misp-stix v2.4.196 - Summer realease including changes on the command-line feature and a few fixes

v2.4.196 - 2024-08-21

Included in the release

• A few arguments to the STIX 2 to MISP parsers have been added to give the option to set directly some of the MISP Event fields or add more contextualisation to the data that is converted to MISP
• Overall improvement of the command-line feature, supporting more arguments - some are directly related to the above mentioned new arguments
• Updated documentation explaining the newest features

Add

• [misp_stix_converter] Global version argument added
• [tests] Tests for STIX 2.x Bundle import with specific producer or title set by user
• [misp_stix_converter] Added title argument to prefix Event info field with some title
• [readme] Added instructions on the producer argument
• [misp_stix_converter, stix2 import] Added producer argument to add in the Events converted from STIX 2.x the name of the producer
• [readme] Added more instructions and examples on the command-line feature usage
• [readme] Additional instructions on the installation process
• [misp_stix_converter] Extended the command line feature to allow to push Events on MISP from the conversion of STIX 2.x Bundles

Chg

• [package] Updated version
• [stix2 import] Excluding the producer from the event info title
• [poetry] Bumped latest versions in lock file
• [stix2 import] Better handling of the STIX2 Parser class arguments
• [stix2 import] Added separation in the generic Event info field, between the title and information on the producer
• [stix2 import] Adding producer - when provided - to the generic info field
• [poetry] Bumped lock file with the latest versions
• [poetry] Bumped lock file with the latest dependencies versions
• [readme] Updated command-line import feature arguments instructions
• [misp_stix_converter] Getting the current user organisation uuid to use it for the Custom Clusters creation
• [readme] Updated instruction for the command line feature

Fix

• [poetry] Tentative to fix lock file
• [misp_stix_converter] Fixed some argparse help values
• [tests] Fixed tests for STIX 2.x Bundles imported as MISP Events where producer and info values are set by user
• [stix2 import] Fixed generic info field to use the title set by users
• [stix2 export] Avoiding issues with EventReport referencing attributes or objects exported as Custom STIX 2 Object
• [stix2 import] Avoiding issue with getattr which isn't able to check whether a __ prefixed variable exists or not
• [misp_stix_converter] Handling cases where url or authentication key is not provided to connect to MISP
• [stix2 import] Added missing producer argument
• [misp_stix_converter] Updated command-line import arguments
• [stix2 import] Added bundle id to the generic Event info field used when there is no Report or Grouping to parse
• [misp_stix_converter] Quick fixes on the command-line feature
• [misp_stix_converter] Providing default value to the version and distribution arguments with the command line feature
• [stix2 import] Avoiding issues with the Event tags variable

misp-stix v2.4.194 - A few fixes and an important change to the Tags handling to avoid duplication of Event tags into Attributes

v2.4.194 - 2024-06-21

Included in the release

• A few issues fixed
• Some clean-up of the duplicated methods after the latest Converters have been merged
• Avoiding the duplication of Event tags in Attributes
  ➡️ When an Event is tagged with a specific tag, it implies all the Attributes contained in this Event are implicitly tagged with the same tag. We do not need to explicitly tag all the Attributes with the same tag in that case.
  ❌ : As a naive approach, we were looping through Marking Definitions to tag individually each Attribute when there was a reference between the corresponding STIX object and Marking Definition
  ✅ Now we first check if a given Tag is already attached to the Event before attaching it to an Attribute

Chg

• [poetry] Updated lock file with latest versions
• [poetry] Latest version
• [stix2 export] Cleaner STIX 2.x object IDs handling

Fix

• [stix2 import] Deduplication of the Event tags that were also added to Attributes
• [stix2 import] Removed unused methods
• [stix2 import] Avoid returning an error message for marking-definition refs not parsed
• [stix2 export] Cleaner code
• [stix2 import] Differenciating the network traffic mapping to use when parsing indicators

misp-stix v2.4.193 - Finalised the Observed Data and Observable objects Converter

[v2.4.193] - 2024-06-06

Included in this release

• The Observed Data & Observable objects Converter is now finalised as a separate converter and the branch containing the changes is now merged
  • Including some major improvement on the Observable objects conversion to MISP, such as:
    • standalone Observable objects are now correctly parsed
    • long lists of Observables referenced by - or containing in - a single Observed Data object, with no specific meaning are now correctly handled and parsed as separate objects even though they are now strictly respecting the Observable objects format specification
  • Observable objects mapping improved

