Closed securitiz closed 3 years ago
Hey @securitiz
The STIX file you uploaded seems to be faulty. If you run the official stix2_validator
with your STIX file, then this is the output:
$ stix2_validator EmergingRansomware_20210903.json
================================================================================
[-] Results for: EmergingRansomware_20210903.json
[X] STIX JSON: Invalid
[X] Fatal Error: 'NoneType' object has no attribute 'islower'
From what I saw during a quick test, is that the indicator_types
values are wrong.
"indicator_types": [
null
],
A quick side note: The STIX file parsing is done using the official STIX2 python library and the connector only handles everything around (ingestion, report updating, ...). https://github.com/OpenCTI-Platform/connectors/blob/ed21f982660e36ce193b2aab9fea15bf4264af09/internal-import-file/import-file-stix/src/import-file-stix.py#L37
Regards,
Thanks @nor3th , this feedback was very helpful. I'll close this issue, I figured it out. I do want to ask what you meant by the side note. Aka - what is not being handled that I might be concerned about?
Hey @securitiz
Great :) What I wanted to say with that side note was that if something breaks with that connector, it's exceptionally not our fault and the stix people are able to be blamed. Contrary to most of the other connectors, where it is most likely up to us to fix something ;P
Regards,
Description
Upon importing a seemingly valid STIX json bundle from Alienvault, the importer returns an error:
After removing every instance of the spec_version property, the error was:
As far as I can tell from STIX documentation, all of these properties are legitimate. Please let me know if there is an issue with the STIX data (attached), or if this is a bug.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
STIX data parsed :)
Actual Output
Error: see above
Additional information
EmergingRansomware_20210903.txt
^note, changed from .json to .txt extension so I could upload to Github
Screenshots (optional)