From fcd95d81fd9c03d2b3fb211cd219837021da0b6b Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Wed, 6 Nov 2024 15:04:14 -0700 Subject: [PATCH] work in progress for mandiant threat intel integration, cisagov/Malcolm#358 --- shared/bin/zeek_threat_feed_utils.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/shared/bin/zeek_threat_feed_utils.py b/shared/bin/zeek_threat_feed_utils.py index a744fa841..a6fd66bc8 100644 --- a/shared/bin/zeek_threat_feed_utils.py +++ b/shared/bin/zeek_threat_feed_utils.py @@ -846,9 +846,14 @@ def ProcessThreatInputWorker(threatInputWorkerArgs): client_name=inarg.get('client_name', mandiant_threatintel.CLIENT_APP_NAME), ): for indicator in mati_client.Indicators.get_list( + start_epoch=since if since else datetime.now() - relativedelta(weeks=1), minimum_mscore=inarg.get('minimum_mscore', 60), exclude_osint=inarg.get('exclude_osint', False), - start_epoch=since if since else datetime.now() - relativedelta(months=1), + include_campaigns=inarg.get('include_campaigns', False), + include_reports=inarg.get('include_reports', False), + include_threat_rating=inarg.get('include_threat_rating', False), + include_misp=inarg.get('include_misp', True), + include_category=inarg.get('include_category', True), ): try: if zeekPrinter.ProcessMandiant(indicator):