Closed bond-alexander closed 8 years ago
The STIX error is referring to the @version
attribute on the STIX_Package
element, not the XML version.
EDIT: I just realized you said there is a version on the STIX Package as well. Can you provide that as well?
It's supposed to be @version
? That might be the problem, this package just says version
.
<stix:STIX_Package id="CISCP:IB-14-10492" version="1.0">
Sorry for the confusion; I used the "@" notation to signify that it was an attribute (as opposed to an element).
Based just on what you've pasted, it seems like it should work (or at least give a different error... 1.0 is pretty old and I'm not sure if CRITs still supports it). Unfortunately, I don't have a good way to test at the moment; hopefully someone else will be able to help.
CRITs supports STIX 1.1. STIX isn't backwards compatible so we won't be able to support previous versions at this time. On Fri, Nov 7, 2014 at 5:09 PM Greg Back notifications@github.com wrote:
Sorry for the confusion; I used the "@" notation to signify that it was an attribute (as opposed to an element).
Based just on what you've pasted, it seems like it should work (or at least give a different error... 1.0 is pretty old and I'm not sure if CRITs still supports it). Unfortunately, I don't have a good way to test at the moment; hopefully someone else will be able to help.
— Reply to this email directly or view it on GitHub https://github.com/crits/crits/issues/302#issuecomment-62222734.
Makes sense. Could we get a more accurate error message?
Iirc you'd have to ask the STIX folks :)
Oh, the "no version attribute" message is created by the STIX library, not CRITs? Guess I need to report it to them.
I took the liberty of bouncing this over to the STIX library: https://github.com/STIXProject/python-stix/issues/226
Just a heads up on the STIX backwards compatibility front: though it's in alpha now, the stix-ramrod library can update STIX content and was built with python-stix in mind.
I know this is an old issue but I've just recently ran into this, and these IT-ISAC stix files are using a custom header that is not STIX compliant, there is a couple of simple edits that need to be done and they'll import just fine, the consolidated CISCP files are another story and I believe that's what stix-ramrod is for (awesome name btw).
@SyntaxGeek could you share those edits on the IT-ISAC forum? I'm having the same issue.
CybOX/STIX are no longer a part of core. They are a part of the TAXII service and if there are issues now that the code has moved, new ones should be created in the crits_services
Issue tracker.
I'm trying to import a STIX file from IT-ISAC into CRITs, but when I try to import it, it gives the following error:
The problem is that there is a version set on the XML tag, and in the stix:STIX_PACKAGE tag.
Why would CRITs be unable to recognize the version tag?