Graceful degradation for MITRE data loaders on network failure#466
Draft
Graceful degradation for MITRE data loaders on network failure#466
Conversation
When loading MITRE ATT&CK or D3FEND data from the default URL fails (e.g., no internet connectivity), return empty data with a warning instead of raising a RuntimeError. Custom URL failures still raise RuntimeError since the user explicitly configured them. This fixes the issue where sigma-cli update-cache --url mitre_attack:file would fail with URLError on offline systems because mitre_d3fend (without a URL override) would try to download from the internet. Agent-Logs-Url: https://github.com/SigmaHQ/pySigma/sessions/23765f2f-b668-445b-84b7-980815228637 Co-authored-by: thomaspatzke <1845601+thomaspatzke@users.noreply.github.com>
Agent-Logs-Url: https://github.com/SigmaHQ/pySigma/sessions/23765f2f-b668-445b-84b7-980815228637 Co-authored-by: thomaspatzke <1845601+thomaspatzke@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
thomaspatzke
April 15, 2026 15:22
View session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On offline systems,
sigma pysigma update-cache --url mitre_attack:"./enterprise-attack.json"fails withurllib.error.URLErrorbecause the sigma-cli iterates all datasets andmitre_d3fend(without a URL override) still attempts to download from the default URL.PR #465 deferred MITRE loading in tag validators, but the data loaders themselves still raise on any network failure, even when no custom URL was explicitly configured.
Changes
sigma/data/mitre_attack.pyandsigma/data/mitre_d3fend.py: When loading from the default URL fails, return empty data with awarnings.warn()instead of raisingRuntimeError. Custom URL failures still raise — the user explicitly configured a source and should know it's broken._empty_data()helpers returning the expected dict structure with empty collections.