m17hr1l/psyc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stage-4: ioc_extraction includes CVE-only cases

Browse Source 
The ExampleBuilder guard checked urls/domains/ips/hashes but not cves, so
CISA KEV cases (CVE is their only observable) were silently dropped from the
ioc_extraction dataset. Now they produce CVE-extraction examples.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
m17hr1l
2026-05-17 23:45:55 +02:00
parent 2138611fdb
commit afba077f6f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/psyc/lines/train.py
View File

@@ -62,7 +62,7 @@ class DatasetReport(BaseModel):
def _ex_ioc_extraction(case: Case) -> Optional[Example]: def _ex_ioc_extraction(case: Case) -> Optional[Example]:
obs = case.observables obs = case.observables
if not (obs.urls or obs.domains or obs.ips or obs.hashes): if not (obs.urls or obs.domains or obs.ips or obs.hashes or obs.cves):
return None return None
threat = case.source_metadata.get("threat", "malware") threat = case.source_metadata.get("threat", "malware")
tags = case.source_metadata.get("tags", "") tags = case.source_metadata.get("tags", "")