search

muchdogesec / txt2stix

txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
https://www.dogesec.com/
Apache License 2.0
22 stars 3 forks source link

Check extraction type exists, if not throw error #21

Closed himynamesdave closed 2 months ago

himynamesdave commented 2 months ago

Currently i can run --use_extractions with any value.

This is problematic, as it's not clear if user is using a non-existant extraction (see command below)

Check the --use_extractions value passed are actually valid. If one is invalid, do not continue with script run 

(txt2stix-venv) dgreenwood@Davids-MBP-2 txt2stix % python3 txt2stix.py \
        --relationship_mode standard \
        --input_file tests/inputs/extraction_types/generic_ipv4_address_only.txt \
        --name 'Test 3.1.1 pattern_ipv4_address_only' \
        --tlp_level clear \
        --confidence 100 \
        --use_extractions aaa                     
04-Aug-24 09:28:05 [txt2stix] [INFO] Saving log to `/Users/dgreenwood/Documents/repos/dogesec/txt2stix/logs/logs-a64f6e56-6ed0-4d60-bef7-c17e45cf192c.log`
04-Aug-24 09:28:05 [txt2stix] [INFO] =====================txt2stix======================
04-Aug-24 09:28:05 [txt2stix] [INFO] Arguments: ["--relationship_mode", "standard", "--input_file", "tests/inputs/extraction_types/generic_ipv4_address_only.txt", "--name", "Test 3.1.1 pattern_ipv4_address_only", "--tlp_level", "clear", "--confidence", "100", "--use_extractions", "aaa"]
04-Aug-24 09:28:05 [txt2stix] [INFO] Writing bundle output to `output/bundle--22cf5729-4a7b-5bdd-bf25-dbeddb6fff99.json`