Skip to content

misp-stix v2.4.178 - STIX 2.x import fixed on the Observable objects parsing and Galaxy Clusters handling
Compare
Choose a tag to compare
@chrisr3d chrisr3d released this 21 Jun 08:44
· 509 commits to main since this release
v2.4.178
9852144
This commit was signed with the committer’s verified signature.
chrisr3d Christian Studer
GPG key ID: 6BBED1B63A6D639F
Learn about vigilant mode.

v2.4.178 - 2023-11-06

Chg

  • [poetry] Bumped latest python versions & library version
  • [stix2 import] Split the Observable objects conversion/parsing from the Observable objects handling
  • [stix2 import] Slight change on the single attributes dict creation
  • [tests] Removed the galaxy description from the STIX objects description field
  • [stix2 export] Using the cluster description only to generate a STIX 2 SDO description

Fix

  • [stix2 import] Fixed non existing variable
  • [stix2 import] Avoiding issues with standalone observable objects conversion
  • [stix2 import] Added missing network-traffic observable type in the observable objects mapping
  • [stix2 import] Added missing internal reference from Directory objects to the actual MISP object
  • [stix2 import] Fixed some typing
  • [stix2 import] Properly testing when a standalone Observable object already was converted
  • [stix2 import] Added missing types for some artifact objects attributes mapping
  • [tests] Fixed the different tests for cluster descriptions
  • [stix2 import] Extended changes on the generic galaxy description
  • [tests] Fixed the galaxies export as STIX 2 tests to include the change on the description field
  • [stix2 import] Various common utility methods added or fixed
  • [stix2 import] Fixed MISP Attribute add method name
  • [stix2 import] Fixed file hashes mapping naming to avoid a confusion that somehow raised an issue for some reason
  • [stix2 import] Added missing checking methods and made some mapping variables exclusive to the external conversion class
  • [stix2 import] Uncommented try/except statement that was commented to debug errors
  • [stix2 import] Mapping methods are class methods and should be called

Wip

  • [stix2 import] Converting standalon X509 objects
  • [stix2 import] Converting standalone URL objects to url MISP attributes
  • [stix2 import] Converting Registry key standalone objects
  • [stix2 import] Converting standalone Process objects and their references
  • [stix2 import] Converting MACAddress & Mutex standalone observable objects as MISP Attributes
  • [stix2 import] Converting UserAccount & EmailAddress objects
  • [stix2 import] Converting Email Message objects and their references
  • [stix2 import] Converting Directory objects, their references and File objects references
  • [stix2 import] Parsing Autonomous System objects and their potential references from IP address objects
  • [stix2 import] Yielding object attributes to already have a more generic way to handle the Attribute VS Object situation that happens in some cases
  • [stix2 import] Supporting the full chain of standalone Domain resolving IP address(es) resovling MAC address(es)
  • [stix2 import] Converting standalone IP address objects
  • [stix2 import] Added kwargs to the attribute creation parameters to be able to set some attribute fields
  • [stix2 import] Supporting embedded references between network traffic objects
  • [stix2 import] Converting NetworkTraffic references observable objects
  • [stix2 import] Added the Network Traffic conversion methods that handle the different cases, and harmonised the observable objects conversion method names
  • [stix2 import] Some network-traffic observables conversion methods
  • [stix2 import] Better support of references fields in email message patterns
  • [stix2 import] Porting the changes on Galaxies description to the converters
  • [stix2 import] Catching errors due to unknown pattern type
  • [stix2 import] Using the Indicators converter from the main parser classes
  • [stix2 import] Reuse, deduplication & definition of the different mappings used for indicators (& others) parsing
  • [stix2 import] Parsing external pattern from the converter class
  • [stix2 import] Reorganising/Reusing conversion methods
  • [stix2 import] Added missing mapping common methods
  • [stix2 import] Fixed patterns conversion as MISP objects
  • [stix2 import] Enhancing internal STIX patterns mapping and conversion
  • [stix2 import] Indicators converter

Pull Requests

  • Merge pull request #51 from MISP/dev
Assets 2
Loading