MISPtoSTIX() uses example XML namespace

[RichieB2B]

I'm preparing a patch for this (and other STIX best practices) but one mayor issue is that currently MISPtoSTIX() returns a STIXPackage and lets the main program do the to_xml() call. Since a custom namespace is defined by using the ns_dict parameter of to_xml() this complicates things quite a lot.

One solution I see is to pass the required format (json/xml) to MISPtoSTIX() along with the custom namespace. Or is there a better way to deal with this?

[iglocska]

Sounds good to me, sadly we need to use ns_dict to avoid issues with the framing system so indeed, injecting a custom namespace via a parameter when calling the script sounds like the cleanest option.

[FloatingGhost]

STIX best practices

Pretty sure this involves not using STIX tbh

One solution I see is to pass the required format (json/xml) to MISPtoSTIX() along with the custom namespace. Or is there a better way to deal with this?

It does make sense to maintain one single converter for sure - this sounds like the best way to go about it - if we're calling it from the shell we can just add a flag for it

:flags: are cool

[FloatingGhost]

I wanted to die more than usual so I did this as I was already insane

I am horrified to announce that

  --format FORMAT       The output format [JSON/XML]. Default JSON.
  --stix-version STIX_VERSION
                        Set the STIX output version. Default 1.2.
  --namespace NAMESPACE
                        Set the output namespace
  --ns-alias NS_ALIAS   Set the NS alias

are all valid flags on the converter now.

Example

 misp-to-stix.py -i 5670 --namespace "https://please-just-end.me" --ns-alias "killme" --format xml

Should work

[FloatingGhost]

oh well the script does

you want the function to use it

EHHHH

[FloatingGhost]

once more unto the breach

once more

:(

[RichieB2B]

Wow, https://github.com/MISP/MISP-STIX-Converter/commit/01a30bd993e4751747044d4b99994aaf26c3dbb4 looks a lot simpler than what I had in mind. Will try to test it next week.