Add

• [tests] Tests for Email Message objects - and references - import from STIX 2.x
• [stix2 import] Updated the STIX 2.x Email objects mappings
• [stix2 import] Added organisation_uuid argument to use to generate the custom clusters UUID
• [tests] Tests for Autonomous System observable objects with observed data import from STIX 2.x
• [stix2 import] Parsing Observed Data with Autonomous System observable objects from converters

Chg

• [poetry] Bumped latest version in lock file
• [poetry] Updated version
• [tests] Updated tests for domain-ip objects import from STIX 2.1 to cover specific cases with UUIDs handling
• [stix2 import] Adding source information to the custom Galaxy Clusters imported from STIX 2.x objects
• [stix2 import] Using the file observable references parsing method to convert v2.0 observable objects
• [stix2 import] Making the network-traffic objects parsing more generic
• [stix2 import] Simplify loading JSON files
• [stix2 import] Added generic conversion methods for observable objects associated to observed data objects imported as MISP objects
• [tests] Deduplicating existing tests for external directory observable objects

Fix

• [stix2 import] Making Python 3.8 & 3.9 happy with the typing
• [stix2 import] Post Observed Data Converter merge clean up and reassembling
• [stix2 import] Merged missing conflicts
• [stix2 import] Fixed UUID handling for email object attributes parsed from email-message references
• [stix2 import] Fixed domain-ip objects UUID handling
• [stix2 import] Handling domains resolving other domains with object references
• [stix2 import] Removed unnecessary intermediary method
• [stix2 import] Avoiding domain-name observable objects to be skipped because they're referenced by another domain-name object
• [stix2 import] Fixed domain-ip attributes UUIDs handling
• [stix2 import] Fixed domain-ip object attributes handling as _sanitise_attribute_uuid already returns a dict with the uuid key included
• [stix2 import] Fixed _observable variable name
• [stix2 import] Protocols error message made clearer
• [tests] Better UUID tests for objects imported from STIX 2.x Network Traffic Observable objects
• [stix2 import] Better internal http-request objects import from Observable objects
• [stix2 import] Better handling of attributes uuid for values converted from internal Network Traffic Observable objects
• [stix2 import] Fixing the internal STIX2 Network Traffic Observable objects and references IDs handling
• [stix2 import] Fixed Network Traffic Observable objects from internal STIX 2.x content parsing
• [stix2 import] Fixed STIX 2.0 Network Traffic Observable objects parsing
• [stix2 import] Added missing protocol_attribute property in STIX2Mapping parent class
• [stix2 import] Better handling of internal Galaxy & Cluster description
• [stix2 import] Updated Network Traffic observables objects mapping to MISP objects
• [stix2 import] Importing Network Traffic observable objects referenced by external Observed Data objects with the network-traffic generic MISP object template
• [stix2 import] Fixed email message objects parsing
• [stix2 import] Invalid typehint
• [stix2 import] Avoid running git process
• [stix2 import] No longer require to exclude patterns with 'AND' and 'OR'
• [stix2 import] Avoiding issues introduced since we updated the observables fetching method
• [stix2 import] Avoiding issues with the internal STIX 2.1 Autonomous System observable objects fetching method
• [stix2 import] Making the multiple observables fetching method available to both internal and external STIX 2 Observed Data object converters
• [stix2 import] Avoiding issues with ssdeep hash type in STIX 2.0 external content
• [stix2 import] Updated pe object mapping with the compilation-timestamp attribute
• [stix2 import] Better STIX 2.0 windows-pebinary-ext within File observable object handling
• [stix2 import] MISP object references handling method name
• [stix2 import] Error exceptions handling method name
• [stix2 import] Fixed the MISP object reference duplicates checking
• [stix2 import] Deduplication of MISP object references
• [stix2 import] Fixed File PE extension parsing method name to avoid confusion with the generic method used then from the observable objects converter class
• [stix2 import] Avoiding issues with observables references, by keeping track of each reference within a single STIX 2.0 observed data objects list
• [stix2 import] Returning MISPAttributes in some generic observable objects conversion methods
• [stix2 import] Fixed wrong variable name for a MISP object meta fields check
• [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the organisation_uuid argument
• [stix2 import] Setting single_event when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods
• [stix2 import] Fixed the case with multiple events as result
• [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used
• [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references
• [stix2 import] Fixed MISP Sightings handling
• [stix2 import] Removed unused import
• [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle
• [stix2 import] Removed unsued import & added missing blank lines to make pep8 happy
• [stix2 import] Added the missing sorting statement for observable objects types passed to match mapping
• [stix2 import] Clearer observable objects mapping handling in the observed data conversion methods
• [stix2 import] Reusing the STIX 2.1 observable objects fetching method
• [stix2 import] Setting MISP objects timestamp with the datetime value instead of an int
• [stix2 import] Fixed AttributeError with method from parent conversion class
• [tests] Passing observable ids instead of objects themselves for some tests that only need to know about ids
• [tests] Testing MISP Object comment when its uuid is v5
• [stix2 import] Added observed data id as comment for misp objects converted from STIX 2.0 when it has a v5 uuid
• [stix2 import] Some typings fixed
• [stix2 import] Quick reordering to allow more reusability
• [stix2 import] Avoiding issues with marking definitions referenced but not present in a file
• [stix2 import] Better tags from indicators parsing & simplified the tags handling method
• [stix2 import] Some methods deduplication between main parser & converters
• [stix2 import] Yield syntax
• [stix2 import] Copy-paste typo
• [tests] Quick fix on the created or created_time field from a process observable object
• [stix2 import] Avoid future potential issues with object names in generic conversion methods
• [stix2 import] Quick fix in the Process observable objects associated with Observed Data objects conversion method
• [stix2 import] Utilising the newly added environment-variables attribute to properly import the environment variables & arguments of a STIX 2.x process object
• [stix2 import] Updated typings
• [stix2 import] Typo on the generic observable object parsing method to call
• [stix2 import] Deduplication in the STIX 2.1 Directory objects parsing
• [stix2 import] Removed duplicated MISP Attribute dict creation methods
• [stix2 import] Better handling of generic observable object parsers
• [stix2 import] Quick clean-up on some observed data method arguments
• [stix2 import] Fixed Observable objects types mapping
• [stix2 import] Better overall UUID sanitation & comments handling for MISP attributes creation
• [tests] Removed spec_version fields in STIX 2.0 samples
• [stix2 import] Properly calling the UUID sanitation method
• [stix2 import] Removing unused variable in marking definitions parsing
• [stix2 import] Fixed directory observable objects parsing method header
• [tests] Added missing tests for directory path attribute types
• [stix2 import] Reuse of the method parsing Directory observable objects with an id field
• [stix2 import] Using the AS value parsing method for an AS value that was missing it
• [stix2 import] Fixed directory mapping
• [stix2 import] Quick pep8 clean-up
• [stix2 import] Fixed the converters composition
• [tests] A tiny clarification change
• [stix2 import] Observable objects fetcher moved to the parent class as it will be reused for internal & external conversion
• [stix2 import] Quick syntax fix

Wip

• [tests] Tests for domain-ip objects import from external STIX 2.x
• [tests] Tests for Network Traffic Observable objects imported from external STIX 2 bundles as network-traffic objects
• [stix2 import] Better conversion of Network Traffic references observable objects
• [stix2 import] Parsing Network Traffic Observable objects referenced in Observed Data from the Observed Data Converter
• [stix2 import] Parsing EmailMessage observable objects from Observed Data converter
• [stix2 import] Reusing EmailMessage observable parsing method
• [stix2 import] Parsing DomainName ...

misp-stix v2.4.188 - Supporting the ACS markings

v2.4.188 - 2024-03-21

Included in this release:

• Support of the ACS markings
  • Conversion of the Marking Definition object to a custom Galaxy Cluster, with an extraction and flattening of the complete ACS extension definition into the Cluster meta field
  • Extraction of a set of fields and values as Tags to provide a way to search existing MISP Events and Attributes based on those tags

Chg

• [poetry] Bumped lock file with latest versions
• [package] Bumping new version

Fix

• [stix2 import] Centralised the cluster creation in one single place and added the meta parsing as galaxy elements statement
• [stix2 import] Storing the galaxy args
• [stix2 import] Using the _add_misp_object helper that already handles tags and other stuff related to a MISP object and its attributes
• [stix2 import] Added missing collection_uuid value to the ACS marking clusters
• [stix2 import] Some typing and pycodestyle issues fixed
• [stix2 import] Fixed ACS marking parsing
• [stix2 import] Fixed variable assignment typo & storing of the acs marking clusters raising issues

Wip

• [stix2 import] Adding a set of tags alongside with the Galaxy Clusters converted from ACS markings
• [stix2 import] Attaching ACS markings as galaxies to the referenred data layer (attribute or event)
• [stix2 import] First shot of an ACS marking parsing method
• [stix2 import] Preparing for an update on marking definitions parsing

misp-stix v2.4.186 - STIX 2.x import to MISP improved

v2.4.186 - 2024-02-27

Add

• [stix2 import] Added organisation_uuid argument to use to generate the custom clusters UUID

Chg

• [package, poetry] New version
• [poetry] Bumped latest versions

Fix

• [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the organisation_uuid argument
• [stix2 import] Avoiding issues with Marking Definition objects that are parsed and handle directly when they're loaded
• [stix2 import] Setting single_event when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods
• [stix2 import] Fixed the case with multiple events as result
• [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used
• [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references
• [stix2 import] Fixed MISP Sightings handling
• [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle

misp-stix v2.4.185 - Some mapping fixed, and better handling of the object references when the referenced object is not provided

v2.4.185 - 2024-02-16

Chg

• [poetry] Bumped latest dependencies versions
• [poetry, package] Set latest version

Fix

• [stix2 import] Yield syntax
• [stix2 import] Fixed Observable objects types mapping
• [stix2 import] Removing unused variable in marking definitions parsing
• [stix2 import] Using the AS value parsing method for an AS value that was missing it
• [stix2 import] Fixed directory mapping
• [stix2 import] Fixed the converters composition
• [stix2 import] Avoiding issues with marking definitions referenced but not present in a file

misp-stix v2.4.183 - Various import features fixed and improved

v2.4.183 - 2024-01-04

Add

• [stix2 import] Handling clusters sharing group id for content converter from external STIX 2.x
• [stix2 import] Added cluster distribution argument to the external STIX 2 to MISP parser
• [tests] Tests for internal STIX 2.x content with custom labels

Chg

• [poetry] Bumped latest deps versions and lock file
• [stix2 import] Handling external ids and synonyms from STIX 2.x objects imported as MISP Galaxy Clusters
• [poetry] Updated pyproject & bumped lock file
• [tests] Updated STIX 2.x internal samples to match the recent changes on STIX 2.x export capacity
• [poetry] Bumped latest dependencies and versions

Fix

• [stix2 import] Separating the synonyms and external ids handling
• [stix2 import] Added missing imports for Observed Data Converters
• [tests] Fixed tests for galaxy and their clusters following recent changes on the synonyms and external ids handling
• [requirements] Updated the requirements list with no specific version
• [tests] Fixed tests to avoid issues with aliases
• [stix2 export] Fixed meta fields parsing for STIX objects having meta fields mapping
• [stix2 export] Fixed the external references parsing from Clusters meta fields
• [tests] Aligning test sample on tags with the tag name of the recently changed attack pattern cluster sample to keep testing the non duplication of the tag name with tags
• [tests] Aligning test sample on tags with the tag name of the recently changed attack pattern cluster sample to keep testing the non duplication of the tag name with tags
• [tests] Making the automated documentation generation specific to the related test Classes instead of making it run for each testing class tear down
• [documentation] Fixed and regenerated documentation for Galaxy Clusters export to STIX 2.x
• [documentation] Fixed and regenerated galaxies export documentation
• [documentation] Regenerated documentation
• [documentation] Changes in galaxies documentation, based on the cluster name changes
• [tests] Fixed tests on cluster values
• [stix2 export] Removing external id from all Galaxy Cluster value
• [tests] Making the automated documentation generation specific to the related test Classes instead of making it run for each testing class tear down
• [documentation] Fixed and regenerated documentation for Galaxy Clusters export to STIX 2.x
• [documentation] Fixed and regenerated galaxies export documentation
• [documentation] Regenerated documentation
• [documentation] Changes in galaxies documentation, based on the cluster name changes
• [tests] Fixed tests on cluster values
• [stix2 export] Removing external id from all Galaxy Cluster value
• [tests] Quick code style clean-up
• [stix2 import] Quick clean-up
• [stix2 import] Added missing cluster distribution argument
• [stix2 import] Fixed issues with protocols and references from network traffic observable objects
• [stix2 import] Cleaned up the unused parsing methods for internal STIX 2.x content, as they've been moved to the converters
• [stix2 import] Avoiding issues with custom labels
• [stix2 import] Some clean-up and better 'observable object id VS observed data id' handling
• [stix2 import] Making the user account extension mapping name compliant with the generic observable objects parsing method
• [tests] Fixed tests following recent changes including the observed data objects conversion, as well as some better UUID handling
• [stix2 import] Fixed generic & user-account observables conversion
• [stix2 import] Fixed domain-ip objects import from internal STIX 2.x
• [stix2 import] Fixing a few tiny issues
• [stix2 import] Fixed a few typo in variable names and indentation issues
• [stix2 import] Added missing argument for email references observables parsing
• [stix2 import] Fixed Network Traffic references id handling

Wip

• [stix2 export] Better handling meta fields, and the synonyms in particular
• [stix2 import] Supporting TLP 2.0 Marking definition
• [stix2 import] Updated the observable objects conversion capacity to support the reusability between standalone observable objects and observable objects referenced by observed data objects
• [stix2 import] Added Observed Data objects converter
• [stix2 import] Reusing elements from mapping
• [stix2 import] Parsing PE binary extensions within File observable objects
• [stix2 import] Some clean-up

misp-stix v2.4.182 - Improvement on the import of STIX 2.x objects as Galaxy Clusters

v2.4.182 - 2023-12-14

Add

• [stix2 import] Handling clusters sharing group id for content converter from external STIX 2.x
• [stix2 import] Added cluster distribution argument to the external STIX 2 to MISP parser
• [tests] Tests for internal STIX 2.x content with custom labels
• [tests] Added a resource_level attribute to the tests for intrusion-set objects export as STIX 2.0 & 2.1
• [documentation] Regenerated documentation with the latest changes
• [documentation] Added documentation for intrusion-set objects export as STIX 2.0 & 2.1
• [tests] Added tests for intrusion-set objects export as STIX 2.0 & 2.1
• [stix2 export] Exporting intrusion-set MISP objects to STIX 2.0 & 2.1
• [documentation] Regenerated documentation with the latest changes
• [documentation] Added documentation for intrusion-set objects export as STIX 2.0 & 2.1
• [tests] Added tests for intrusion-set objects export as STIX 2.0 & 2.1
• [stix2 export] Exporting intrusion-set MISP objects to STIX 2.0 & 2.1

Chg

• [poetry, package] Bumped latest versions

Fix

• [stix2 import] Some quick clean-up
• [stix2 import] Added missing cluster distribution argument
• [stix2 import] Avoiding issue with custom labels
• [stix2 import] Avoiding issues with custom labels
• [stix2 import] Avoiding issues with custom labels
• [stix2 import] Added missing entry for identity objects in the conversion mapping
• [stix2 import] Fixed identity objects import conversion
• [stix2 import] Making sure the Location object has a region field before calling it to define a Galaxy Cluster value
• [stix2 import] Fixed Location objects conversion when it should be converted to country or region Galaxy Cluster
• [stix2 import] Fixed wrong Location object field
• [stix2 import] Removed unnecessary mapping layer
• [stix2 import] Some clean-up
• [stix2 import] The ObservedData converter is not ready yet
• [stix2 import] Added intrusion-set to the STIX 2.x objects conversion mapping to MISP
• [documentation] Updated description of STIX 2 objects exported from Galaxy clusters
• [documentation] Fixed documentation for intrusion-set objects export as STIX 2.0 & 2.1
• [tests] Removed debugging print
• [tests] A simple clean-up on a MISP event sample definition
• [stix2 import] Cleaned up unnecessary mapping
• [stix2 import] Fixed inheritance between the Observable object conversion classes

Wip

• [tests] Tests for identity objects import from STIX 2.x
• [tests] Tests for person object import from internal STIX 2.x
• [stix2 import] Converting person objects from Internal STIX 2.x Identity objects
• [stix2 import] Converting STIX 2.x Identity objects from converters
• [stix2 import] Importing MISP annotation objects from STIX 2.1 Note objects
• [stix2 import] Parsing STIX 2.x Custom objects from converters
• [stix2 import] Converting STIX 2.x Location objects from converters
• [stix2 import] Converting STIX 2.x Vulnerability objects from converters
• [stix2 import] Parsing STIX 2.x Tool objects from converters
• [stix2 import] Parsing STIX 2.x Threat Actor objects from converters
• [tests] Tests for intrusion-set object import from STIX 2.x
• [stix2 import] Converting Intrusion Set objects from the converters side
• [stix2 import] Converting Campaign objects from the converters
• [stix2 import] Converting Course of Action objects from converters & cleaned up a few no longer used parsing methods that are now supported in converters too
• [stix2 import] Using a generic STIX 2 objects parsing method

misp-stix v2.4.178 - STIX 2.x import fixed on the Observable objects parsing and Galaxy Clusters handling

v2.4.178 - 2023-11-06

Chg

• [poetry] Bumped latest python versions & library version
• [stix2 import] Split the Observable objects conversion/parsing from the Observable objects handling
• [stix2 import] Slight change on the single attributes dict creation
• [tests] Removed the galaxy description from the STIX objects description field
• [stix2 export] Using the cluster description only to generate a STIX 2 SDO description

Fix

• [stix2 import] Fixed non existing variable
• [stix2 import] Avoiding issues with standalone observable objects conversion
• [stix2 import] Added missing network-traffic observable type in the observable objects mapping
• [stix2 import] Added missing internal reference from Directory objects to the actual MISP object
• [stix2 import] Fixed some typing
• [stix2 import] Properly testing when a standalone Observable object already was converted
• [stix2 import] Added missing types for some artifact objects attributes mapping
• [tests] Fixed the different tests for cluster descriptions
• [stix2 import] Extended changes on the generic galaxy description
• [tests] Fixed the galaxies export as STIX 2 tests to include the change on the description field
• [stix2 import] Various common utility methods added or fixed
• [stix2 import] Fixed MISP Attribute add method name
• [stix2 import] Fixed file hashes mapping naming to avoid a confusion that somehow raised an issue for some reason
• [stix2 import] Added missing checking methods and made some mapping variables exclusive to the external conversion class
• [stix2 import] Uncommented try/except statement that was commented to debug errors
• [stix2 import] Mapping methods are class methods and should be called

Wip

• [stix2 import] Converting standalon X509 objects
• [stix2 import] Converting standalone URL objects to url MISP attributes
• [stix2 import] Converting Registry key standalone objects
• [stix2 import] Converting standalone Process objects and their references
• [stix2 import] Converting MACAddress & Mutex standalone observable objects as MISP Attributes
• [stix2 import] Converting UserAccount & EmailAddress objects
• [stix2 import] Converting Email Message objects and their references
• [stix2 import] Converting Directory objects, their references and File objects references
• [stix2 import] Parsing Autonomous System objects and their potential references from IP address objects
• [stix2 import] Yielding object attributes to already have a more generic way to handle the Attribute VS Object situation that happens in some cases
• [stix2 import] Supporting the full chain of standalone Domain resolving IP address(es) resovling MAC address(es)
• [stix2 import] Converting standalone IP address objects
• [stix2 import] Added kwargs to the attribute creation parameters to be able to set some attribute fields
• [stix2 import] Supporting embedded references between network traffic objects
• [stix2 import] Converting NetworkTraffic references observable objects
• [stix2 import] Added the Network Traffic conversion methods that handle the different cases, and harmonised the observable objects conversion method names
• [stix2 import] Some network-traffic observables conversion methods
• [stix2 import] Better support of references fields in email message patterns
• [stix2 import] Porting the changes on Galaxies description to the converters
• [stix2 import] Catching errors due to unknown pattern type
• [stix2 import] Using the Indicators converter from the main parser classes
• [stix2 import] Reuse, deduplication & definition of the different mappings used for indicators (& others) parsing
• [stix2 import] Parsing external pattern from the converter class
• [stix2 import] Reorganising/Reusing conversion methods
• [stix2 import] Added missing mapping common methods
• [stix2 import] Fixed patterns conversion as MISP objects
• [stix2 import] Enhancing internal STIX patterns mapping and conversion
• [stix2 import] Indicators converter

Pull Requests

• Merge pull request #51 from MISP/dev

misp-stix v2.4.177 - Opinion, Sightings & STIX 2 pattern handling fixed

v2.4.177 - 2023-09-22

Chg

• [package] New version bump
• [poetry] Updated dependencies & bumped lock file

Fix

• [stix2 import] Variable name typo
• [stix2 import] Removing the LIKE comparison operator from the list of forbidden pattern operators
• [stix2 import] STIX 2 Patterns parser cleanup
• [stix2 import] Custom opinion objects parsing method typo
• Comment typo
• [stix2 import] Custom opinion objects parsing method typo
• Comment typo
• [stix2 export] Avoiding issues with Opinion & Sighting objects having references to custom objects

Wip

• [stix2 import] Finished supporting the last multiple values in patterns
• [stix2 import] Handling more 'multiple' pattern values after IN comparison operator
• [stix2 import] Pattern values after an IN comparison operator should always be tuples
• [stix2 import] Supporting multiple IP values in pattern with an IN comparison operator
• [stix2 import] Improved more types of patterns by checking whether the values are in a list or tuple
• [stix2 import] Better pattern values parsing
• [stix2 import] Better pattern comparison operator parsing