clenk
commented
4 years ago Glad you were able to solve it. :)
Closed fugitive101 closed 4 years ago
clenk
commented
4 years ago Glad you were able to solve it. :)
While trying to translate MAEC to STIX timestamp is not in a recognizable format.
$ maec2stix 7c61182562c07108397b1414a7450519.json Traceback (most recent call last): File "/home/user/.local/lib/python3.8/site-packages/stix2/utils.py", line 245, in parse_into_datetime parsed = dt.datetime.strptime(value, fmt) File "/usr/lib/python3.8/_strptime.py", line 568, in _strptime_datetime tt, fraction, gmtoff_fraction = _strptime(data_string, format) File "/usr/lib/python3.8/_strptime.py", line 349, in _strptime raise ValueError("time data %r does not match format %r" % ValueError: time data '2020-01-22 11:27:50' does not match format '%Y-%m-%dT%H:%M:%SZ'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/home/user/.local/lib/python3.8/site-packages/stix2/base.py", line 104, in _check_property kwargs[prop_name] = prop.clean(kwargs[prop_name]) File "/home/user/.local/lib/python3.8/site-packages/stix2/properties.py", line 376, in clean return parse_into_datetime( File "/home/user/.local/lib/python3.8/site-packages/stix2/utils.py", line 248, in parse_into_datetime raise ValueError( ValueError: must be a datetime object, date object, or timestamp string in a recognizable format.
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/usr/local/bin/maec2stix", line 11, in
load_entry_point('maec2stix==1.0', 'console_scripts', 'maec2stix')()
File "/usr/local/lib/python3.8/dist-packages/maec2stix-1.0-py3.8.egg/maec2stix/cli.py", line 77, in main
File "/usr/local/lib/python3.8/dist-packages/maec2stix-1.0-py3.8.egg/maec2stix/translator.py", line 1317, in translate_package_to_object
File "/home/user/.local/lib/python3.8/site-packages/stix2/parsing.py", line 47, in parse
obj = dict_to_stix2(obj, allow_custom, version)
File "/home/user/.local/lib/python3.8/site-packages/stix2/parsing.py", line 142, in dict_to_stix2
return obj_class(allow_custom=allow_custom, stix_dict)
File "/home/user/.local/lib/python3.8/site-packages/stix2/v21/bundle.py", line 34, in init
super(Bundle, self).init(kwargs)
File "/home/user/.local/lib/python3.8/site-packages/stix2/base.py", line 198, in init
self._check_property(prop_name, prop_metadata, setting_kwargs)
File "/home/user/.local/lib/python3.8/site-packages/stix2/base.py", line 104, in _check_property
kwargs[prop_name] = prop.clean(kwargs[prop_name])
File "/home/user/.local/lib/python3.8/site-packages/stix2/properties.py", line 234, in clean
result = [
File "/home/user/.local/lib/python3.8/site-packages/stix2/properties.py", line 235, in
self.contained.clean(item)
File "/home/user/.local/lib/python3.8/site-packages/stix2/properties.py", line 721, in clean
parsed_obj = parse(dictified, allow_custom=self.allow_custom)
File "/home/user/.local/lib/python3.8/site-packages/stix2/parsing.py", line 47, in parse
obj = dict_to_stix2(obj, allow_custom, version)
File "/home/user/.local/lib/python3.8/site-packages/stix2/parsing.py", line 142, in dict_to_stix2
return obj_class(allow_custom=allow_custom, **stix_dict)
File "/home/user/.local/lib/python3.8/site-packages/stix2/base.py", line 198, in init
self._check_property(prop_name, prop_metadata, setting_kwargs)
File "/home/user/.local/lib/python3.8/site-packages/stix2/base.py", line 110, in _check_property
six.raise_from(
File "", line 3, in raise_from
stix2.exceptions.InvalidValueError: Invalid value for MalwareAnalysis 'analysis_started': must be a datetime object, date object, or timestamp string in a recognizable format.
The issue was caused by importing AV results in the wrong format. Solved