The purpose of this Add-on is to create a
Traffic Light Protocol sign that can be added in Resilient Summary Section for exemple when an Artifact is enriched by a TLP value
Actually the detection is based on the field Artifact Description contains TLP = color like "TLP = Amber".
Of course, you can change this qualification based on how the TLP is stored in your data.
The results is stored in 3 new fields that can be used in your process and layout:
incident.properties.tlp contains the color of the TLP in text
incident.properties.tlp_coding contains the rich text colored view of the color
TLP:AMBER incident.properties.tlp_txt contains the description of the impact of the color on the incident IOC sharing
Result sample in Summary section:
Note added for tracability:
Note that if you want the image of the TLP, a little work in the layout using sections will allow upi to show the right colord PNG in the layout.Attached is the res file to import this configuration.
Feel free to use, change, adapt this code to your usage
Building the res file:
resilient-circuits extract --script "GUI: TLP" "TLP : Trace" --rule "GUI: TLP" "TLP : Green" "TLP : White" "TLP : Amber" "TLP : Red" --field "tlp" "tlp_txt" "tlp_coding" -o config_TLP.res --zip
------------------------------
BENOIT ROSTAGNI
------------------------------