Workflow

Misp-stix

Latest version: v2.4.196.1

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 4

2.4.174

Changes

* [poetry] Bumped lock file. [Christian Studer]

* [stix import] Simplified data path. [Christian Studer]

* [tests] Updated tests for sightings import. [Christian Studer]

- Also changed some sample to have different order
with Identity objects in order to test properly
our recent changes on loading and converting the
sightings, which purpose was to avoid issues
with the STIX objects order

* [stix2 import] Updated the External STIX 2 Identity objects mapping to MISP `organization` objects following recent updates on that template. [Christian Studer]

* [readme] Updated MISP collections to STIX 1 export example. [Christian Studer]

* [readme] Updated usage documentation following recent changes on the command-line feature and some helper methods. [Christian Studer]

* [poetry] Bumped latest dependencies. [Christian Studer]

Fix

* [stix2 import] Differenciating between internal and external stix content regarding the external references handling. [Christian Studer]

* [tests] Fixed tests for vulnerability cluster import following recent changes on the meta fields. [Christian Studer]

* [stix2 import] Fixed vulnerability cluster meta fields parsing. [Christian Studer]

* [tests] Fixed the vulnerability clusters meta tests according to the latest changes on the external id (cve) field parsing. [Christian Studer]

* [stix2 export] Fixed vulnerability clusters meta fields parsing. [Christian Studer]

* [stix2 export] Fixed `malware_types` fields & added missing method for `threat_actor_types` parsing. [Christian Studer]

* [stix2 import] Added missing `annotation` object metadata parsing. [Christian Studer]

* [tests] Removed some results writing in files which were used at some point for debugging purposes and forgotten in the code vastness. [Christian Studer]

* [stix2 import] Shorter obervable types extraction while still including the recent fix to avoid issues with observables that are of `dict` type. [Christian Studer]

* [stix1 export] Fixed backward compatibility with old object templates. [Christian Studer]

* [stix2 export] Fixed backward compatibility with old object templates. [Christian Studer]

* [stix import] Sanitised the import variables declaration to avoid issue with wrong value format. [Christian Studer]

* [command-line] Fixed results message. [Christian Studer]

* Observable type access for dict type. [Sura De Silva]

* [stix2 import] Typo within the Opinion objects loading method. [Christian Studer]

* [stix2 import] Better handling of MISP Sightings import. [Christian Studer]

- Storing `Sighting` & `Opinion` objects instead
of converting them to MISP Sightings while
loading them, because in some cases we need the
information of the related org, which is not
always already loaded when the need its info
- We convert the STIX objects to Sightings at the
end while we loop over the different references

* [stix2 import] Better `Identity` object's identity class field handling. [Christian Studer]

* [stix2 import] Using the Galaxy Cluster adding method to add cluster instead of appending it the the list of clusters. [Christian Studer]

Other

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:misp/misp-stix. [Christian Studer]

* Merge pull request 45 from SYNchroACK/fix/wrong-import. [Christian Studer]

Fix wrong stix observables import

* Fix wrong stix observables import. [Tomas Lima]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Wip: [stix2 import] Updated the import conversion of internal STIX 2.x Identity objects to better support recent changes on the `organization` template. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge pull request 46 from dragsu/fix-observable-access-dict-type. [Christian Studer]

fix: `type` access for dict type Observables

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [stix2 import] Importing Identity objects with `identity_class` set to organization as `organization` object. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [stix2 import] Adding relations between galaxy clusters. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

Contributions
* fix: `type` access for dict type Observables by dragsu in https://github.com/MISP/misp-stix/pull/46
* Fix wrong stix observables import by SYNchroACK in https://github.com/MISP/misp-stix/pull/45

New Contributors
* dragsu made their first contribution in https://github.com/MISP/misp-stix/pull/46

**Full Changelog**: https://github.com/MISP/misp-stix/compare/v2.4.172...v2.4.174

2.4.172

Changes

* [poetry] Updated dependencies. [Christian Studer]

* [package] Bumped version. [Christian Studer]

* [misp_stix_converter] Changes on the command line feature. [Christian Studer]

- Cleaner separation between the 2 main features,
export & import, as well as cleaner arguments
in general
- Better handling of the messages returned by the
helper methods that are call by the command
line feature

* [tests] Updated STIX 1 export sample result files. [Christian Studer]

* [tests] Added new tests and changes on the collections export as STIX 2. [Christian Studer]

* [stix2 import] Added the `debug` argument to the `stix_2_to_misp` helper. [Christian Studer]

- We return the error and warning messages only
when the `debug` flag is set

* [stix2 import] Added more result details and arguments to the `stix_2_to_misp` helper that converts a STIX file to MISP format. [Christian Studer]

- We added all the arguments needed in both the
declaration of the STIX 2 to MISP parser and the
stix bundle parsing call
- We have a more detailed return message that
gives not only a success message, but also the
errors and warnings

* [stix1 export] We don't instantiate the MISP to STIX 1 Mappings anymore and use the classmethods directly. [Christian Studer]

* [stix1 export] Turned the MISP to STIX 1 Mapping properties into classmethods and made it usable in an uninstantiated way. [Christian Studer]

* [stix2 export] Using the uninstantiated MISP to STIX 2 mappings classmethods. [Christian Studer]

* [stix2 export] Converted STIX 2 Mappings methods into classmethods. [Christian Studer]

* [stix2 import] Improved the internal STIX 2 to MISP mapping. [Christian Studer]

- The `InternalSTIX2toMISPMapping` class is no
longer instantiated
- We're using the different classmethod helpers
- The mapping is then a bit cleaner than before

* [stix2 import] Internal STIX 2 to MISP mapping improved. [Christian Studer]

- Changes on the pattern & observable objects
mapping names
- Reusing mappings that are contained in other ones

* [stix2 import] Changed mapping to not be forced to instantiate them. [Christian Studer]

* [stix export & import] Made the parent parser classes abstract. [Christian Studer]

