Open RichieB2B opened 7 years ago
Sounds good to me, sadly we need to use ns_dict to avoid issues with the framing system so indeed, injecting a custom namespace via a parameter when calling the script sounds like the cleanest option.
STIX best practices
Pretty sure this involves not using STIX tbh
One solution I see is to pass the required format (json/xml) to MISPtoSTIX() along with the custom namespace. Or is there a better way to deal with this?
It does make sense to maintain one single converter for sure - this sounds like the best way to go about it - if we're calling it from the shell we can just add a flag for it
:flags: are cool
I wanted to die more than usual so I did this as I was already insane
I am horrified to announce that
--format FORMAT The output format [JSON/XML]. Default JSON.
--stix-version STIX_VERSION
Set the STIX output version. Default 1.2.
--namespace NAMESPACE
Set the output namespace
--ns-alias NS_ALIAS Set the NS alias
are all valid flags on the converter now.
Example
misp-to-stix.py -i 5670 --namespace "https://please-just-end.me" --ns-alias "killme" --format xml
Should work
oh well the script does
you want the function to use it
EHHHH
once more unto the breach
once more
:(
Wow, https://github.com/MISP/MISP-STIX-Converter/commit/01a30bd993e4751747044d4b99994aaf26c3dbb4 looks a lot simpler than what I had in mind. Will try to test it next week.
I'm preparing a patch for this (and other STIX best practices) but one mayor issue is that currently MISPtoSTIX() returns a STIXPackage and lets the main program do the to_xml() call. Since a custom namespace is defined by using the ns_dict parameter of to_xml() this complicates things quite a lot.
One solution I see is to pass the required format (json/xml) to MISPtoSTIX() along with the custom namespace. Or is there a better way to deal with this?