fix

.github/workflows/python-ci.yml

@@ -23,6 +23,7 @@ jobs:
 
   build-docker-image:
     permissions:
+      artifact-metadata: write
       attestations: write
       contents: read
       id-token: write

README.md

@@ -1,13 +1,13 @@
 # Double Extortion OpenCTI Connector
 
-The Double Extortion connector ingests ransomware and data leak announcements published on the DoubleExtortion platform and converts them into STIX entities inside OpenCTI.
+The Double Extortion connector ingests ransomware and data-leak announcements published on the DoubleExtortion platform and converts them into STIX entities in OpenCTI.
 
 <img width="2532" height="1032" alt="dfz" src="https://github.com/user-attachments/assets/3072e3ce-de67-45a7-a88e-58447066096d" />
 
 ## Features
 
 - Authenticates against the DoubleExtortion AWS Cognito identity provider.
-- Collects double extortion announcements and models them as **Incidents**.
+- Collects Double Extortion announcements and models them as **Incidents**.
 - Creates **Organization** identities for victims.
 - Generates optional **Indicators** for advertised victim domains and leak hash identifiers.
 - Adds announcement-type labels to incidents (for example `dep:announcement-type:pii`).
@@ -68,7 +68,7 @@ A Dockerfile is provided to run the connector in a containerized environment. Bu
 docker build -t opencti-connector-dep .
 ```
 
-Then run it by passing the required configuration as environment variables or mounting the updated `config.yml`:
+Then run it by passing the required configuration as environment variables or by mounting an updated `config.yml`:
 
 ```bash
 docker run --rm \
@@ -88,7 +88,7 @@ docker run --rm \
 - Incidents are created with deterministic IDs derived from DEP `hashid`, and bundles are sent with `update=True`, so repeated records update existing incidents instead of creating duplicates.
 - The API occasionally URL-encodes announcement descriptions. The connector automatically decodes the description before sending it to OpenCTI.
 - Intrusion set creation is disabled by default because not every dataset represents a threat actor. If needed, adapt the logic in `DepConnector._process_item`.
-- To reload the new code inside the platform using docker compose run: `docker compose build dep-connector; docker compose up -d dep-connector; docker compose logs -f dep-connector`
+- To reload the connector code in the platform, run: `docker compose build dep-connector; docker compose up -d dep-connector; docker compose logs -f dep-connector`
 
 ## License
 

__metadata__/connector_manifest.json

@@ -1,8 +1,8 @@
 {
     "title": "DigIntLab DEP",
     "slug": "digintlab-dep",
-    "description": "In a world awash with data, Digital Intelligence Lab focuses on ways to unlock a wealth of insights. With us, you gain the power to pinpoint organizations hit by major cyber assaults, acquiring strategically pivotal intelligence that's invaluable for businesses focused on vigilant risk management.\n\nThe Double Extortion (DE) Platform has curated an array of cutting-edge tools and invaluable insights, meticulously crafted to empower businesses in navigating the ever-evolving cyber threat landscape with confidence and resilience.",
-    "short_description": "Digital Intelligence Lab's Double Extortion Platform tracks and monitors the cyber space to pinpoint organizations hit by major attacks, delivering business cyber intelligence for risk-focused teams.",
+    "description": "In a world awash with data, Digital Intelligence Lab focuses on uncovering meaningful insights. Our platform helps you pinpoint organizations hit by major cyberattacks and gather strategically important intelligence for vigilant risk management.\n\nThe Double Extortion (DE) Platform offers an array of cutting-edge tools and high-value insights, designed to help businesses navigate the ever-evolving cyber threat landscape with confidence and resilience.",
+    "short_description": "Digital Intelligence Lab's Double Extortion Platform tracks and monitors the cyber space to pinpoint organizations hit by major attacks, delivering cyber intelligence for risk-focused teams.",
     "logo": "external-import/digintlab-dep/__metadata__/logo.png",
     "use_cases": [
         "Commercial Threat Intelligence"
@@ -18,4 +18,4 @@
     "container_version": "rolling",
     "container_image": "opencti/connector-digintlab-dep",
     "container_type": "EXTERNAL_IMPORT"
-}
+}

config.yml.sample

@@ -10,7 +10,7 @@ connector:
   log_level: info
   interval: 3600 # In seconds
 
-# Connector specific configuration
+# Connector-specific configuration
 # All values can also be provided with environment variables prefixed with
 # DEP_ (for example DEP_USERNAME)
 # and the generic connector values with CONNECTOR_ and OPENCTI_ prefixes.
@@ -28,4 +28,4 @@ dep:
   extended_results: true
   enable_site_indicator: true
   enable_hash_indicator: true
-  skip_empty_victim: true
+  skip_empty_victim: true