fix: [stix2 import] Fixed description fields from STIX objects parsing as comment field for external STIX data

2022-02-14 14:15:13 +01:00 · 2022-02-14 14:15:13 +01:00 · 07d78810b5
parent 51cd06f6b7
commit 07d78810b5
1 changed files with 18 additions and 17 deletions
--- a/app/files/scripts/stix2/stix2misp.py
+++ b/app/files/scripts/stix2/stix2misp.py
@ -1933,29 +1933,28 @@ class ExternalStixParser(StixParser):

    def add_attributes_from_indicator(self, indicator, attribute_type, separator):
        patterns = self._handle_pattern(indicator.pattern).split(separator)
+        attribute = {
+            'type': attribute_type,
+            'to_ids': True
+        }
+        attribute.update(self.parse_timeline(indicator))
+        if hasattr(indicator, 'description') and indicator.description:
+            attribute['comment'] = indicator.description
        if len(patterns) == 1:
            _, value = self.get_type_and_value_from_pattern(patterns[0])
-            attribute = MISPAttribute()
-            attribute.from_dict(**{
-                'uuid': indicator.id.split('--')[1],
-                'type': attribute_type,
-                'value': value,
-                'to_ids': True
-            })
-            attribute.update(self.parse_timeline(indicator))
+            attribute.update(
+                {
+                    'uuid': indicator.id.split('--')[1],
+                    'value': value,
+                }
+            )
            self.misp_event.add_attribute(**attribute)
        else:
-            tmp_attribute = self.parse_timeline(indicator)
            for pattern in patterns:
                _, value = self.get_type_and_value_from_pattern(pattern)
-                attribute = MISPAttribute()
-                attribute.from_dict(**{
-                    'type': attribute_type,
-                    'value': value,
-                    'to_ids': True
-                })
-                attribute.update(tmp_attribute)
-                self.misp_event.add_attribute(**attribute)
+                misp_attribute = {'value': value}
+                misp_attribute.update(attribute)
+                self.misp_event.add_attribute(**misp_attribute)

    def add_attributes_from_observable(self, observable, attribute_type, feature):
        if len(observable.objects) == 1:
@ -2026,6 +2025,8 @@ class ExternalStixParser(StixParser):
                    attribute['to_ids'] = True
                if hasattr(stix_object, 'object_marking_refs'):
                    self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs)
+                if hasattr(stix_object, 'description') and stix_object.description:
+                    attribute['comment'] = stix_object.description
                self.misp_event.add_attribute(**attribute)
        except IndexError:
            object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects'