incident_ext = IncidentCoreExt(investigation_status="new",
blocked=False,
malicious=True,
criticality=1,
incident_types=["confirmed"],
#TODO: fix the new vocabulary
impacted_entity_counts=EntityCountObject(individual=100,group=70,system=30),
recoverability="regular",
#TODO: this should be a list here
scores=IncidentScoreObject(name="SOC scoring",value=6,description="Severity is 6/10"),
task_refs=[],
event_refs=[],
impact_refs=[],
notes_refs=[],
evidence_refs=[])
Then to connect this extension to the object, the correct dict key must be known, so
DICT_KEY = "extension-definition--ef765651-680c-498d-9894-99799f2fa126"
incident = Incident(name="An example incident with human triggered suspicious email",
description="A user has reported a suspicious phishing email, possibly a company wide campaign",
extensions={DICT_KEY :incident_ext})
Task
Create a syntactic sugar function the converts the extension class name, to the stix dict-key name. The conversion for this object type is contained in the object_conversion.json
Aim
Issue
A google collab shows https://colab.research.google.com/drive/178YmSXtUgk-9lNm0suCMOYC0zeRS88iQ?usp=sharing that a common step is to create the extension object, like so
Then to connect this extension to the object, the correct dict key must be known, so
Task
Create a syntactic sugar function the converts the extension class name, to the stix dict-key name. The conversion for this object type is contained in the object_conversion.json
The function must look through all of the sub-object conversion records, and convert between the "class" field, and the "type" field, so