STIX_export (STIX1): wrong tags are used for related package.

[Wachizungu]

Work environment

Questions	Answers
Type of issue	Bug
OS version (server)	ubuntu
OS version (client)	Ubuntu
PHP version	7.0.32
MISP version / git hash	2.4.96, 1924af4732297141719a41c5e666f8de291abbfc
Browser	N/A

Expected behavior

Related packages (STIX 1.1.1) should be in stix:Related_Packages and stix:Related_Package tags: http://stix.mitre.org/language/version1.1.1/xsddocs/XMLSchema/core/1.1.1/stix_core.html

Actual behavior

Used tags are stix:RelatedPackages and stix:RelatedPackage respectively.

Steps to reproduce the behavior

Create an event, add some attributes / objects. Export the STIX of the event via /events/stix/download/.

Logs, screenshots, configuration dump, ...

Will try to add screenshot of output STIX showing the tags (seems there's issue with IE).

[RichieB2B]

Are you saying the exported xml file is not valid STIX 1.1.1? What does the STIX validator say?

[Wachizungu]

Indeed,

validator gives the following:

[-] Performing xml schema validation on misp_stix_export_1078.xml

[-] Results: misp_stix_export_1078.xml [!] XML Schema: False [!] misp_stix_export_1078.xml:52:0:ERROR:SCHEMASV:SCHEMAV_ELEMENT_CONTENT: Element '{http://stix.mitre.org/stix-1}RelatedPackages': This element is not expected. Expected is one of ( {http://stix.mitre.org/stix-1}Observables, {http://stix.mitre.org/stix-1}Indicators, {http://stix.mitre.org/stix-1}TTPs, {http://stix.mitre.org/stix-1}Exploit_Targets, {http://stix.mitre.org/stix-1}Incidents, {http://stix.mitre.org/stix-1}Courses_Of_Action, {http://stix.mitre.org/stix-1}Campaigns, {http://stix.mitre.org/stix-1}Threat_Actors, {http://stix.mitre.org/stix-1}Related_Packages ).

[chrisr3d]

This issue has been fixed with 4803c32

Can you please update to the latest version and see if everything is ok ?

[Wachizungu]

Indeed, solved in latest version. Sorry for the late reply.