Changes
* [poetry] Updated poetry config file & lock file to the latest. [Christian Studer]
* [tests] Changed samples used for `email` objects import from STIX 2 Observable objects. [Christian Studer]
* [tests] Updated tests for attributes export as STIX1 URI objects or STIX2 URL objects. [chrisr3d]
* [tests] Added more attributes types to be converted as STIX URL / URI objects. [chrisr3d]
* [stix2 import] Added a reusable function to fetch observable objects. [chrisr3d]
* [tests] Added more hash attribute types to be tested & fixed the tests for thoses attributes export as STIX 1 at the same time. [chrisr3d]
* [stix2 export] Added `link` attribute from the `news-agency` object to the list of contact information fields within the STIX 2 Identity object. [chrisr3d]
* [stix2 import] Enhanced the `vulnerability` object import mapping. [chrisr3d]
* Tests, documentation] Modifying the documentation to keep the shortened data values even if we use the actual files in tests. [chrisr3d]
* [tests] Using the actual attachment files to declare tests samples. [chrisr3d]
* [tests] Preparing some features to be reused with more inheritance from parent classes. [chrisr3d]
* [stix2 export] Updated the `employee` object export as STIX 2 mapping. [chrisr3d]
- Now includes the recently added `full-name`
object relation
* [tests] Deduplication of test code for `attack-pattern` object tests & for some multiple assertion statements. [chrisr3d]
* [tests] Preparing some features to be reused with more inheritance from parent classes. [chrisr3d]
* [tests] Updated tests for `attack-pattern` objects export as STIX 2.0 & 2.1. [chrisr3d]
* [documentation] Re-generated the full documentation with the updated mapping. [chrisr3d]
* [tests, documentation] Populating the automated documentation from attributes & objects export as STIX 2.0 tests. [chrisr3d]
* [documentation] Used the automated documentation update from tests to regenerate the objects export as STIX 2.1 mapping. [chrisr3d]
* [documentation] Used the automated documentation update from tests to regenerate the attributes export as STIX 2.1 mapping. [chrisr3d]
* [documentation] The misp objects mapping to stix21 summary is sanitized. [chrisr3d]
* [documentation] Re-generated the full documentation with the updated mapping. [chrisr3d]
* [tests, documentation] Populating the automated documentation from attributes & objects export as STIX 2.0 tests. [chrisr3d]
* [documentation] Used the automated documentation update from tests to regenerate the objects export as STIX 2.1 mapping. [chrisr3d]
* [documentation] Used the automated documentation update from tests to regenerate the attributes export as STIX 2.1 mapping. [chrisr3d]
* [documentation] The misp objects mapping to stix21 summary is sanitized. [chrisr3d]
* [stix2 import] Made some loading functions specific to each subclass. [chrisr3d]
* [stix2 import] Merged common grouping and report parsing process into on function. [chrisr3d]
- Obviously kept separated what is different
between groupings and reports
* [stix2 import] Better marking refs & labels parsing within Grouping & Report objects. [chrisr3d]
* [stix2 export] Only a quick and non critical change on STIX objects labels. [chrisr3d]
- Labels generated from the conversion of a MISP
object to a STIX 2 objects now have the label
field matching the MISP object `meta-category`
field, where the `category` field is specific to
MISP attributes
* [stix2 export] Just a tiny change to prioritise the object name label. [chrisr3d]
* [tests] Better testing of observable objects ids. [chrisr3d]
* [stix2 export] Added more detail in the converted Artifact objects when they come from the conversion of `malware-sample` attributes. [chrisr3d]
- Supported for both `malware-sample` single
attributes and object attributes within file
objects
- Simply added details like the mime type, and for
STIX 2.1, which supports additional fields
compared to STIX 2.0, also the encryption
algorithm and the decryption key fields
* [stix2 export] Using the `github-user` object parsing function as generic parsing function for other user/account objects. [chrisr3d]
- Like we use a generic function to parse standard
user & account objects, we now have the same
generic function for user & account objects that
have attachment attributes
* [stix2 export] More generic account objects parsing. [chrisr3d]
Fix
* [readme] Updated test commands. [Christian Studer]
* [stix import] Removed unused import. [Christian Studer]
* [cleanup] Some clean up and typing fixed. [Christian Studer]
* [github actions] Added recursive submodules checkout. [Christian Studer]
* [poetry] Fixed non existing dependency version. [Christian Studer]
* [poetry] Updated dependency version. [Christian Studer]
* [poetry] Added missing `codecov` dependency that was removed by error. [Christian Studer]
* [github actions] Typo. [Christian Studer]
* [misp-stix] Typo. [Christian Studer]
* [misp-stix] Fixed a few typos and variable name issues. [Christian Studer]
* [tests] Fixed tests for `email` objects import from indicator objects following the recent changes on the related mapping & parsing. [Christian Studer]
* [stix2 import] Fixed `email` objects mapping & parsing for indicator objects. [Christian Studer]
* [documentation] Updated mapping documentation auto-generated with the recent changes on `email` objects export tests. [Christian Studer]
* [tests] Fixed `email` objects export tests. [Christian Studer]
* [stix2 export] Fixed `user-account` objects export to indicator where characters were not escaped. [Christian Studer]
* [stix2 import] Added missing Observed Data object in the STIX 2.1 email samples. [Christian Studer]
* [tests] Removed print used for debugging. [Christian Studer]
* [tests] Fixed space missing to make pep8 happy. [Christian Studer]
* [tests] Added tests for the content_disposition fields within the email-message objects body_multipart. [Christian Studer]
* [stix2 export] Exporting content disposition in the body_multipart field within email-message objects while exporting email objects as indicator, to keep the object_relation field. [Christian Studer]
* [documentation] Fixed documentation auto-generation by checking the Observed Data version. [Christian Studer]
* [documentation] Regenerated documentation with the recent changes on documentation mapping. [Christian Studer]
* [documentation] Updated documentation mapping for `domain-ip` objects export as STIX 2 Indicators. [Christian Studer]
* [tests] Fixed tests for `domain-ip` objects export as STIX2 Indicators. [Christian Studer]
* [stix2 export] Fixed `domain-ip` objects export as Indicator to avoid confusions. [Christian Studer]
- When `domain` and `hostname` attributes are both
present, we want to avoid confusions between the
domain attribute and the hostname attribute
* [stix2 import] Fixed the `twitter-account` object mapping. [Christian Studer]
* [tests] Added missing credential objects checking functions. [Christian Studer]
* [tests, documentation] Added the missing mapping documentation autogeneration functions. [Christian Studer]
* [misp_stix_converter] A few debugging message fixed. [Christian Studer]
* Fix: [readme] More verbose command-line usage example to please adulau. [Christian Studer]
* [setup] Updated supported python versions. [Christian Studer]
* [poetry] Updated poetry.lock. [Christian Studer]
* [setup] Updated setup & poetry config files. [Christian Studer]
* [documentation] Regenerated documentation to include the recent updates to the documentation mapping. [Christian Studer]
* [tests] Fixed variable name typo. [chrisr3d]
* [stix2 import] Fixed twitter account object mapping. [chrisr3d]
* [documentation] The MISP objects export as STIX 2 documentation mapping has been regenerated with the recent changes on the user & account object samples. [chrisr3d]
* [documentation] The `link` attributes export as STIX 2 documentation has been fixed with the documentation auto-regeneration. [chrisr3d]
* [tests] Fixed tests for user & account objects export as STIX 2. [chrisr3d]
* [stix2 export] Fixed some user & account objects mapping as STIX 2. [chrisr3d]
* [stix2 import] Made pep8 more happy with some code style fixed. [chrisr3d]
* [tests] In STIX 2 samples: getting the data fields by base64-encoding the related files instead of copy-pasting the base64-encoded string. [chrisr3d]
* [stix2 import] Skipping timeline fields parsing for `observed_data` objects when the `first_observed` and `last_observed` values are the same as `modified` [chrisr3d]
* [stix2 import] Avoiding to raise the unknown STIX object exception with a test against a list of observable object types. [chrisr3d]
* [documentation] Updated attributes export as STIX 2 mapping. [chrisr3d]
* [tests] Fixed wrong category for the link attribute export. [chrisr3d]
* [tests] Just a quick function name fix. [chrisr3d]
* [tests] Removed unused variable in some MISP to STIX 1 export features tests. [chrisr3d]
* [documentation] Attributes export as STIX 2 documentation updated following the recent changes on tests. [chrisr3d]
* [stix2 export] Fixed hash attribute types mapping with the `filename|telfhash` type that does not exist. [chrisr3d]
* [tests] For tests using loops over attributes and stix objects, we assert the number of converted attributes first to make sure we do not loop over an empty list (which does not raise any assertion error) [chrisr3d]
* [stix2 export] Simplified the `pe-section` hash attributes handling with only the supported hash types, and no longer the full list of existing hash types. [chrisr3d]
* [documentation] Fixed documentation with non existing attribute type removed. [chrisr3d]
* [tests] Fixed hash attributes tests since `filename|telfhash` is not an existing MISP attribute type. [chrisr3d]
* [tests] Better automation on tests for multiple single attributes export. [chrisr3d]
* [stix2 export] Enhanced the list of supported hash attribute types to be exported. [chrisr3d]
* [tests] Removed utility function that had already been moved in the parent class. [chrisr3d]
* [documentation] Documentation regenerated. [chrisr3d]
* [stix2 import] Added missing imports. [chrisr3d]
* [documentation] Objects documentation mapping fixed. [chrisr3d]
* [documentation] Attributes documentation mapping fixed. [chrisr3d]
* [tests, documentation] Fixed automatic documentation generation from import tests. [chrisr3d]
* [stix2 import] Fixed timeline fields parsing for indicator objects. [chrisr3d]
* [tests] Fixed tests for `suricata` objects export as STIX 2.1 and added more attributes to the `suricata` & `yara` test object samples to be tested. [chrisr3d]
* [stix2 export] Fixed the `suricata` object export as STIX 2.1 mapping. [chrisr3d]
* [stix2 import] Fixed patterning language objects parsing for external STIX content. [chrisr3d]
* [stix2 import] Fixed STIX 2.1 Location objects import as `geolocation` objects. [chrisr3d]
* [tests] Fixed the `geolocation` object export tests following the recent changes on this object's mapping. [chrisr3d]
* [stix2 export] Fixed `geolocation` object export mapping. [chrisr3d]
* [tests] Fixed tests for `news-agency` objects export as STIX 2.0 & 2.1 following the changes on the contact information field for this object. [chrisr3d]
* [tests] A few changes in the test function names & added unit tests for the MISP object names. [chrisr3d]
* [stix2 import] Fixed the STIX 2 Vulnerability object parsing. [chrisr3d]
* [tests] Fixed tests for `employee` objects import from STIX 2 Identity objects, following the recent changes on the `contact_information` field handling. [chrisr3d]
* [stix2 import] Fixed the Identity object error message. [chrisr3d]
* [stix2 import] Fixed contact information field handling in the STIX 2 Identity object import as MISP employee object. [chrisr3d]
* [tests] Fixed documentation auto-generation from tests for user account objects. [chrisr3d]
* [stix2 export] Better patterns escaping. [chrisr3d]
* [tests] Better patterns escaping tests. [chrisr3d]
* [tests] Fixed tests for `legal-entity` export as STIX 2.0 & 2.1. [chrisr3d]
* [stix2 export] Fixed the `legal-entity` objects export as STIX 2 mapping, with the `website` attribute now being part of the contact information mapping for this object. [chrisr3d]
* [stix2 export] Fixed `employee` objects export as STIX 2 mapping, with the `email-address` attribute being now part of the contact information mapping for this object. [chrisr3d]
* [stix2 export] Added missing specific mapping list for employee objects export as STIX 2.0 & 2.1. [chrisr3d]
* [stix2 export] Fixed `employee` object export of the contact information STIX 2 field. [chrisr3d]
* [stix2 import] Fixed a variable name. [chrisr3d]
* [stix2 import] Better handling of STIX objects loaded in a dict with a `used` flag. [chrisr3d]
* [tests] Putting the `AttackPattern` objects checking function at the right place. [chrisr3d]
- In this case, this is a testing function for
specific STIX 2 objects generated from MISP
* [stix2 import] Avoiding any issue with the `type` feature in mappings. [chrisr3d]
- Making sure it is not considered as the `type`
feature of a python method
- Declaring dictionaries and passing them to the
`Mapping` class when needed
* [tests] Enhanced `course-of-action` objects export tests. [chrisr3d]
* [stix2 import] Added `force_timestamps` parameter at the creation of MISP events and objects to make sure the timestamps will be preserved once ingested in MISP format. [chrisr3d]
* [stix2 export] Fixed `attack-pattern` export as STIX 1 tests following the recent changes on the sample objects. [chrisr3d]
* [stix2 import] Removed unused imports. [chrisr3d]
* [tests] Function name typo. [chrisr3d]
* [tests] Fixed some tests function names. [chrisr3d]
- Wrong test function name makes the test to be
skipped. Must start with `test`
* [stix2 import] A few quick fixes. [chrisr3d]
* [stix2 import] Clarification on the `Unknown STIX object type` exception handling. [chrisr3d]
* [stix2 import] Added some missing loading functions (mapping + actual function) [chrisr3d]
* [stix2 import] Fixed `Vulnerability` objects parsing. [chrisr3d]
* [stix2 import] A few variable names and copy paste issues fixed. [chrisr3d]
* [documentation] Making sure we don't face any path issue in case the documentation generation is ran from another path. [chrisr3d]
* [documentation] Updated summary. [chrisr3d]
* [documentation, tests] Some typos which generated a broken documentation update. [chrisr3d]
* [tests] Just a quick summary update. [chrisr3d]
* [tests] A few copy paste and variable name issues. [chrisr3d]
* [tests] Reusing declared variables. [chrisr3d]
* [tests] Removed or used unused variables. [chrisr3d]
* [tests] Reusing existing variable. [chrisr3d]
* [tests] Fixed undefined variable name. [chrisr3d]
* [documentation, tests] Sanitized the automated documentation generation from the tests. [chrisr3d]
* [documentation, tests] Stripped data fields values to make them more convenient to be used in a documentation. [chrisr3d]
* [documentation, tests] Forcing some summary definition in the objects documentation. [chrisr3d]
* [tests] Better variables handling in some attributes export tests. [chrisr3d]
* [tests] Fixed variable name. [chrisr3d]
* [documentation, tests] Fixed the `mac-address` Observed Data documentation automation. [chrisr3d]
* [tests] Removed test print. [chrisr3d]
* [stix2 export] Fixed the suricata object mapping. [chrisr3d]
* [stix2 export] Using the parent class property to get the `identity_id` since the "private" attribute is not known by the children classes. [chrisr3d]
* [git] Fixed gitmodules file. [chrisr3d]
* [tests] Quick grouping features testing simplification. [chrisr3d]
* [stix2 export] Fixed cti library path following the recent path changes for this git submodule. [chrisr3d]
* [stix2 export] Simplified one tmp variable that was not necessary. [chrisr3d]
* [stix2 export] Fixed typo with `Sighting` fields. [chrisr3d]
* [documentation] Making sure we don't face any path issue in case the documentation generation is ran from another path. [chrisr3d]
* [documentation] Updated summary. [chrisr3d]
* [documentation, tests] Some typos which generated a broken documentation update. [chrisr3d]
* [tests] Just a quick summary update. [chrisr3d]
* [tests] A few copy paste and variable name issues. [chrisr3d]
* [tests] Reusing declared variables. [chrisr3d]
* [tests] Removed or used unused variables. [chrisr3d]
* [tests] Reusing existing variable. [chrisr3d]
* [tests] Fixed undefined variable name. [chrisr3d]
* [documentation, tests] Sanitized the automated documentation generation from the tests. [chrisr3d]
* [documentation, tests] Stripped data fields values to make them more convenient to be used in a documentation. [chrisr3d]
* [documentation, tests] Forcing some summary definition in the objects documentation. [chrisr3d]
* [tests] Better variables handling in some attributes export tests. [chrisr3d]
* [tests] Fixed variable name. [chrisr3d]
* [documentation, tests] Fixed the `mac-address` Observed Data documentation automation. [chrisr3d]
* [tests] Removed test print. [chrisr3d]
* [stix2 export] Fixed the suricata object mapping. [chrisr3d]
* [stix2 export] Using the parent class property to get the `identity_id` since the "private" attribute is not known by the children classes. [chrisr3d]
* [stix2 import] A few changes on the `single_event` parameter and the number of report or grouping objects. [chrisr3d]
* [git] Fixed gitmodules file. [chrisr3d]
* [tests] Quick grouping features testing simplification. [chrisr3d]
* [stix2 export] Fixed cti library path following the recent path changes for this git submodule. [chrisr3d]
* [stix2 export] Fixed typo with `Sighting` fields. [chrisr3d]
* [stix2 import] Clarification on various mapping variable names. [chrisr3d]
- Making sure we know whether we deal with an
attribute or object mapping
- Making sure we differenciate MISP features and
STIX objects mapping
* [stix2 import] Added missing Location object import. [chrisr3d]
* [stix2 import] Changed the pattern type exception catching to an error instead of a warning since we cannot call the stix2-pattern object creation function in this case. [chrisr3d]
* [stix2 import] Typo. [chrisr3d]
* [stix2 export] Simplified one tmp variable that was not necessary. [chrisr3d]
* [stix2 import] Quick fix on vulnerability object parameter that is a ref and not the vulnerability object directly. [chrisr3d]
* [stix2 import] Making the MISP object creation function an attribute of the parent class, available for both children classes. [chrisr3d]
* [stix2 import] A few errors fixed, like a missing import or a wrong variable name etc. [chrisr3d]
* [stix2 import] Made the list of unsupported pattern separation key words a property of the external STIX files parsing mapping. [chrisr3d]
* [stix2 import] This typing variable is now going to be needed in the parent class. [chrisr3d]
* [stix2 import] Better separation in catching exceptions while looping over report or grouping object_refs. [chrisr3d]
* [stix2 import] Fixed a few variable names issues. [chrisr3d]
* [stix2 import] Fixed function name change that was missing. [chrisr3d]
* [stix1 export] Better errors handling for objects to parse as the same improvement has been made to STIX2 recently. [chrisr3d]
* [stix1 export] Better errors handling for objects to parse as the same improvement has been made to STIX2 recently. [chrisr3d]
* [stix export] Enhanced handling of MISP object which encountered a parsing issue. [chrisr3d]
- Avoiding those objects to be skipped
- They're exported as custom objects instead
* [stix2 export] Enhanced the pattern values sanitisation. [chrisr3d]
- Generalised the sanitisation made on registry
key values to all the pattern since they may
contain characted like `%` and `\` which are
particularly tricky to handle in STIX patterns
* [stix2 export] Enhanced the pattern values sanitisation. [chrisr3d]
- Generalised the sanitisation made on registry
key values to all the pattern since they may
contain characted like `%` and `\` which are
particularly tricky to handle in STIX patterns
* [stix2 export] Better exceptions catching while handling MISP objects to parse. [chrisr3d]
- Most of the objects are parsed on the go and
directly converted into a STIX object, but some
objects have specific relations that require
special care. It is the case for file objects
with pe and pe-section objects. Since they are
exported into a single STIX file object with an
extension, we need to store them until we are
sure all MISP objects have been handled (parsed
or stored) and we do have all the referenced
objects to start the special parsing. Then they
are parsed together using the `ObjectReference`
field of each one of them. For this specific use
case, we were missing some exception catching
since they're out of the standard objects
resolving loop
* [tests] Making sure the recent changes on STIX objects labels don't break the tests. [chrisr3d]
* [stix2 import] Updated the `stix2_to_misp` helper function. [chrisr3d]
- We already wrote previously a skeleton for this
function to take a filename using its name and
to call the parsing function which takes the
STIX2 bundle object. We simply updated it with
the recent STIX2 to MISP parsing features
development
* [stix2 import] Variable names typo. [chrisr3d]
* [stix2 import] Wrong variable name. [chrisr3d]
* [tests] Fixed tests on labels. [chrisr3d]
* [stix2 export] Better markings handling to avoid issues with unrecognised tlp tags. [chrisr3d]
* [stix2 import] Syntax fixed. [chrisr3d]
* [stix2 export] Better markings handling to avoid issues with unrecognised tlp tags. [chrisr3d]
* [stix1 export] Transforming into upper case TLP tags only. [chrisr3d]
- TLP tags that are not parsed as TLPMarkings are
then exported as SimpleMarking with no uppercase
conversion, which keeps the tag as is
- It also avoids the `.upper()` for every test ran
on each tag, and limits this conversion into
uppercase only when needed
* [stix1 export] Transforming into upper case TLP tags only. [chrisr3d]
- TLP tags that are not parsed as TLPMarkings are
then exported as SimpleMarking with no uppercase
conversion, which keeps the tag as is
- It also avoids the `.upper()` for every test ran
on each tag, and limits this conversion into
uppercase only when needed
* [stix1 export] Fixed tags parsing to avoid issues with TLP tags. [chrisr3d]
- Parsing as TLPMarking only the supported TLP tags
- The other ones are exported as SimpleMarkings
* [stix1 export] Fixed tags parsing to avoid issues with TLP tags. [chrisr3d]
- Parsing as TLPMarking only the supported TLP tags
- The other ones are exported as SimpleMarkings
* [tests] Fixed orgname testing in every different test. [chrisr3d]
- The orgname value used to define the information
source and reporter identity remains the same
- The orgname value used to define every STIX
object id is correctly sanitized
* [stix1 export] Fixed missing import and typo. [chrisr3d]
* [stix1 export] Fixed STIX objects ID identifier. [chrisr3d]
- Making sure the orgname used is sanitised and
does not contain any space
* [stix1 framing] Fixed STIX 1 XML Header framing. [chrisr3d]
* [stix2 export] Making sure observable object ids are correctly parsed. [chrisr3d]
- Making also sure those ids are correctly
fetched if there are event reports, so they are
correctly referenced in the `object_refs` field
* [stix2 export] Better handling of object ids used in the `object_refs` field within the Note objects generated from the event reports parsing. [chrisr3d]
* [stix2 export] Fixed `lnk` object parsing. [chrisr3d]
- The uuid fields list was missing the
`malware-sample` attribute
- Differenciation between the uuid fields and the
path fields
- uuid fields are the attributes that are
exported in a different observable object than
the main one resulting from the conversion of
most of the object attributes
- path fields are the attributes that are
exported as `directory` objects and referenced
by the main `file` object with the
`directory_ref` field
* [stix2 export] Making `parent-pid` attribute prioritary over `parent-command-line` to define which attribute uuid is used to define the parent process id while parsing process objects. [chrisr3d]
* [tests] Fixed tests for `legal-entity` objects export. [chrisr3d]
- Added the attribute that was missing, following
the recent fix on this object mapping
* [stix2 export] Fixed `legal-entity` object mapping. [chrisr3d]
* [stix2 export] Making sure we want the uuid of an object attribute before actually getting it. [chrisr3d]
* [stix2 export] Fixed `image` object export, especially as STIX 2.1 which was missing some attribute uuids. [chrisr3d]
* [stix2 export] Quick change on file observable objects parsing to prepare future updates on event reports handling. [chrisr3d]
* [stix2 export] Fixed `email` object attributes parsing. [chrisr3d]
- In the parent STIX 2 parsing class, we cannot
hardcode object_relation fields that are only
supported in either STIX 2.0 or STIX 2.1.
In this case, the `message-id` attribute is only
supported in STIX 2.1, and we reach a KeyError
exception if we try to get the STIX 2.0 mapping
for this object_relation in STIX 2.0
* [stix2 export] Fixed `message-id` attribute from `email` object export as STIX 2.1. [chrisr3d]
* [stix2 export] Better `domain|ip` objects parsing to make sure the `DomainName` objects have the correct id field. [chrisr3d]
* [tests] Removed empty line. [chrisr3d]
* [stix2 export] Fixed `lnk` object mapping. [chrisr3d]
- Removed the unsupported fields in the main class
mapping since they are specific to STIX 2.1 only
- Removed the duplicated mappings that are no
longer needed in the subclasses since the
mapping is single and the specific fields are
handled in another mapping structure
* [stix export] Removed unused imports. [chrisr3d]
* [stix2 export] Removed unused import. [chrisr3d]
* [stix2 export] Quick typo & empty line issues fixed. [chrisr3d]
* [tests] Added missing `legal-entity` test object that is necessary for the related tests. [chrisr3d]
* [tests] Fixed tests for `malware-sample` attributes & object attributes tests following the recent updates on the conversion of this type of attribute. [chrisr3d]
* [stix2 export] Added missing `created_by_ref` field in Note & Location objects. [chrisr3d]
* [stix2 export] Fixed copy paste issue in variable name. [chrisr3d]
* [tests] Added missing `cpe-asset` metadata values. [chrisr3d]
* [stix2 export] Better handling of custom features with potential data field in STIX objects or Observable objects. [chrisr3d]
* [tests] Testing the location object id with the grouping refs. [chrisr3d]
* [tests] Fixed tests for objects which recently got there STIX conversion to contain a `to_ids` tag. [chrisr3d]
* [stix2 export] Added the global `to_ids` tag fetched from object attributes even in STIX objects that are not dependant from this tag. [chrisr3d]
- As opposed to `Indicator` & `Observable` objects
which are directly depending on the `to_ids`
value, other objects were not getting the value
as additional tag value. As it does not cost
much more to at least get the info whether there
was a `to_ids` flag in the object attributes, we
add this tag in some objects that were missing it
* [tests] Testing precisely the observable ids within observable compositions while exporting MISP into STIX 1. [chrisr3d]
* [tests] Changed ids of observable objects within observable composition objects to comply with the recent changes on observable ids in that specific case. [chrisr3d]
* [tests] Properly testing the observable features in the case of an export of a domain|ip attribute. [chrisr3d]
- Compared to before, when the observable object
id was set with the domain|ip attribute uuid, we
replaced it with a v5 uuid defined with the
attribute uuid, and the corresponding value. We
now test the resulting observable ids based on
these v5 uuids
Other
* Fix; [github actions] Added missing pytest dependency for github actions. [Christian Studer]
* Add: [github actions] Added workflow. [Christian Studer]
* Wip: [tests] Tests for `email` objects import from STIX 2 Observable objects. [Christian Studer]
* Fix; [stix2 export] Better `email` objects export handling. [Christian Studer]
- Enhanced parsing of email addresses and the
related display names for both indicator and
observable objects
- Better definition of the `email-message` refs
within the pattern
* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]
* Wip: [stix2 import] Importing `email` objects from STIX 2 Observable objects. [Christian Studer]
* Wip: [tests] Tests for `email` objects import from Indicators. [Christian Studer]
* Wip: [stix2 import] Importing `email` objects from Indicators. [Christian Studer]
- Observable parsing in progress
- Improvement & fixes might also come for both
email objects export and then import (as a
consequence to support the same mapping in both
directions)
* Wip: [tests] Added indicator & observable samples to be imported as `email` objects. [Christian Studer]
* Wip: [tests] Tests for `domain-ip` import from STIX 2 Indicator & Observable objects. [Christian Studer]
* Wip: [stix2 import] Importing `domain-ip` objects from STIX 2 Indicator & Observable objects. [Christian Studer]
* Wip: [tests] Added tests for `user-account` objects import from STIX 2 Indicator & Observable objects. [Christian Studer]
* Wip: [stix2 import] Importing `user-account` objects from STIX 2 Indicator & Observable objects. [Christian Studer]
* Wip: [tests] Added tests for `credential` objects import from STIX 2 Indicator & Observable objects. [Christian Studer]
* Wip: [stix2 import] Importing `credential` objects from STIX 2 Indicator & Observable objects. [Christian Studer]
* Add: [readme] Added Usage examples for the command-line usage. [Christian Studer]
* Add: [setup] Made the python library executable. [Christian Studer]
- Supported now: Export only
- Reusing helpers that were already available if
the library is imported in a python script
* Wip: [tests] Tests for user & account objects with attachments import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Importing user & account objects which can contain attachments from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [tests] Tests for user & account objects import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix. [chrisr3d]
* Wip: [stix2 import] Importing user & account objects from STIX 2 Indicator & Observable objects. [chrisr3d]
-> User & account objects that have no `attachement`
attribute with a `data` field
* Wip: [tests] Fixed STIX 2 samples for import tests, following the recent fixes on user & account objects mapping. [chrisr3d]
* Wip: [stix2 import] Changed user account objects import parsing mapping. [chrisr3d]
* Wip: [tests] Added samples for user account objects import. [chrisr3d]
* Wip: [tests] Tests for `cpe-asset` objects import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Importing `cpe-asset` objects from STIX 2 Indicator & Observables objects. [chrisr3d]
* Wip: [tests] Tests for `asn` objects import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Started importing MISP objects from Indicator & Observable objects with the `asn` object. [chrisr3d]
* Wip: [tests] Tests for the recently added attribute types import from STIX 2. [chrisr3d]
* Wip: [stix2 import] Completing the attributes import mapping with the missing attribute types. [chrisr3d]
- All the attribute types that are supported in
the MISP -> STIX 2 export mapping should now be
supported in the STIX 2 -> MISP import mapping
* Wip: [tests] Tests for filename attributes import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Importing `filename` attributes from STIX 2 Indicator & Observable objects. [chrisr3d]
* Add: [tests, documentation] Some STIX 2 import documentation generated from the tests. [chrisr3d]
* Wip: [tests] Tests for email attributes import from STIX 2 & split internal STIX 2 sub-classes. [chrisr3d]
- Separating STIX 2.0 & STIX 2.1 testing classes
to avoid mixing up with the documentation
variables that are not reset to empty when the
tests from 2 different unittest classes are
declared in the same file
* Wip: [stix2 import] Importing email attributes and better attributes mapping. [chrisr3d]
- Split indicator & obsevrable mappings to be able
to regroup specific parsing functions that are
the same
* Wip: [tests] Tests for URL Indicator & Observable objects import as MISP attributes. [chrisr3d]
* Wip: [stix2 import] Importing URL Indicator & Observable objects to attributes. [chrisr3d]
* Wip: [tests] Tests for the attributes import from Indicator & Observable objects we just added. [chrisr3d]
* Wip; [stix2 import] Added more attributes parsing from Indicator & Observable objects. [chrisr3d]
- Adding step by step functions that are already
(or not) in the STIX 2 to MISP mapping
* Wip: [tests] Tests for x509 fingerprint attributes import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Importing x509 fingerprint attributes from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [tests] Tests for ip & ip|port attributes import from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [stix2 import] Importing ip & ip|port attributes from STIX 2 Indicator & Observable objects. [chrisr3d]
* Wip: [tests] Tests for hash attributes import from STIX 2.0 & 2.1 Observable & Indicator objects. [chrisr3d]
* Wip: [tests] Added test samples for hash attributes import from Observable and Indicator objects. [chrisr3d]
* Wip: [stix2 import] Added the missing hash attribute types to the STIX 2 to MISP mapping. [chrisr3d]
* Add: [documentation] Hash attribute types recently added in the test samples have their documentation auto-generated also. [chrisr3d]
* Merge branch 'dev' of github.com:MISP/misp-stix into main. [chrisr3d]
* Wip: [tests] Tests for patterning language attributes & objects export from STIX 2.1 Indicator objects. [chrisr3d]
* Wip: [stix2 import] Importing patterning language attributes & objects from STIX 2.1 Indicator objects. [chrisr3d]
* Wip: [tests] Tests for `geolocation` objects import from STIX 2.1 Location objects. [chrisr3d]
* Wip: [tests] Tests for `script` objects import from STIX 2 Malware & Tool objects. [chrisr3d]
* Wip: [stix2 import] Importing `script` objects from STIX 2 Malware & Tool objects. [chrisr3d]
* Wip: [tests] Tests for `campaign-name` attributes import from STIX 2 Campaign objects. [chrisr3d]
* Wip: [stix2 import] Importing `campaign-name` attributes from STIX 2 Campaign objects. [chrisr3d]
* Wip: [tests] Tests for `news-agency` & `organization` objects import from STIX 2 Identity objects. [chrisr3d]
* Wip: [stix2 import] Importing`news-agency` & `organization` object from STIX 2 Identity object re-using the Identity object parsing function. [chrisr3d]
* Wip: [tests] Tests for `vulnerability` attributes & objects import from STIX 2 Vulnerability objects. [chrisr3d]
* Wip: [tests] Tests for `legal-entity` objects import from STIX 2 Identity objects. [chrisr3d]
* Wip: [stix2 import] Importing `legal-entity` objects from STIX 2 Identity objects. [chrisr3d]
* Fix; [tests] Fixed tests for the `employee` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [tests] Tests for `employee` objects import from STIX 2.0 & 2.1 Identity objects. [chrisr3d]
* Wip: [stix2 import] Importing `employee` objects previously exported as STIX 2 Identity objects. [chrisr3d]
* Wip: [tests] Tests for `CourseOfAction` STIX 2 objects import. [chrisr3d]
* Wip: [stix2 import] Importing `CourseOfAction` STIX 2 objects. [chrisr3d]
* Wip: [tests] Added testing classes for STIX 2 import, starting with `attack-pattern` objects. [chrisr3d]
* Wip: [tests] Already made some test features available in parent classes that will be reachable for import tests. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Add: [tests] Added some `attack-pattern` object attributes to be exported as STIX custom fields in the `Attack Pattern` object. [chrisr3d]
* Wip: [stix2 import] Parsing STIX 2.0 & 2.1 `Attack Pattern` objects. [chrisr3d]
* Wip: [stix2 import] Updated the STIX 2 objects mapping handling. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Add: [documentation] MISP objects export as STIX 2.0 & 2.1 mappings are automatically updated with the recent changes on tests. [chrisr3d]
* Add: [tests] Added tests for `script` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `script` objects to the export as STIX 2.0 & 2.1 export mapping. [chrisr3d]
* Wip: [documentation] Updated documentation has been regenerated. [chrisr3d]
* Wip: [documentation] Replaced the attributes & objects export as STIX 2.0 & 2.1 summaries with the formatting headers so they are generated from the recently added summary mappings. [chrisr3d]
* Wip: [documentation] Added the auto generation of the attributes & objects export as STIX 2.0 & 2.1 mapping summary. [chrisr3d]
* Add: [documentation] Added the attributes & objects export as STIX 2.0 summary autogenerated with tests. [chrisr3d]
* Wip: [documentation] Updated the MISP objects export as STIX 2.0 documentation using the documentation automated update from tests. [chrisr3d]
* Wip: [documentation] Updated the attributes export to STIX 2.0 documentation regenerated with the tests automated documentation update. [chrisr3d]
* Wip: [documentation, tests] Updated the automated documentation generation to support STIX 2.0. [chrisr3d]
* Fix; [tests] Removed or used unused variables. [chrisr3d]
* Iadd: [documentation] Added summary mapping for attributes & objects export as STIX 2.1. [chrisr3d]
* Wip: [documentation, tests] Populating the objects documentation while running STIX 2.1 tests. [chrisr3d]
* Wip: [documentation, tests] Outsourced the documentation update process to an external class and script. [chrisr3d]
* Wip: [documentation, tests] Testing if the attributes conversion as STIX 2.1 mapping from documentation if different from the mapping built from tests before replacing it. [chrisr3d]
* Wip: [documentation, tests] Replacing attribute to STIX 2.1 mapping with the samples used in tests. [chrisr3d]
* Wip: [tests] Initiated an automated way to check if the mapping documentation is up-to-date using the tests. [chrisr3d]
- Started with the tests for attributes export as STIX 2.1
* Add: [tests] Added tests for patterning language objects export as STIX 2.1. [chrisr3d]
* Add: [tests] Test samples for objects converted into indicator with a specific pattern type. [chrisr3d]
* Add: [stix2 export] Added suricata & yara to the list of supported MISP object templates for export as STIX 2.1. [chrisr3d]
* Add: [submodules] Sub-moduled misp-galaxy. [chrisr3d]
* Add: [git] Added tmp dir & a gitignore file that contains the tmp dir for now. [chrisr3d]
* Add: [documentation] MISP objects export as STIX 2.0 & 2.1 mappings are automatically updated with the recent changes on tests. [chrisr3d]
* Add: [tests] Added tests for `script` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `script` objects to the export as STIX 2.0 & 2.1 export mapping. [chrisr3d]
* Wip: [documentation] Updated documentation has been regenerated. [chrisr3d]
* Wip: [documentation] Replaced the attributes & objects export as STIX 2.0 & 2.1 summaries with the formatting headers so they are generated from the recently added summary mappings. [chrisr3d]
* Wip: [documentation] Added the auto generation of the attributes & objects export as STIX 2.0 & 2.1 mapping summary. [chrisr3d]
* Add: [documentation] Added the attributes & objects export as STIX 2.0 summary autogenerated with tests. [chrisr3d]
* Wip: [documentation] Updated the MISP objects export as STIX 2.0 documentation using the documentation automated update from tests. [chrisr3d]
* Wip: [documentation] Updated the attributes export to STIX 2.0 documentation regenerated with the tests automated documentation update. [chrisr3d]
* Wip: [documentation, tests] Updated the automated documentation generation to support STIX 2.0. [chrisr3d]
* Fix; [tests] Removed or used unused variables. [chrisr3d]
* Iadd: [documentation] Added summary mapping for attributes & objects export as STIX 2.1. [chrisr3d]
* Wip: [documentation, tests] Populating the objects documentation while running STIX 2.1 tests. [chrisr3d]
* Wip: [documentation, tests] Outsourced the documentation update process to an external class and script. [chrisr3d]
* Wip: [documentation, tests] Testing if the attributes conversion as STIX 2.1 mapping from documentation if different from the mapping built from tests before replacing it. [chrisr3d]
* Wip: [documentation, tests] Replacing attribute to STIX 2.1 mapping with the samples used in tests. [chrisr3d]
* Wip: [tests] Initiated an automated way to check if the mapping documentation is up-to-date using the tests. [chrisr3d]
- Started with the tests for attributes export as STIX 2.1
* Add: [tests] Added tests for patterning language objects export as STIX 2.1. [chrisr3d]
* Add: [tests] Test samples for objects converted into indicator with a specific pattern type. [chrisr3d]
* Add: [stix2 export] Added suricata & yara to the list of supported MISP object templates for export as STIX 2.1. [chrisr3d]
* Wip: [stix2 import] Enhanced complex patterns exclusion. [chrisr3d]
* Wip: [stix2 import] Function to handle the import case for various STIX objects to convert: either as MISP attribute or MISP object. [chrisr3d]
* Wip: [stix2 import] Parsing external STIX patterns that are not stix patterns. [chrisr3d]
* Wip: [stix2 import] Added STIX 2.1 pattern types parsing for internal indicators with a pattern type that is not stix. [chrisr3d]
* Wip; [stix2 import] Parsing Location objects. [chrisr3d]
* Wip: [stix2 import] Parsing external STIX 2 Vulnerability objects. [chrisr3d]
* Wip: [stix2 import] Parsing MISP generated STIX 2 Vulnerability objects. [chrisr3d]
* Wip: [stix2 import] Handling the synonyms to tag names mapping. [chrisr3d]
- Synonyms are the different names of threat actors,
courses of action, attack patterns and other
STIX objects converted as MISP Galaxy clusters
- In order to avoid looping over galaxy clusters,
and to avoid parsing multiple times the same
galaxy cluster, we load this mapping once to
provide the association of all the known galaxy
cluster names and the related tag names
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Add: [submodules] Sub-moduled misp-galaxy. [chrisr3d]
* Add: [git] Added tmp dir & a gitignore file that contains the tmp dir for now. [chrisr3d]
* Wip: [stix2 import] Better pattern type handling & redirection to the `stix2-pattern` object creation in case of parsing exception. [chrisr3d]
* Wip: [stix2 import] Some pieces of documentation for the main parsing function used for external STIX 2. [chrisr3d]
* Wip: [stix2 import] Considering the possibility some producers of STIX data still use the deprecated `objects` field instead of `object_refs` [chrisr3d]
* Wip: [stix2 import] Added a first version of observable & pattern mappings for STIX objects from external STIX files. [chrisr3d]
* Wip: [stix2 import] Added missing Exceptions. [chrisr3d]
* Wip: [stix2 import] More observable mapping skeleton. [chrisr3d]
* Wip: [stix2 import] Skeleton for external STIX files parsing. [chrisr3d]
* Wip: [stix2 import] Added a few pattern parsing functions to initiate the concept. [chrisr3d]
* Wip: [stix2 import] More logical observable mapping functions. [chrisr3d]
* Wip: [stix2 import] Added indicators parsing & better exceptions catching for observed data and indicator objects. [chrisr3d]
* Wip: [stix2 import] Parsing STIX objects timeline fields. [chrisr3d]
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [stix2 import] Better was to fetch STIX object to be parsed, once they are all loaded. [chrisr3d]
* Wip: [stix2 import] Better separation between objects loading & parsing. [chrisr3d]
* Wip: [stix2 import] More steps for single reports parsing. [chrisr3d]
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [stix2 import] A few steps forward to the stix objects parsing from bundle. [chrisr3d]
* Wip: [stix2 import] Starting with some observable objects parsing functions. [chrisr3d]
* Wip: [stix2 import] STIX2 observable objects mapping for STIX content from MISP. [chrisr3d]
* Wip: [stix2 import] Added some observable parsing processing. [chrisr3d]
- We'll continue with the observable mapping and
the different related functions needed to get
convert the observable objects into MISP
attributes or objects
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [stix2 import] Populating STIX2 parsing functions. [chrisr3d]
- Started with the Custom objects which are the
most straight forward ones :)
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [stix2 import] Adding library imports & changes concerning the STIX2 import features. [chrisr3d]
* Wip: [stix2 import] We continue building the stix2 import skeleton. [chrisr3d]
* Wip: [stix2 import] Main STIX2 objects parsing functions mapping. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Set theme jekyll-theme-cayman. [Alexandre Dulaunoy]
* Set theme jekyll-theme-cayman. [Alexandre Dulaunoy]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Wip: [stix2 import] We start the STIX2 import. [chrisr3d]
- From pseudo-code draft & ideas in mind
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Fix; [tests] Testing STIX 2.1 objects ids correctly. [chrisr3d]
- Some needed attribute uuids added
- We added several tests for the ids of different
objects as well as observable objects
* Wip: [stix import] First skeletton premise of the STIX to MISP import feature. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Add: [tests] Tests for `android-app` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `android-app` object to the list of supported object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [chrisr3d]
* Add: [tests] Tests for `lnk` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `lnk` objects to the list of mapped object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Tests for image objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `image` objects to the list of supported object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Added tests for `legal-entity` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `legal-entity` objects in the list of supported object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Tests for `news-agency` & `organization` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `news-agency` & `organization` objects to the list of supported object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Added missing test the `identity_class` field within an Identity STIX object exported from an `employee` MISP object. [chrisr3d]
* Add: [tests] Added tests for `employee` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `employee` objects to the list of supported objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Added tests for the `parler-account` & `reddit-account` objects. [chrisr3d]
- To be tested with the `github-user` object
using the account objects with attachment
attributes parsing function
* Add: [stix2 export] Added `parler-account` & `reddit-account` to the list of supported objects export as STIX 2.0 & 2.1. [chrisr3d]
- Rusing the account objects with at least one
potential attachment attribute parsing function
that has been made generic and that already
supports `github-user` objects
* Add: [tests] Added tests for `telegram-account` objects export as STIX 2.0 & 2.1 to the existing tests for account objects. [chrisr3d]
* Add: [stix2 export] Added `telegram-account` objects to the list of supported objects export as STIX 2.0 & 2.1. [chrisr3d]
- Reusing the account objects parsing function
* Add: [tests] Tests for `cpe-asset` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `cpe-asset` to the list of mapped object templates export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Added test for annotation objects export as STIX 2.1. [chrisr3d]
* Add: [stix2 export] Added `annotation` objects to the list of supported object export as STIX 2.1. [chrisr3d]
- Annotation objects are exported as STIX 2.1 Note
objects which appeared only in 2.1
- The process of parsing those objects is pretty
similar to the pe & pe-section objects parsing,
we need to parse first all the attributes and
objects referenced by the annotation in order to
get then their exact STIX object id once they
are already converted, otherwise we would have
the `referenced_uuid` value only and we would
miss the STIX object type to build the `object_ref`
id value: `{type}--{uuid}`
* Add: [tests] Added tests for `github-user` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `github-user` to the list of supported objects export as STIX 2.0 & 2.1. [chrisr3d]
- As `gitlab-user` is already supported, there was
no reason to skip this template, but it required
some additional attention since there is an
attribute with a potential `data` field
* Add: [tests] Added tests for `gitlab-user` objects export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [tests] Added tests for `github-username` attributes export as STIX 2.0 & 2.1. [chrisr3d]
* Add: [stix2 export] Added `github-username` attribute type to the list of supported types exported as STIX 2.0 & 2.1. [chrisr3d]
- As a side note: this attribute export as STIX 2.0
observed data object is not supported due to the
`user_id` field requirement that is effective
in STIX 2.0, which is no longer the case in 2.1
where it is optional
* Add: [stix2 export] Added `gitlab-user` object template to the list of supported objects export as STIX 2.0 & 2.1. [chrisr3d]
- Using the most recent changes on the account
objects parsing that made the function also
available for this object template (in addition
to the account objects already supported)
* Add: [tests] Added tests for sigma, snort & yara attributes export as STIX 2.1. [chrisr3d]
* Add: [stix2 export] Exporting sigma, snort & yara attributes in STIX 2.1 since Indicators support multiple pattern types in STIX 2.1. [chrisr3d]