Closed xg5-simon closed 7 years ago
Fixed - STIX moved their ThreatActor class from common
to core
for some reason
Just run a git pull and you'll be sorted :)
oops, misclicked. Let me know if all works out :)
Still getting the same attribute error on a fresh install. I'll take a closer at the STIX packages today.
Oops, yeah, I screwed up. Try pulling again ;)
Different error this time. TypeError: argument of type 'MISPAttribute' is not iterable
/usr/local/lib/python3.4/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'str' object.
warnings.warn(msg)
Traceback (most recent call last):
File "/usr/local/bin/misp-to-stix.py", line 5, in
Fixed - seems when we migrated to MISPEvent one conversion line got missed :)
Nice! Can confirm threat-actor attribute is working.
I use this MISP-STIX-Converter a lot, so happy to test when needed.
misp@misp:/home/MISP-STIX-Converter/misp_stix_converter$ misp-to-stix.py -i 538 /usr/local/lib/python3.4/dist-packages/stix/utils/deprecated.py:48: UserWarning: The use of this field has been deprecated. Received 'str' object. warnings.warn(msg) {"observables": {"minor_version": 1, "major_version": 2, "update_version": 0}, "stix_header": {"title": "My Test Event"}, "campaigns": [{"related_ttps": {}, "timestamp": "2017-01-10T21:44:18.459980+00:00", "related_packages": {}, "id": "example:campaign-da0df256-e9df-4705-9ea6-e639d04058e7", "title": "Example Campaign", "related_incidents": {}, "related_indicators": {}}], "ttps": {"kill_chains": {}}, "id": "example:Package-d0dcc118-ec35-4cc6-ad0c-e3b3db9179bd", "threat_actors": [{"associated_actors": {}, "title": "Example Threat Actor", "timestamp": "2017-01-10T21:44:18.460537+00:00", "associated_campaigns": {}, "related_packages": {}, "observed_ttps": {}, "id": "example:threatactor-010c2aad-d860-4d63-a070-82c8bd00ad90"}], "version": "1.2", "indicators": [{"related_campaigns": {}, "suggested_coas": {}, "timestamp": "2017-01-10T21:44:18.457551+00:00", "kill_chain_phases": {}, "sightings": {}, "related_packages": {}, "id": "example:indicator-397bb2f5-79a5-479e-a328-ced40c0904cd", "observable": {"title": "IP Source", "object": {"properties": {"is_source": true, "is_destination": false, "address_value": "8.8.8.8", "xsi:type": "AddressObjectType"}, "id": "example:Address-d7b97ed8-c4bd-4ede-9c71-82f74c8de1bc"}, "id": "example:Observable-ad7bbe88-babc-43a0-bdfe-ddf23449135d"}, "related_indicators": {}}]} misp@misp:/home/MISP-STIX-Converter/misp_stix_converter$ pip3 list | grep -i stix misp-stix-converter (0.2.7) stix (1.2.0.2) cybox is terrible
Receive the following when converting MISP to STIX with a threat-actor type. Exporting the same event without a threat-actor type is successful. Same behaviour with campaign-name.