- As the children classes should be called anyways

* [poetry] Changed pymisp dependency back to the pypi version. [Christian Studer]

* [misp-galaxy] Bumped latest version. [Christian Studer]

* [package] Latest version aligned with MISP. [Christian Studer]

* [poetry] Updated dependencies. [Christian Studer]

* [misp-galaxy] Bumped latest version. [Christian Studer]

* [stix2 import] Changed the `Marking Definition` loading process. [Christian Studer]

Fix

* [import] added missing import. [iglocska]

* [tests] Removed unused imports. [Christian Studer]

* [tests] Fixed STIX 1 export result samples. [Christian Studer]

* [misp_stix_converter] Fixed helpers import - using the method names recently changed. [Christian Studer]

* [stix export] Fixed arguments to give from the command line feature to the STIX export helpers. [Christian Studer]

* [stix2 export] Fixed footer for collections export as STIX 2. [Christian Studer]

* [tests] Updated tests for STIX 1 export helpers. [Christian Studer]

* [stix1 export] Fixed Package header writting for methods used to replicate the MISP pagination - used with collections export helpers. [Christian Studer]

* [stix1 export] Reusing methods from the framing to generate packages (& handling namespaces) [Christian Studer]

* [stix1 export] Handling cases when there is no STIX header. [Christian Studer]

- In this specific case, the STIX package in XML
format is a single xml tag with the included
`/` closing character... so we remove it
- ( JSON >>>>> XML definitely :) )

* [stix1 export] Added option to generate a Package with no header. [Christian Studer]

* [stix1 export] Fixed the creation process of the STIX package used to serve as container for related packages. [Christian Studer]

* [stix export] Made STIX framing methods more modular. [Christian Studer]

* [stix2 export] Returning the result files in a traceback message as list. [Christian Studer]

* [stix2 export] Fixed some statements in the MISP collections export to STIX 2 helper. [Christian Studer]

- Including fixes on:
- the single file handling (regarding the single
file name)
- the default directory for collections export
results
- the input files argument of the function

* [stix1 export] Fixed arguments passed to the MISP collections export to STIX 1. [Christian Studer]

* [stix1 export] Added a use case to support the use of the events collection export even with a single file. [Christian Studer]

* [stix1 export] Fixed name for the result STIX 1 event collections export & added a missing traceback. [Christian Studer]

* [stix1 export] Making sure we avoid exceptions with the fails catching on traceback messages. [Christian Studer]

* [stix2 import] Better handling of the `single_event` variable inside of the STIX 2 to MISP parser. [Christian Studer]

* [stix2 import] Fixed external STIX 2 `email-message` observable & pattern mapping. [Christian Studer]

* [stix2 import] Added missing `campaign` type in the list of STIX object types to look for. [Christian Studer]

* [stix2 import] Fixed the observable registry key values parsing in case of a single key imported as `regkey|value` attribute. [Christian Studer]

* [stix2 import] Catching parsing issues that appear while the STIX file is loaded. [Christian Studer]

* [stix export] Galaxies mapping are now also using the uninstantiated mapping classmethods. [Christian Studer]

* [tests] Using the uninstantiated mapping classes with their classmethods. [Christian Studer]

* [stix2 import] Fixed the `from_misp` test that defines whether a STIX file has been generated with the MISP to STIX conversion feature or not. [Christian Studer]

* [stix2 import] Fixed the email or IP address observable objects from internal STIX content parsing. [Christian Studer]

- Could fail previously with some content generated
from a previous version of the MISP to STIX
conversion feature

* [stix2 import] Fixed marking definition parsing, as we store the tag and not the marking definition object. [Christian Studer]

* [tests] Fixed tests to avoid issues with STIX 2 to MISP mappings, following the recent changes on them. [Christian Studer]

* [stix2 import] Revert change to fix the pattern assertion operator check. [Christian Studer]

- Revert of a part of the code that was staged for
a previous commit while it should not have been
- For now the pattern assertion check will remain
as is even tough there is an ongoing work to
improve it.

* [stix2 import] Fixed missing variable name change. [Christian Studer]

* [stix2 import] Using non instantiated external STIX 2 to MISP mapping. [Christian Studer]

- Same changes as for the internal mapping

* [stix2 import] Removed unused variables & mapping fields. [Christian Studer]

* [stix2 import] Properly transformed the external STIX 2 to MISP mapping methods into classmethods. [Christian Studer]

- Followed the model used in the internal mapping
to have pattern mappings that are waiting for a
field to return the associate value in the
mapping, or observable object mappings that we
loop on in order to check each field

* [stix2 import] Removed unused mapping method. [Christian Studer]

* [stix2 import] Removed unused imports. [Christian Studer]

* [stix2 import] Fixed some mapping dictionary names. [Christian Studer]

* [stix2 export] Fixed fail on copy pasting the generic galaxy mapping update for STIX 2.0. [Christian Studer]

* [stix2 export] Parsing `stix2-pattern` objects. [Christian Studer]

- As they were missing in the export mapping, they
were exported as custom objects, but we simply
have to take the pattern and export it as is,
like we do for sigma or yara patterns for
instance in STIX 2.1
- In this case, it applies to both STIX 2.0 & 2.1

* [stix2 export] Made the `created` & `modified` fields in custom galaxy objects optional. [Christian Studer]

* [stix2 export] Using the property for `identity_id` instead of the 'private' variable. [Christian Studer]

* [stix2 export] Same as the previous commit, for standalone attributes from feeds. [Christian Studer]

* [stix2 export] Fixed the orgc parsing for attributes collections. [Christian Studer]

- The `created_by_ref` values were missing on all
objects because the statement used to wait for
a value where the recent changes made the
related method return nothing anymore

* [stix2 export] Better Orgc & info handling for instance when they are empty. [Christian Studer]

* [stix2 export] Avoiding issues with unset `timestamp` value in MISP Event. [Christian Studer]

* [stix2 export] Checking `Orgc` fields before trying to generate the Identity object which will be used as `created_by_ref` object reference. [Christian Studer]

* [stix2 import, tests] Fixed the galaxy & cluster version. [Christian Studer]

- Forgot that `strip` works only at the beginning
and the end of the string............

