work in progress for mandiant threat intel integration, cisagov#358

mmguero-dev · Nov 8, 2024 · 7810d02 · 7810d02
1 parent b07504f
commit 7810d02
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/shared/bin/zeek_threat_feed_utils.py b/shared/bin/zeek_threat_feed_utils.py
@@ -311,7 +311,7 @@ def map_mandiant_indicator_to_zeek(
             for hashish in hashes:
                 if hashVal := hashish.get('value', None):
                     tmpItem = copy.deepcopy(zeekItem)
-                    tmpItem[ZEEK_INTEL_INDICATOR] = hashish
+                    tmpItem[ZEEK_INTEL_INDICATOR] = hashVal
                     if newId := hashish.get('id', None):
                         tmpItem[ZEEK_INTEL_META_URL] = f'https://advantage.mandiant.com/indicator/{newId}'
                     results.append(tmpItem)