Always make threat objects

ljstella · ljstella · commit 380b17e6187d · 2024-08-09T17:23:19.000-05:00
diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py
@@ -299,6 +299,11 @@ def risk(self) -> list[dict[str, Any]]:
                 risk_object['threat_object_field'] = entity.name
                 risk_object['threat_object_type'] = "url"
                 risk_objects.append(risk_object)
+            
+            elif 'Attacker' in entity.role:
+                risk_object['threat_object_field'] = entity.name
+                risk_object['threat_object_field'] = entity.type.lower()
+                risk_objects.append(risk_object)
 
             else:
                 risk_object['risk_object_type'] = 'other'