* [tests] Removed unused import. [Christian Studer]

* [stix2 import] To avoid any possible issue in MISP with float version, we just made the generic Galaxies & Clusters version int. [Christian Studer]

* [tests] Fixed Galaxies & Clusters tests following all the recent changes on generic conversion from STIX 2.0 & 2.1. [Christian Studer]

* [stix2 import] Fixed the galaxy creation method for external STIX content to avoid issues with `region` and `country` galaxies. [Christian Studer]

* [stix2 import] Fixed the clusters creation method to avoid issues with unassigned cluster value. [Christian Studer]

* [stix2 import] Added missing `self` param in the clusters creation method. [Christian Studer]

* [stix2 import] Syntax fixed in f-string. [Christian Studer]

* [stix2 import] The Galaxy args creation is better and handles some of the formerly missing required field to validate a Galaxy in MISP. [Christian Studer]

* [stix2 import] Quick improvement on a `hasattr` that can be directly replaced by a `getattr` with a default value. [Christian Studer]

* [stix2 import] Fixed the generic info method. [Christian Studer]

- The way it is implemented, it has to be a
property rather than a classmethod in order to
avoid the info field to be null because as a
classmethod, the returned value was a bound
method

Other

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Merge pull request 42 from MISP/dev. [Christian Studer]

A few changes and improvement

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Fix; [stix export] Fixed fail messages as the command line feature wants lists. [Christian Studer]

* Fix; [stix1 export] Fixed the input files argument for the collections export as STIX 1 helpers. [Christian Studer]

* Wip: [stix2 import] Enhanced STIX 2 import helper. [Christian Studer]

* Wip: [stix2 export] Enhanced STIX 2 export helpers. [Christian Studer]

* Wip: [stix1 export] Enhanced the STIX 1 export helper features. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [stix2 export] Added the generic galaxy types to the galaxies export mapping for STIX 2.0 & 2.1. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [stix2 import] Added the `sharing_group_id` field to add this value when the `distribution` level for the event is 4. [Christian Studer]

* Add: [tests] Quickly testing default distribution on events. [Christian Studer]

* Wip: [stix2 import] Adding the MISP Event `distribution` field to the events we generate as result of the conversion from STIX. [Christian Studer]

- For now implemented for STIX 2

* Wip: [stix2 import] Added `namespace` and `icon` value for the Generic galaxies converted from external STIX objects. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [tests] Added unit tests for generic galaxies & clusters - uuids & version are tested. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [stix2 import] Better Galaxy Clusters creation to include some of the fields required for MISP to validate clusters. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

What's Changed
* A few changes and improvement by chrisr3d in https://github.com/MISP/misp-stix/pull/42


**Full Changelog**: https://github.com/MISP/misp-stix/compare/v2.4.170...v2.4.172

2.4.170

Changes

* [misp_stix_converter] Added quick comments & made the `_from_misp` utility available to import from the library. [Christian Studer]

* [misp_stix_converter] Moved the command line feature to `misp_stix_converter.py` to avoid all the related utility functions to be exposed while importing the python library. [Christian Studer]

* [stix2 import] Using the `from_dict` method as much as possible to populate the different MISP Object or Event fields. [Christian Studer]

- It introduces some changes on the format of the
datetime fields which are now properly defined
as datetime with the right format and the
timezone info

* [stix2 import] Extracted the object case handling to make it callable. [Christian Studer]

* [stix2 import] Better STIX objects as Galaxy import handling. [Christian Studer]

- Instead of testing if we have to import the
tag names or the full Galaxy object each time
we parse a single STIX object, we set a variable
from the beginning to redirect to the related
parsing function

Fix

* [stix2 export] Export the `source` of a sighting as `x_misp_source` as defined in the Custom STIX 2.0 object. [Christian Studer]

- Fixes 28

* [stix2 import] Fixed Galaxy parsing as tag names variable typo. [Christian Studer]

* [misp_stix_converter] Removed unused import. [Christian Studer]

* [misp_stix_converter] Better output names handling. [Christian Studer]

* [misp_stix_converter] Some clean-up. [Christian Studer]

* [stix2 import] Added the missing `entrypoin-address` attribute. [Christian Studer]

* [stix2 import] Making sure we won't have MISP objects rejected for having the same UUID. [Christian Studer]

- `pe` & `pe-section` objects are converted from
the same observable object or pattern as the
`file` object that contains them.
If we create the different MISP objects the same
way we do for the file, they will all have the
same UUID and MISP will reject them

* [tests] Updated tests to handle the recent changes on the datetime values format. [Christian Studer]

* [tests] Fixed tests for internal file with pe & sections objects following recent changes on the related parsing functions. [Christian Studer]

* [stix2 import] Fixed `_add_misp_attribute` function called names. [Christian Studer]

* [stix2 import] Updated the `process` object attributes used to force the MISP content being an object to align with the `requiredOneOf` field of the template. [Christian Studer]

* [stix2 import] Fixed STIX 2 Observable objects to MISP mapping for `Domain Name` with `Network Traffic` objects. [Christian Studer]

* [stix2 import] Fixed wrong object attribute mapping. [Christian Studer]

- The PID attribute is not part of the `Registry Key`
object mapping but `Process`

* [stix2 import] Cleaner `unknown pattern mapping warning` handling. [Christian Studer]

* [stix2 import] Quick clean-up on the error & warning messages handling. [Christian Studer]

* [stix2 import] Quick clean-up. [Christian Studer]

* [stix2 import] Fixed the `x509` import from pattern parsing. [Christian Studer]

* [stix2 import] Fixed the `Identity` object parsing. [Christian Studer]

* [tests] Added the missing `sector` galaxy checking function. [Christian Studer]

