dd1b
commented
8 months ago I also encounter issues when importing reports from CISA AIS
stix2_to_misp.py, line 1169, in _parse_marking_definition
{ "type": "bundle", "id": "bundle--11356f2b-eefe-48db-a93a-4aa2233e3a51", "objects": [ { "type": "report", "id": "report--5e62f557-17f7-4e60-8a16-89bf244e9e94", "modified": "2024-01-24T00:00:00.021Z", "spec_version": "2.1", "created": "2024-01-24T00:00:00.021Z", "created_by_ref": "identity--7d6fde61-c1b5-4c96-8e98-df01c184e778", "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "marking-definition--868e7e01-c247-59bf-8d50-12fa0ac60230", "marking-definition--3ef0ee08-4dd7-4a36-8b51-c8a79f4114a0" ], "object_refs": [ "sighting--fcf2da6a-b6a6-4cce-a152-1f992ac72451", "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "relationship--ce12fe5a-389a-461a-bcf3-7e371976e355", "indicator--a7a857ba-9596-411b-a6d8-036da72f4b44", "marking-definition--868e7e01-c247-59bf-8d50-12fa0ac60230", "identity--7d6fde61-c1b5-4c96-8e98-df01c184e778" ], "name": "SAMPLE NAME", "published": "2024-01-24T00:00:00.021Z", "description": "SAMPLE DESCRIPTION.", "report_types": [ "threat-report" ] }, { "type": "indicator", "id": "indicator--a7a857ba-9596-411b-a6d8-036da72f4b44", "modified": "2024-01-24T00:00:00.021Z", "name": "FILE_BINARY: f6542a22a748d522f60985f2b55a666e449d0d286bb1f62ab01845ff733bd453", "pattern": "[file:hashes.'SHA-256' = 'f6542a22a748d522f60985f2b55a666e449d0d286bb1f62ab01845ff733bd453' OR file:hashes.'SHA-1' = '4e1b3c967c741d10c14b0266b13f04e19b54269e' OR file:hashes.'MD5' = '42d34a131be2e1495f0ee4d8491c02a8']", "spec_version": "2.1", "created": "2024-01-24T00:00:00.021Z", "created_by_ref": "identity--7d6fde61-c1b5-4c96-8e98-df01c184e778", "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "marking-definition--868e7e01-c247-59bf-8d50-12fa0ac60230", "marking-definition--1fa23da1-32d0-44a3-bf0e-8073e9256964" ], "indicator_types": [ "malicious-activity" ], "pattern_type": "stix", "valid_from": "2024-01-24T00:00:00.021Z" }, { "type": "relationship", "id": "relationship--ced1c147-0f9d-5428-bdde-a8663bd70fb9", "modified": "2024-01-25T07:54:40.023Z", "spec_version": "2.1", "created": "2024-01-25T07:54:40.023Z", "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "marking-definition--f90c9202-17df-5bc5-869e-ce8c0102b3a0", "marking-definition--f01be73c-2022-4e7e-a3a9-94795f9356f0" ], "relationship_type": "indicates", "source_ref": "indicator--72ac0da2-c166-5785-bb78-de4c28cd87b8", "target_ref": "malware--843e8080-2716-5533-af8a-8e11e0f794f4" }, { "type": "sighting", "id": "sighting--5dd0f106-4c34-5dec-8b9a-a76a357aab81", "modified": "2024-01-25T03:55:10.055Z", "spec_version": "2.1", "created": "2024-01-25T03:55:10.055Z", "object_marking_refs": [ "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "marking-definition--f90c9202-17df-5bc5-869e-ce8c0102b3a0" ], "first_seen": "2019-11-18T00:00:00Z", "last_seen": "2024-01-25T00:00:00Z", "sighting_of_ref": "indicator--363f7da7-24d4-57c2-823c-b1644b4eebf9" } ] }
UFOSmuggler
Is your feature request related to a problem? Please describe.
Conversion of STIX 2.1 to MISP seems to drop STIX report objects. MISP event reports seem like a reasonable candidate for textual STIX report objects to be converted to.
Describe the solution you'd like
Components of STIX 2.1 report objects which can be represented in a MISP event report should be convert to MISP event reports.
Describe alternatives you've considered
No response
Additional context
No response
Code of Conduct