Description
In send_analysis_batch (pyintelowl.py, line 457), the TLP field defaults to "WHITE":
However, all other methods in the codebase (such as send_file_analysis_request and send_observable_analysis_request) default the TLP value to "CLEAR".
This creates inconsistent behavior:
- A batch job submitted without specifying a
tlp gets WHITE.
- A direct CLI request defaults to
CLEAR.
Steps to Reproduce
- Create a batch JSON file without a
tlp field.
- Run:
pyintelowl analyse batch <file>
- Observe that the submitted job is assigned TLP
WHITE instead of CLEAR.
Expected Behavior
The default TLP value should be "CLEAR" to maintain consistency with other request methods.
Proposed Fix
Update line 457 in pyintelowl.py.
# Before
obj.get("tlp", "WHITE"),
# After
obj.get("tlp", "CLEAR"),
Description
In
send_analysis_batch(pyintelowl.py, line 457), the TLP field defaults to "WHITE":However, all other methods in the codebase (such as
send_file_analysis_requestandsend_observable_analysis_request) default the TLP value to"CLEAR".This creates inconsistent behavior:
tlpgetsWHITE.CLEAR.Steps to Reproduce
tlpfield.WHITEinstead ofCLEAR.Expected Behavior
The default TLP value should be
"CLEAR"to maintain consistency with other request methods.Proposed Fix
Update line 457 in
pyintelowl.py.