Ingest specific IOC types into Sentinel

[Camel0101]

Hello,

The “type_attribute” parameter in “misp_event_filters” is used to return events that contain one of the filter's types in their attributes, but all the attributes of these filtered events will be sent to Sentinel, even those that don't match the “type_attribute” filter.

Is there a way of filtering attributes so that only those of a certain type are sent?

Thank you !

[cudeso]

Hello,

Indeed, that's mostly due to the fact that the script fetches events (https://github.com/cudeso/misp2sentinel/blob/main/script.py#L89), which elements are then translated to STIX objects. It does not query for individual attributes.
In the current implementation it's not immediately foreseen to filter on attribute types. One approach could be to play with UPLOAD_INDICATOR_MISP_ACCEPTED_TYPES https://github.com/cudeso/misp2sentinel/blob/main/constants.py#L85 but would have to check if this does not break the STIX translation.