def tools(galaxy):
connector = SnapshotConnector()
content = galaxy['elements']['threat-actor-tools']
for tool in content['values']:
eids = search('"{}"'.format(tool['value']), ['info', 'comment'])
eids += search(tool['value'], ['value', 'tags'])
if tool.get('synonyms'):
for syn in tool.get('synonyms'):
eids += search('"{}"'.format(syn), ['info', 'comment'])
eids += search(syn, ['value', 'tags'])
if eids:
top = [e for e, f in eids.most_common(20)]
connector.update_group('tools:{}'.format(tool['value']), *top)
def adversary_groups(galaxy):
connector = SnapshotConnector()
content = galaxy['elements']['adversary-groups']
for group in content['values']:
eids = search('"{}"'.format(group['value']), ['info', 'comment'])
eids += search(group['value'], ['value', 'tags'])
if group.get('synonyms'):
for syn in group.get('synonyms'):
eids += search('"{}"'.format(syn), ['info', 'comment'])
eids += search(syn, ['value', 'tags'])
if eids:
top = [e for e, f in eids.most_common(20)]
connector.update_group('adversaries:{}'.format(group['group']), *top)