Exception Encountered When Using output_format="stix"

[slincoln-aiq]

Specifying output_format="stix" when converting a rule or collection via the backend results in an exception being raised. Example below using pySigma v0.9.11:

from sigma.backends.stix import stixBackend
from sigma.pipelines.stix import stix_2_0
from sigma.rule import SigmaRule

sigma_rule = SigmaRule.from_yaml(
    """
    title: Test 
    description: Test
    logsource:
        category: process_creation
        product: windows
    detection:
        selection:
            CommandLine: ValueA
        condition:
            selection
""")

backend = stixBackend(processing_pipeline=stix_2_0())

print(backend.convert_rule(sigma_rule, output_format="stix"))

Exception: AttributeError: 'stixBackend' object has no attribute 'finalize_query_stix' (while finalizing query for rule None)

I see that the backend has the method finalize_output_stix(), but it needs to have finalize_query_stix().

[barvhaim]

thanks @slincoln-aiq , will look into