Should PRE-attack be removed? #59
Labels
enhancement
New feature or request
Comments
|
Hello @rubinatorz ! Sorry for the late response. I was working on a few other projects and got sidetracked. I meant to respond earlier. I believe it should be removed. Agreed. I like the idea of by default remote pre-attack and allow the user to enable it for backwards compatibility. |
|
It would be super helpful if you could propose a solution via a PR> it would make it easier and faster to apply to the project. thank you as always for contributing @rubinatorz :) |
|
Thanks @Cyb3rWard0g for your reply! No worries on the late reply! I just created a PR #61 for this. |
|
PR Merged. I will update the Python package. I appreciate the support and contributions @rubinatorz ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hi Roberto!
Because pre-attack is retired/deprecated, I think it should be removed from attackcti as well. What do you think? The thing is that this pre-attack data is not updated anymore in the STIX objects. Functions as get_groups are using the full CompositeDataSource with enterprise+ics+mobile+pre-attack. In this get_groups case, you will also have the pre-attack groups while those groups do not have all fields that enterprise/ics/mobile do have (like x_mitre_domains).
I can imagine that you would like to keep it because of backwardscompatability. But we then can maybe think of a solution that when you create an instance of the attack_client, you can pass an optional parameter to exclude pre-attack. If you want, I can propose a PR for that.
Regards,
Ruben
The text was updated successfully, but these errors were encountered: