fixes changes

yeti-platform · Apr 2, 2024 · 281a2bb · 281a2bb
1 parent 92b6b09
commit 281a2bb
Showing 1 changed file with 9 additions and 11 deletions.
diff --git a/plugins/feeds/public/otx_alienvault.py b/plugins/feeds/public/otx_alienvault.py
@@ -97,13 +97,6 @@ def analyze(self, item):
                 investigation.link_to(ent, "Observed", "OTXAlienVault")
             elif type_ind in indicator.IndicatorType:
                 if type_ind == indicator.IndicatorType.yara:
-                    ind_obj = indicator.Indicator(
-                        name=f"YARA_{otx_indic['indicator']}",
-                        pattern="OTX",
-                        type=indicator.IndicatorType.yara,
-                        location="OTX",
-                        diamond=indicator.DiamondModel.capability,
-                    )
                     # sometimes the content is empty
                     if not otx_indic["content"]:
                         continue
@@ -114,11 +107,16 @@ def analyze(self, item):
                     except Exception as e:
                         logging.error(f"Error compiling YARA rule: {e}")
                         continue
+
                     t = list(r)[0]
-                    ind_obj.name = t.identifier
-                    if "description" in t.meta:
-                        ind_obj.description = t.meta["description"]
-
+                    ind_obj = indicator.Indicator(
+                        name=f"{t.identifer}",
+                        pattern=otx_indic["content"],
+                        type=indicator.IndicatorType.yara,
+                        location="OTX",
+                        diamond=indicator.DiamondModel.capability,
+                        description=t.meta['description'],
+                    ).save()
                     ind_obj.pattern = otx_indic["content"]
                     ind_obj.save()
                     investigation.link_to(ind_obj, "Observed", "OTXAlienVault")