Added Threat Actor to trustar_report definition

[pwrenn]

Simple change adding Threat Actor to the attributes within trustar_report

[adulau]

Thanks for the PR.

A small question, is there a specific reason to not use a MISP galaxy to link with threat-actor? That would be more consistent within a sharing community.

[pwrenn]

@adulau TruSTAR declares Threat Actor as an indicator type like the rest of the attributes in our definition.json file. Without being able to declare it here it will not be ingested properly into MISP. I think this can run in parallel with a Galaxy.

[packet-rat]

Operations against Threat_Actor Attribute are failing because TruSTAR Report Object has reverted to the original version ( as of at least 2.4.135)

[JSON File] (https://github.com/MISP/misp-objects/blob/main/objects/trustar_report/definition.json)

[adulau]

Can someone update the PR? Thanks a lot. Not really familiar with TruSTAR.

[packet-rat]

@adulau - Thanks for the timely response. I'm reaching out to pwrenn at TruSTAR to see if we can fix the PR.

Question: You referenced using a MISP Galaxy Reference. Can you summarize an example and/or point to a good reference?

[adulau]

It should be fixed in 2cb16e7 - Feel free to reopen if you have any issue.