6 +1,6 @@
 from typing import Type
 
-from stix2 import Identity
+from stix2 import TLP_AMBER
 from stix2.base import _Observable
 
 main_observable_type = "x_opencti_main_observable_type"
@@ -21,11 +21,12 @@ def _get_observable_type(cls: Type[_Observable]) -> str:
     return _type
 
 
-def build_observable(created_by: Identity, cls: Type[_Observable], **kwargs):
+def build_observable(created_by: str, cls: Type[_Observable], **kwargs):
     return cls(
         **kwargs,
         custom_properties={
             main_observable_type: _get_observable_type(cls),
             created_by_ref: created_by,
         },
+        object_marking_refs=[TLP_AMBER.id]
     )