* [stix2 import] Fixed the internal STIX 2 objects conversion as MISP Galaxy. [Christian Studer]

- We have to check whether the `description` field
does contain the `|` as separation caracter,
because it is not the case for internal
`Identity` objects with the `identity_class`
field set to 'class' imported as `sector` galaxy

* [tests] Fixed the galaxies export tests to avoid issues with potential missing `description` & `meta` fields within the cluster definition. [Christian Studer]

* [stix2 export] Fixed the `sector` galaxy parsing to avoid issues with the `description` field within the galaxy cluster definition. [Christian Studer]

* [stix2 export] Making the sector galaxy export available for both STIX 2.0 & 2.1. [Christian Studer]

Other

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [stix2 import] Better `File` and its pe extensions parsing from patterns. [Christian Studer]

* Wip: [stix2 import] Simplified the patterns mapping. [Christian Studer]

* Wip: [stix2 import] Importing directory objects from stix patterns. [Christian Studer]

* Wip: [stix2 import] Network socket parsing improved. [Christian Studer]

* Wip: [stix2 import] Parsing PE optional headers. [Christian Studer]

- Currently only the entry point address supported

* Wip: [stix2 import] Using `from_dict` to update MISPObjects instead of `update` [Christian Studer]

* Wip: [stix2 import] Improved the `Network Traffic` pattern parsing. [Christian Studer]

* Wip: [stix2 import] Replaced more dict `update` by dict merge. [Christian Studer]

* Wip: [stix2 import] Better and more generic Attributes & Objects add handling. [Christian Studer]

- The `confidence` and `object_marking_refs` STIX
fields are properly handled in one place and
added as single Attribute or each object
Attribute tags

* Wip: [stix2 import] Better attributes dictionaries creation. [Christian Studer]

* Wip: [stix2 import] Added `ip-src` & `ip-dst` attribute definition to be reused in different places. [Christian Studer]

* Wip: [stix2 import] Importing Software objects with the `software` object template. [Christian Studer]

* Wip: [stix2 import] Importing `user-account` objects from STIX 2 User Account objects. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [stix2 import] Converting `Mutex` patterns into `mutex` objects. [Christian Studer]

* Wip: [stix2 import] Handling the exceptions with non existing protocols. [Christian Studer]

* Wip: [stix2 import] Converting `network-traffic` pattern values into `network-connection` objects. [Christian Studer]

- Need to handle the `src` & `dst` refs

* Wip: [stix2 import] Converting pattern with `autonomous-system` values as `asn` object. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [stix2 import] Better import case handling. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [documentation] Auto-generated documetation for `sector` galaxies export. [Christian Studer]

* Wip: [stix2 import] Importing `sector` Galaxies from external `Identity` objects with `identity_class` field set to 'class' [Christian Studer]

* Wip: [tests] Tests for STIX 2 Identity objects converson as `sector` galaxies. [Christian Studer]

* Wip: [stix2 import] STIX 2 `Identity` objects conversion as `sector` Galaxy import. [Christian Studer]

* Add: [tests] Tests for `sector` galaxies export to STIX 2.0 & 2.1. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge pull request 36 from SYNchroACK/new/sectors-galaxy. [Christian Studer]

Handle sectors galaxy

* Add: [stix2 export] Handle sectors galaxy. [Tomas Lima]

What's Changed
* Handle sectors galaxy by SYNchroACK in https://github.com/MISP/misp-stix/pull/36


**Full Changelog**: https://github.com/MISP/misp-stix/compare/v2.4.169...v2.4.170

2.4.169

Overview

- Introducing the first version of a more generic way of parsing Observable objects from different sources.
- as the maintenance and extension of the Observable objects conversion to MISP mapping is a continuous task, some content might be missed in the conversion. Feel free to report any issue using the github issues system.
- Merged pull requests:
- Use MISP event UUID for bundle ID by coolacid in 26
- Fix naive timestamp by SYNchroACK in 35
- Work in Progress to be released soon: STIX 2.0 & 2.1 patterning expressions parsing

Detailed changelog

Changes

* [poetry] Bumped latest dependencies versions. [Christian Studer]

* [package] Updated poetry & pymisp requirement. [Christian Studer]

- In order to better support git dependencies, we
updated poetry because it is required in order
to use git dependencies.
- With the change on poetry we can then use the
git dependency for pymisp - for now

* [package] Bumped version. [Christian Studer]

* [submodules] Bumped latest versions. [Christian Studer]

* [documentation] Regenerated the documentation. [Christian Studer]

* [stix2 export] A quick reuse of an existing SDO creation function. [Christian Studer]

* [documentation] Regenerated the MISP -> STIX documentation with the recent mapping updates. [Christian Studer]

* [documentation] Updated mapping documentation following some recent changes. [Christian Studer]

* [github] Enabling github actions on dev branch. [Christian Studer]

* [poetry, package] Updated python & the library versions. [Christian Studer]

* [github, python] Removing support for 3.7 and added 3.11. [Christian Studer]

Fix

* [stix2 import] Fixed missing imports removed by mistake. [Christian Studer]

* [stix2 import] Some cleanup. [Christian Studer]

- Better readability when possible
- Fixed typing
- Simplified some parts using `getattr` instead of
`hasattr` when possible

* [stix2 import] Fixed duplicate property that was causing issues with the parent class property. [Christian Studer]

* [tests] Fixed the remaining latest datetime/timestamp values that were possibly missing. [Christian Studer]

- Testing `datetime` values - i.e from the
`datetime` python library - instead of str

* [stix2 import] Fixed Marking definition objects handling. [Christian Studer]

- There are still some Marking definition we don't
parse yet - the ones with no `definition_type`
value - and we now properly handle the exception
that appear when we try to look at the ones that
are not loaded

* [stix2 import] Fixed wrong variable name. [Christian Studer]

* [stix2 import] Removed unused variable. [Christian Studer]

* [documentation] Fixed datetime/timestamp values in the ampping documentation. [Christian Studer]

* [tests] Fixed unittests on datetime/timestamp fields/values. [Christian Studer]

* [tests] Made sure all the datetime/timestamp fields/values are properly set in test samples. [Christian Studer]

* [stix2 export] Properly exporting datetime/timestamp fields/values. [Christian Studer]

* [tests] Made some datetime values UTC. [Christian Studer]

* [stix2 export] Fix naive timestamp. [Tomas Lima]

* [tests] Fixed relationships tests to match the recent changes on the default relationship types. [Christian Studer]

* [stix2 export] Typo. [Christian Studer]

- Fixes e918f69 and thus 33 for good this time

* [stix2 export] Fixed default relationships used between SDOs. [Christian Studer]

- The `relationship_specs` mapping dictionary now
only conains default relationships that are
unique between 2 SDOs, if there are at least 2
possible default relationships between 2 SDOs,
we do not know which one to choose
- In that case, or in the case there is no
default relationship known between 2 SDOs, we
us the `related-to` common relationship instead
of `has`
- As a result, this should fix 33

* [stix2 export] Variable name typo. [Christian Studer]

* [tests] Fixed tests for `country` galaxies export as STIX 2.1 Location objects. [Christian Studer]

* [stix2 export] Better `country` galaxy clusters parsing. [Christian Studer]

- We use the description (capitalised) to define
the `Location` name field of the country, and
the value (lower case) as a description, which
should fix 34

* [stix2 import] Avoiding warnings about empty object attribute values while converting Observable objects to MISP. [Christian Studer]

* [stix2 import] Fixed the unix extension parsing from User Account patterns. [Christian Studer]

* [stix2 import] Fixed recently renamed unix extension mapping. [Christian Studer]

* [stix2 import] Trying to fix a python 3.7 syntax issue for the remaining time it is still supported. [Christian Studer]

- 3.8 and above don't complain with the
`*(generator)` statement

* [stix2 import] Fixed the `email` object parsing. [Christian Studer]

* [tests] Fixed tests for the datetime attribute in STIX 2.0 File objects imported as `lnk` MISP objects. [Christian Studer]

* [tests] Fixed tests for STIX 2.0 File objects imported as `lnk` objects. [Christian Studer]

* [tests] Made the datetime fields in the File object - to be imported as `lnk` object - acceptable for STIX 2. [Christian Studer]

* [tests] Fixed the internal STIX 2.0 test samples for `lnk` object import. [Christian Studer]

* [stix2 import] Fixed wrongly set `self` variable. [Christian Studer]

* [stix2 import] Better separation of exceptions during observable objects parsing. [Christian Studer]

* [stix2 import] Some clean-up. [Christian Studer]

- Including:
- a wrong function name fixed
- a better naming for some SDOs parsing
- some unused methods removed

* [stix2 import] Fixed imports. [Christian Studer]

* [stix2 import] A very quick fix on observable mapping error message. [Christian Studer]

* [stix2 import] Fixed imports. [Christian Studer]

* [stix2 import] Fixed the Email Address observable object parsing. [Christian Studer]

* [stix2 import] Avoiding issue while parsing IP addresses patterns with empty list of attributes mapped. [Christian Studer]

* [stix2 import] Reusing the `object_marking_refs` fields parsing in a function. [Christian Studer]

* [stix2 import] Fixed the Location object parsing. [Christian Studer]

* [stix2 import] Correctly handling issues with observable object mapping. [Christian Studer]

* [stix2 import] Fixed the Location object parsing. [Christian Studer]

* [stix2 import] Fixed the pattern & observable types extraction. [Christian Studer]

* [stix2 import] Fixed the `MarkingDefinition` objects parsing function. [Christian Studer]

* [stix2 import] Made the MISP Attributes dict creation more generic and including the `object_marking_ref` field parsing. [Christian Studer]

* [stix2 import] Avoiding issues with Marking-Definition objects with no `definition_type` field. [Christian Studer]

* [stix2 import] Avoiding issues with Report or Grouping object that has no `name` field. [Christian Studer]

Other

* Wip: [stix2 import] Parsing Network Traffic objects. [Christian Studer]

* Wip: [stix2 import] Simplified the email observable objects parsing. [Christian Studer]

* Wip: [stix2 import] Parsing Observed Data with domain & ip observable objects. [Christian Studer]

* Wip: [stix2 import] Importing Software observable objects with the `software` object template. [Christian Studer]

* Merge pull request 35 from SYNchroACK/fix/naive-timestamp. [Christian Studer]

Fix naive timestamp

* Wip: [stix2 import] Converting `WindowsRegistryKey` objects as `registry-key` & `registry-key-value` objects or `regkey` attributes. [Christian Studer]

* Wip: [stix2 import] Parsing User Account Observable objects. [Christian Studer]

* Wip: [stix2 import] Parsing X509 Certificate Observable objects. [Christian Studer]

- Reusing some stuff that is similar as the x509
pattern parsing

* Wip: [stix2 import] Parsing Process observable objects. [Christian Studer]

* Wip: [stix2 import] Made the Observable objects parsing more generic. [Christian Studer]

- Reducing the amount of variables by putting all
the observable objects in one single dictionary.
Instead of using multiple dictionaries for
different object types, we use one and added
generic selection methods instead

* Wip: [stix2 import] Updated the File & Directory observable objects parsing to better support the references between objects. [Christian Studer]

* Revert "fix: [stix2 import] Trying to fix a python 3.7 syntax issue for the remaining time it is still supported" [Christian Studer]

This reverts commit 556c433557e3fb6ba997ef0b7c1c8dd922d19e64.

* Wip: [stix2 import] Converting `Directory` observable objects as the recently added `directory` object template. [Christian Studer]

- Also fixed the observable objects mapping to
MISP for `lnk` objects import

* Wip: [stix2 import] Simplifying the Observable objects conversion with fewer function calls. [Christian Studer]

* Wip: [stix2 import] Properly handling filtering on multiple observable object types. [Christian Studer]

* Wip: [stix2 import] Yield-ing observable objects instead of returning them in a list. [Christian Studer]

* Wip: [stix2 import] Importing EmailMessage Observable objects. [Christian Studer]

* Wip: [stix2 import] Importing File Observable objects in the case of a single field value imported as MISP Attribute. [Christian Studer]

* Wip: [stix2 import] Better "attribute or object" determination for File observable objects, searching for the `extensions` field. [Christian Studer]

* Wip: [stix2 import] Importing MISP `file` objects from File Observable objects. [Christian Studer]

- Also includes the modification of some parsing
functions that are used for multiple Observable
objects

* Add: [tests] Added tests for the time fields recently added into the `file` object template. [Christian Studer]

* Add: [stix export] Included the handling of the object attribute recently added to the `file` object template. [Christian Studer]

- Namely the object attributes mentioned here are:
- `acces-time`
- `creation-time`
- `modification-time`

* Revert "wip: [stix2 export] Simplified the Galaxies mapping" [Christian Studer]

This reverts commit 76f4e6f58fa332e3b9170a20151aca762df16dca.

* Update README.md. [Alexandre Dulaunoy]

Fix documentation for generated website

* Merge pull request 26 from coolacid/main. [Alexandre Dulaunoy]

Use MISP event UUID for bundle ID

* Use f-strings like elsewhere, check for _misp_event to pass tests. [Jason Kendall]

* Use MISP event UUID for bundle ID. [Jason Kendall]

* Wip: [stix2 import] Better Observable objects parsing. [Christian Studer]

* Wip: [stix2 import] Cleaner UUID sanitation in some cases. [Christian Studer]

* Wip: [stix2 import] Better Observable objects exceptions handling. [Christian Studer]

* Wip: [stix2 import] Quick Observable objects parsing improvement. [Christian Studer]

* Wip: [stix2 import] Cleaner way to handle Observable objects import & supporting a few more observable object types. [Christian Studer]

* Wip: [stix2 export] Simplified the Galaxies mapping. [Christian Studer]

* Wip: [stix2 import] Parsing `domain-name` observable objects and reusing some generic observable objects parsing code. [Christian Studer]

* Wip: [stix2 import] Started parsing external STIX 2 observable objects. [Christian Studer]

* Wip: [stix2 import] Parsing `object_marking_refs` field from several STIX objects to import tags in object attributes. [Christian Studer]

**Full Changelog**: https://github.com/MISP/misp-stix/compare/v2.4.168...v2.4.169

2.4.168

Changes

* [stix2 import] Reintroduced the ability to import MISP Galaxies as `tag_names` [Christian Studer]

- Using most of the features that were removed
with 43a3a8a & 3b178eb, with improvements
- Using a parameter to define whether the related
STIX objects should be imported as tag_names.
They are parsed as MISP Galaxy objects otherwise
- The reason to import tag names only is to have
at least some information validated by MISP
using the tag names which in fact are the galaxy
cluster names, since MISP is not able for now to
handle all the different cases for new Galaxy
Clusters: is it a new clusters or an update to
an existing one?
We'll be able to give MISP the Galaxies and
Clusters in standard MISP JSON format when it is
able to fully handle it

* [misp-stix] Updated some aspects of the command line script. [Christian Studer]

- Some parameters are required now
- Introducing the import & export difference (it
is still export only for now since we will
add the required content in the import function)

* [package] Bumped version. [Christian Studer]

* [submodules] Bumped latest submodule versions. [Christian Studer]

* [poetry] Bumped latest locak file. [Christian Studer]

* [stix2 import] Differenciating galaxies parsing between external and internal STIX 2 content. [Christian Studer]

* [stix2 import] Removed some additional data structure layer on the loaded STIX objects. [Christian Studer]

* [stix2 export] Added a `meta` dictionary field to the Custom Galaxy object. [Christian Studer]

- We can now export the `meta` field from a custom
cluster, as it is, in the related field within
the custom STIX object

* [tests] Updated tests for STIX 2 objects imported as MISP Galaxies. [Christian Studer]

* [tests] Updated the samples of STIX 2 objects that are converted as MISP galaxies. [Christian Studer]

- Added some fields to extend the tests
- Removed the unrelevant `kill_chain_phases` fields

* [stix2 import] Properly parsing the different galaxy & cluster fields. [Christian Studer]

* [tests] MISP galaxy types are now documented from the mapping itself. [Christian Studer]

* [stix2 export] Making the mapping classes reachable. [Christian Studer]

- And in that case for example also the galaxy types

* [tests] Updated tests for internal STIX 2 import to prepare the apparition of tests for external STIX 2 import. [Christian Studer]

* [stix2 export] Enhanced the MISP Galaxies to STIX 2 conversion. [Christian Studer]

- More `meta` fields are now supported
- The STIX 2 `external_references` field now
supports the url refs in addition to the
external IDs which were already supported

* [stix2 export] Extended the MISP Galaxies to STIX 2 mapping. [Christian Studer]

* [documentation] Regenerated documentation with the recent changes on mappings. [Christian Studer]

* [documentation] Updated mapping documentation. [Christian Studer]

* [documentation] Regenerated documentation with the recent changes on mappings. [Christian Studer]

* [documentation] Updated mapping documentation. [Christian Studer]

* [stix2 export] Added missing `person` object to the mapping of MISP objects export as STIX 2.0 & 2.1. [Christian Studer]

- This object template was supposed to be supported
for a while...
- It is then now not exported as custom object as
it was before

* [stix2 export] Added missing `person` object to the mapping of MISP objects export as STIX 2.0 & 2.1. [Christian Studer]

- This object template was supposed to be supported
for a while...
- It is then now not exported as custom object as
it was before

Fix

* [misp-galaxy] Bumped latest version. [Christian Studer]

* [stix2 import] Fixed wrong `_create_cluster_args` parameters in some cases. [Christian Studer]

* [stix2 import] Fixed the tests for `region` galaxies import from STIX 2.1 `Location` objects. [Christian Studer]

* [stix2 import] Fixed the `region` Galaxy Cluster value conversion. [Christian Studer]

- In MISP, the `region` galaxy cluster values use
the actual UN M49 names with the area codes. The
codes were not supported before in the STIX 2 to
MISP conversion

* [stix2 import] Fixed issues with `meta` fields in clusters. [Christian Studer]

- We were not able to know whether a `meta` field
initially contained a `-` or an `_` since we
have to use underscore for STIX 2 fields in any
case. We now have a list of meta fields which
should have a `-` to avoid the related issues

* [stix2 import] Fixed the `meta` fields parsing to avoid issues with some undefined (and unnecessary) meta fields mappings. [Christian Studer]

* [stix2 import] Fixed the `accuracy-radius` object attribute mapping. [Christian Studer]

* [stix2 import] Added missing STIX 2 to MISP mapping. [Christian Studer]

* [stix2 export] Using the STIX objects adding function instead of dealing with the private variable. [Christian Studer]

* [stix2 import] STIX 2 import mapping classes renames for more clarity. [Christian Studer]

* [tests] Fixed the tags test to go with the recent changes on some galaxy test samples. [Christian Studer]

* [tests] Added specific testing methods for clusters meta fields. [Christian Studer]

* [tests] Fixed tests for MISP galaxies export as STIX 2, following the recent updates and improvements on their parsing. [Christian Studer]

* [stix2 export] Fixed the `kill_chain` parsing in clusters meta fields. [Christian Studer]

* [stix2 export] Fixed one of the missing attack-pattern object creation that was missed and still using the previous creation function. [Christian Studer]

* [stix2 export] Removed no longer necessary argument of some STIX 2 object creation function. [Christian Studer]

- Which also made unnecessary some of thoses
functions being no longer specific to galaxies

* [stix2 import] Avoiding Custom Objects converted as Attributes to be modified while they are parsed. [Christian Studer]

* [stix2 import] Removed unused Galaxies parsing case. [Christian Studer]

* [stix2 import] Some pycodestyle clean-up. [Christian Studer]

* [stix2 export] Tiny improvement to avoid unused variable in the case of STIX 2.1 export with no Event report. [Christian Studer]

- And a few long lines cleaned up

* [stix2 import] Making sure we cover all the cases while checking if an attribute UUID is valid. [Christian Studer]

- This fixes the object attributes handling in the
case of MISP objects exported as Custom STIX
objects, with invalid UUIDs which were not
correctly handled when we convert the content
back to MISP format

* [stix2 import] Better invalid UUIDs parsing for Custom STIX objects converted as MISP objects. [Christian Studer]

* [tests] Fixed tests for STIX 2.0 registry-key objects import. [Christian Studer]

* [stix2 import] Fixed some loading definitions. [Christian Studer]

* [stix2 import] Fixed variable that should not be self. [Christian Studer]

* [tests] Simply avoiding issues with the custom galaxies not exported in STIX 1 (for now at least) [Christian Studer]

* [tests] Added tests to make sure custom galaxies are correctly exported when embedded in attributes or object attributes. [Christian Studer]

* [stix2 export] Added the missing custom galaxies handler for attributes galaxies. [Christian Studer]

* [stix2 export] Reverted some try/catch bypass used for debugging purposes. [Christian Studer]

* [stix2 export] Clarification on some incomplete MISP Galaxies typing. [Christian Studer]

* [stix2 export] Quick fix & improvement on the custom galaxies export. [Christian Studer]

* [stix2 export] Simply a quick clean-up. [Christian Studer]

* [stix2 export] Fixing the `EventReport` references handling. [Christian Studer]

- When there is no actual reference to a MISP
attribute, object or galaxy in the Event report,
the `object_refs` field is empty, which is not
allowed, so we add a reference to the report or
grouping to avoid raising an exception

* [stix2 export] Fixing the `EventReport` references handling. [Christian Studer]

- When there is no actual reference to a MISP
attribute, object or galaxy in the Event report,
the `object_refs` field is empty, which is not
allowed, so we add a reference to the report or
grouping to avoid raising an exception

* [tests] Fixed tests for `registry-key` objects export as STIX 2.0 following the recent mapping change on the `last-modified` attribute. [Christian Studer]

* [stix2 export] Removed unused import. [Christian Studer]

* [stix2 export] Fixed the `registry-key` object mapping regarding the `last-modified` attribute export as STIX 2.0. [Christian Studer]

* [tests] Fixed tests for `registry-key` objects export as STIX 2.0 following the recent mapping change on the `last-modified` attribute. [Christian Studer]

* [stix2 export] Removed unused import. [Christian Studer]

* [stix2 export] Fixed the `registry-key` object mapping regarding the `last-modified` attribute export as STIX 2.0. [Christian Studer]

* [stix2 import] Avoiding issues with identifiers in compiled patterns. [Christian Studer]

- When `[*]` is part of a pattern,the related
identifiers contain a non str element which
used to break the related exception handling

* [stix2 import] Fixed the hash types handling while parsing patterns. [Christian Studer]

* [tests] Removed the `person` object from the tests for custom objects export as STIX 1. [Christian Studer]

- Following changes on the `person` object export
and its removal from the tests samples for
custom objects

* [tests] Added tests for `person` objects export as STIX 2 & fixed tests on object references. [Christian Studer]

* [stix2 export] Added missing `ObjectReference` checking for objects exported as STIX 2 Identity objects. [Christian Studer]

* [tests] Removed the `person` object from the tests for custom objects export as STIX 1. [Christian Studer]

- Following changes on the `person` object export
and its removal from the tests samples for
custom objects

* [tests] Added tests for `person` objects export as STIX 2 & fixed tests on object references. [Christian Studer]

* [stix2 export] Added missing `ObjectReference` checking for objects exported as STIX 2 Identity objects. [Christian Studer]

* [stix2 import] Removed unused import. [Christian Studer]

