update FalconcustomIOC responder to set the case title for the source…

… parameter
TheHive-Project · Feb 17, 2019 · b869686 · b869686
1 parent 855cdc7
commit b869686
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/responders/FalconCustomIOC/FalconCustomIOC.py b/responders/FalconCustomIOC/FalconCustomIOC.py
@@ -37,7 +37,8 @@ def run(self):
                         else:
             			ioc=match.group(2)
 		description = self.get_param('data.case.title',None,"Can't get case title")
-		postdata=json.dumps([{"type": ioctypes[data_type], "value": ioc.strip(), "policy": "detect", "description": description, "share_level": "red", "source": "Cortex Responder - FalconCustomIOC", "expiration_days": 30}])
+		description = str(description).encode('utf-8')[:128]
+		postdata=json.dumps([{"type": ioctypes[data_type], "value": ioc.strip(), "policy": "detect", "description": description, "share_level": "red", "source": "Cortex - FalconCustomIOC ["+description+"]", "expiration_days": 30}])
 		response=requests.post(self.falconapi_url,data=postdata,headers={"Content-Type":"application/json"},auth=HTTPBasicAuth(self.apiuser,self.apikey))
 		json_response = json.loads(response.text)
 		if json_response["errors"]: