Fix [tidal] check for existing sub clusters

clusters/tidal-software.json

@@ -22752,6 +22752,10 @@
         {
           "dest-uuid": "a4700431-6578-489f-9782-52e394277296",
           "type": "similar"
+        },
+        {
+          "dest-uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",
+          "type": "similar"
         }
       ],
       "uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
@@ -30905,20 +30909,6 @@
       "uuid": "2143f749-d7b8-43c0-8041-8aeb486142c2",
       "value": "TestWindowRemoteAgent"
     },
-    {
-      "description": "Based on similar descriptions of functionality, it appears S0146, as named by FireEye, is the same as Stage 4 of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. <sup>[[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)]</sup> <sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>",
-      "meta": {
-        "id": "1b0ec06d-0748-42ea-912f-e23f14d94b95"
-      },
-      "related": [
-        {
-          "dest-uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",
-          "type": "similar"
-        }
-      ],
-      "uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
-      "value": "DNSMessenger - Associated Software"
-    },
     {
       "description": "[TEXTMATE](https://app.tidalcyber.com/software/49d0ae81-d51b-4534-b1e0-08371a47ef79) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://app.tidalcyber.com/software/a4700431-6578-489f-9782-52e394277296) in February 2017. <sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>",
       "meta": {
@@ -30942,10 +30932,6 @@
         {
           "dest-uuid": "4f6aa78c-c3d4-4883-9840-96ca2f5d6d47",
           "type": "similar"
-        },
-        {
-          "dest-uuid": "6812793e-6342-4da6-b77f-ed29fab1fd9a",
-          "type": "similar"
         }
       ],
       "uuid": "49d0ae81-d51b-4534-b1e0-08371a47ef79",

tools/tidal-api/models/cluster.py

@@ -221,6 +221,19 @@ class GroupCluster(Cluster):
                     )
             if self.subs:
                 for associated_group in entry.get("associated_groups"):
+                    found = False
+                    for x in self.values:
+                        if associated_group.get("associated_group_id") == x.get("uuid"):
+                            x["related"].append(
+                                {
+                                    "dest-uuid": entry.get("id"),
+                                    "type": "similar",
+                                }
+                            )
+                            found = True
+                            break
+                    if found:
+                        continue
                     associated_meta = AssociatedGroupsMeta(
                         id=associated_group.get("id"),
                         owner_id=associated_group.get("owner_id"),
@@ -322,6 +335,19 @@ class SoftwareCluster(Cluster):
                     )
             if self.subs:
                 for associated_software in entry.get("associated_software"):
+                    found = False
+                    for x in self.values:
+                        if associated_software.get("associated_software_id") == x.get("uuid"):
+                            x["related"].append(
+                                {
+                                    "dest-uuid": entry.get("id"),
+                                    "type": "similar",
+                                }
+                            )
+                            found = True
+                            break
+                    if found:
+                        continue
                     associated_meta = AssociatedSoftwareMeta(
                         id=associated_software.get("id"),
                         owner_id=associated_software.get("owner_id"),