[Flare] Flare Connector Update#1
Conversation
…stness - Fall back to identity_name when username is empty for leaked credential observables - Add identity_name field to LeakedCredentialEvent dataclass - Pin pycti==7.260401.0 in requirements.txt - Improved error messages to include more context
ireydiak
force-pushed
the
jc/flare-connector
branch
6 times, most recently
from
31b5e57 to
a633f66
Compare
| ) -> int: | ||
| processed_count = 0 | ||
|
|
||
| for event in events: |
There was a problem hiding this comment.
Note for the future: OpenCTI recommends batching calls to stix2_create_bundle. This minimizes network stress and improves ingestion rate. We might implement the suggested _collect_intelligence method to retrieve and map events to stix2 and batch calls to stix2_create_bundle.
| event_actions=self.config.flare.event_actions, | ||
| ) | ||
| imported_count = self.process_events(events, work_id) | ||
| self.helper.set_state({"last_run": datetime.now(timezone.utc).isoformat()}) |
There was a problem hiding this comment.
Note for the future: we might need a more granular control over the management state. Right now successful events can be retried. If we implement batching we might also want to store its state and avoid processing and sending successful batches.
| COPY src /opt/opencti-connector-flare | ||
|
|
||
| # Install Python modules | ||
| # hadolint ignore=DL3003 |
There was a problem hiding this comment.
Is this lint ignore required? From what I can see it checks that we are not using cd, but we aren't here.
There was a problem hiding this comment.
C'est pas mal mieux cette nouvelle manière de faire là!
2 participants
Proposed changes
pyctias a Flare connector dependency.Related issues
None
Checklist
Further comments