search

MISP / MISP-STIX-Converter

A utility repo to assist with converting between MISP and STIX formats
GNU Lesser General Public License v3.0
64 stars 31 forks source link

Problem with IPv4 Objects #44

Open chrisanag1985 opened 2 years ago

chrisanag1985 commented 2 years ago

Hello. when converting an MISPEvent to STIX when it finds ip-src or ip-dst it doesn't put the attribute category="ipv4-addr", so when the SIEM QRadar tries to obtain IP STIX Events it doesn't understand it so it skips these type of events. When i manually add the category it can understand them and consumes them.

thank you.

chrisanag1985 commented 2 years ago

I fixed it by adding in the buildSTIXAttributes.py 

if type_ == "ip-src":
          ....
          addr.category = "ipv4-addr"
          ....

elif type_ == "ip-dst":
          ....
          addr.category = "ipv4-addr"
         ....

#also i edited the followings 

elif type_ == "domain":
   ....
   dn.type_ = "FQDN"
   ....

elif type_ in ["url","uri"]:
   .....
  url.type_ = "URL"
  .....

can we add it to the main branch?