Other

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [stix import] Enabling the command line use of the library for STIX -> MISP import feature. [Christian Studer]

- Minimal feature with the ability to load STIX
files, and convert each of them to a MISP event

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]

* Wip: [tests] Samples and tests for `country` & `region` galaxies import from external STIX 2.1 `Location` objects. [Christian Studer]

* Wip: [stix2 import] Importing `country` & `region` galaxies from external STIX 2.1 data. [Christian Studer]

* Wip: [tests] Added tests for `country` and `location` galaxies import from STIX 2.1 `Location` objects. [Christian Studer]

* Wip: [stix2 import] Importing `country` & `region` galaxies from STIX 2.1 'internal' `Location` objects. [Christian Studer]

* Add: [tests] Added tests for `country` & `region` galaxies export as STIX 2.1. [Christian Studer]

* Add: [stix2 export] Parsing the `meta` fields from the `country` and `region` galaxy clusters. [Christian Studer]

* Add: [stix2 export] Exporting `country` & `region` galaxies as STIX 2.1 Location objects. [Christian Studer]

* Wip: [stix2 import] Added note for the vulnerability object import from external STIX 2. [Christian Studer]

* Add: [tests] Added some of the common external STIX 2 import content testing. [Christian Studer]

* Add: [tests] Added samples & tests for galaxies import from external STIX 2. [Christian Studer]

* Wip: [tests] Added tests for internal custom galaxy objects import from STIX 2. [Christian Studer]

* Wip: [stix2 import] Parsing internal Custom galaxy objects from STIX 2. [Christian Studer]

* Wip: [stix2 import] Using the MISP Galaxy & Cluster classes to convert STIX objects meant to be galaxy clusters, and no longer using the tag names. [Christian Studer]

* Wip: [stix2 import] Removed the synonyms to tag_names mapping. [Christian Studer]

- We will now use the PyMISP classses to create
galaxies and clusters attached to the related
containers (Event & Attributes)
- The galaxies checking for existing galaxies and
references will be processed in MISP directly

* Wip: [stix2 import] Introducing a new way of parsing content converted into Galaxies. [Christian Studer]

- Still some pieces of the puzzle to add

* Wip: [stix2 import] Handling invalid UUIDs in MISP attributes creation. [Christian Studer]

* Wip: [tests] Added tests for STIX 2 content with invalid UUIDs import. [Christian Studer]

* Wip: [stix2 import] Deeper investigations on invalid UUIDs handling. [Christian Studer]

* Wip: [stix2 import] Handling non RFC UUIDs. [Christian Studer]

* Wip: [stix2 import] A few fixes including the import of Identity classes. [Christian Studer]

* Wip: [stix2 import] Importing generic `identity` objects. [Christian Studer]

* Add: [tests] Added tests for custom Galaxies export as STIX 2.0 & 2.1. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Add: [documentation] Mapping documentation has been updated automatically with the tests for `identity` objects export as STIX 2. [Christian Studer]

* Add: [tests] Tests for `identity` objects export as STIX 2.0 & 2.1. [Christian Studer]

* Add: [stix2 export] Added the `identity` object to the list of supported templates. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]

* Add: [stix export] Handling custom galaxies & galaxy clusters. [Christian Studer]

- The Galaxy clusters export to STIX 1 remains the
same, with some clearer warning messages handling
- Custom clusters within existing galaxies are
exported into the usual existing STIX 2 objects,
and custom galaxies are exported as Custom objects

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Merge pull request 25 from LM-CT/main. [Alexandre Dulaunoy]

Ignore pycache

* Ignore pycache. [Lucas Cloud Target]

* Add: [documentation] Mapping documentation has been updated automatically with the tests for `identity` objects export as STIX 2. [Christian Studer]

* Add: [tests] Tests for `identity` objects export as STIX 2.0 & 2.1. [Christian Studer]

* Add: [stix2 export] Added the `identity` object to the list of supported templates. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Parse_misp_event takes a dict not a JSON. [Alexandre Dulaunoy]

parse_misp_event takes a dict not a JSON

* Wip: [stix2 import] Parsing more patterns. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Wip: [stix2 import] New Exception type for unmapped pattern types. [Christian Studer]

* Wip: [stix2 import] Importing a few more pattern types. [Christian Studer]

* Wip: [stix2 import] Handling STIX 2 pattern values to remove the additional `'` characters. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Wip: [stix2 import] We start parsing STIX 2 patterns from external files. [Christian Studer]

* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]

* Wip: [stix2 import] Moving the pattern parsing to another function specific to STIX patterns (to come next) [Christian Studer]

* Merge branch 'main' into dev. [Christian Studer]

* Fix; [stix2 import] Importing exceptions from the parent directory instead of importing it from the library. [Christian Studer]

* Wip: [stix2 import] Making the STIX 2 pattern parser available to be imported from the library. [Christian Studer]

* Wip: [stix2 import] Making the STIX 2 patterns parser better. [Christian Studer]

2.4.163

Changes

* [package] New version. [Christian Studer]

Fix

* [stix2 export] Avoiding variables to be referenced before they are declared. [Christian Studer]

* [stix2 export] Fixed the Hash values checking. [Christian Studer]

- STIX 2 allows some custom Hash types so we don't
need to consider invalid a hash that is not
in the list of common supported types

* [stix2 export] Some details fixed on errors handling functions. [Christian Studer]

Other

* Fix; [stix2 export] Added missing check for `data` fields from attachment attributes. [Christian Studer]

* Wip: [stix2 export] Checking Hash values for object attributes. [Christian Studer]

* Wip: [stix2 export] More Hash values checking. [Christian Studer]

- We also check now Hash values in the case of a
conversion as Observable objects

* Wip: [stix2 export] Introducing a hash value checking function to avoid issues with invalid hashes. [Christian Studer]

* Wip: [stix2 import] Added some helpers to parse content in STIX 2 patterns. [Christian Studer]

- Loading patterns for now

Page 3 of 4

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.