diff --git a/core/schemas/indicators/forensicartifact.py b/core/schemas/indicators/forensicartifact.py index 793f16df1..b1f5744d6 100644 --- a/core/schemas/indicators/forensicartifact.py +++ b/core/schemas/indicators/forensicartifact.py @@ -9,7 +9,6 @@ from pydantic import field_validator from core.schemas import indicator -from core.schemas.indicators import regex class ForensicArtifact(indicator.Indicator): @@ -19,9 +18,7 @@ class ForensicArtifact(indicator.Indicator): """ _type_filter: ClassVar[str] = indicator.IndicatorType.forensicartifact - type: Literal[indicator.IndicatorType.forensicartifact] = ( - indicator.IndicatorType.forensicartifact - ) + type: Literal[indicator.IndicatorType.forensicartifact] = indicator.IndicatorType.forensicartifact sources: list[dict] = [] aliases: list[str] = [] @@ -109,17 +106,17 @@ def save_indicators(self, create_links: bool = False): pattern = re.escape(pattern).replace("\\*", ".*") # Account for different path separators pattern = re.sub(r"\\\\", r"[\\|/]", pattern) - regex_indicator = regex.Regex.find(name=path) - if not regex_indicator: + regex = indicator.Regex.find(name=path) + if not regex: try: - regex_indicator = regex.Regex( + regex = indicator.Regex( name=path, pattern=pattern, location="filesystem", diamond=indicator.DiamondModel.victim, relevant_tags=self.relevant_tags, ).save() - indicators.append(regex_indicator) + indicators.append(regex) except Exception as error: logging.error( f"Failed to create indicator for {path} (was: {source['attributes']['paths']}): {error}" @@ -127,10 +124,10 @@ def save_indicators(self, create_links: bool = False): continue else: - regex_indicator.relevant_tags = list( - set(regex_indicator.relevant_tags + self.relevant_tags) + regex.relevant_tags = list( + set(regex.relevant_tags + self.relevant_tags) ) - regex_indicator.save() + regex.save() if source["type"] == definitions.TYPE_INDICATOR_WINDOWS_REGISTRY_KEY: for key in source["attributes"]["keys"]: pattern = re.sub(r"\\\*$", "", key) @@ -147,33 +144,31 @@ def save_indicators(self, create_links: bool = False): ) pattern = pattern.replace("HKEY_LOCAL_MACHINE\\\\System\\\\", "") - regex_indicator = regex.Regex.find(name=key) + regex = indicator.Regex.find(name=key) - if not regex_indicator: + if not regex: try: - regex_indicator = regex.Regex( + regex = indicator.Regex( name=key, pattern=pattern, location="registry", diamond=indicator.DiamondModel.victim, relevant_tags=self.relevant_tags, ).save() - indicators.append(regex_indicator) + indicators.append(regex) except Exception as error: logging.error( f"Failed to create indicator for {key} (was: {source['attributes']['keys']}): {error}" ) continue else: - regex_indicator.relevant_tags = list( - set(regex_indicator.relevant_tags + self.relevant_tags) + regex.relevant_tags = list( + set(regex.relevant_tags + self.relevant_tags) ) - regex_indicator.save() + regex.save() if create_links: for indicator_obj in indicators: - indicator_obj.link_to( - self, "indicates", f"Indicates {indicator_obj.name}" - ) + indicator_obj.link_to(self, "indicates", f"Indicates {indicator_obj.name}") return indicators