MISP to STIX converter using a single indicator for all attributes

MISP / MISP-STIX-Converter

A utility repo to assist with converting between MISP and STIX formats

GNU Lesser General Public License v3.0

64 stars 31 forks source link

MISP to STIX converter using a single indicator for all attributes #22

Closed iglocska closed 7 years ago

iglocska commented 7 years ago

Currently (unless I am mistaken), all attributes are added as observables to a single indicator during the conversion (https://github.com/MISP/MISP-STIX-Converter/blob/master/misp_stix_converter/converters/convert.py#L67), however this is most of the time not correct for the actual data. Each attribute should be treated as a separate indicator with 1-2 observables each (For example a filename|sha1 type would translate to an indicator with 2 observables).

FloatingGhost commented 7 years ago

don't wanna :<

eh but I guess I have to. It makes sense.

Shouldn't be too hard I guess. Just tedious.

iglocska commented 7 years ago

Sorry <3

iglocska commented 7 years ago

Perfect, thanks!