From 6950db8eb6f1cafa3ed25c8e39156f58ef4b2c60 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Fri, 24 Apr 2020 13:10:30 -0400 Subject: [PATCH 01/10] Stix2 importer naming change. --- app/files/scripts/stix2/stix2misp.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index f3ab86084..322e08290 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -130,12 +130,17 @@ class StixParser(): def build_from_STIX_with_report(self): report_attributes = defaultdict(set) + report_attributes['name'] = None + for ruuid, report in self.report.items(): try: report_attributes['orgs'].add(report.created_by_ref.split('--')[1]) except AttributeError: pass - report_attributes['name'].add(report.name) + + if report_attributes['name'] is None: + report_attributes['name'] = report.name + if report.get('published'): report_attributes['published'].add(report.published) if 'labels' in report: @@ -155,10 +160,14 @@ class StixParser(): self.misp_event['Org'] = {'name': identity['name']} if len(report_attributes['published']) == 1: self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) - if len(report_attributes['name']) == 1: - self.misp_event.info = report_attributes['name'].pop() + + if report_attributes['name'] is None: + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, + os.path.basename( + self.filename)) else: - self.misp_event.info = "Imported with MISP import script for {}.".format(self.stix_version) + self.misp_event.info = report_attributes['name'] + for l in report_attributes['labels']: self.misp_event.add_tag(l) From 84bdfbc8d6a3a320f9b25f9393063a2043d483e5 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Fri, 24 Apr 2020 13:13:55 -0400 Subject: [PATCH 02/10] Preserve report order. --- app/files/scripts/stix2/stix2misp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 322e08290..980b59ad3 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -24,7 +24,7 @@ import io import re import stix2 from stix2misp_mapping import * -from collections import defaultdict +from collections import defaultdict, OrderedDict _MISP_dir = "/".join([p for p in os.path.dirname(os.path.realpath(__file__)).split('/')[:-4]]) _PyMISP_dir = '{_MISP_dir}/PyMISP'.format(_MISP_dir=_MISP_dir) @@ -107,7 +107,7 @@ class StixParser(): try: self.report[parsed_object['id'].split('--')[1]] = parsed_object except AttributeError: - self.report = {parsed_object['id'].split('--')[1]: parsed_object} + self.report = OrderedDict({parsed_object['id'].split('--')[1]: parsed_object}) def _load_usual_object(self, parsed_object): self.event[parsed_object._type][parsed_object['id'].split('--')[1]] = parsed_object From 40077e9ea75cb07c8fe820dcb67fb97a414c9d68 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:09:25 -0400 Subject: [PATCH 03/10] Simplification for code complexity reqs. --- PyMISP | 2 +- app/Lib/cakephp | 2 +- app/files/misp-galaxy | 2 +- app/files/misp-objects | 2 +- app/files/scripts/stix2/stix2misp.py | 8 +++++--- app/files/taxonomies | 2 +- app/files/warninglists | 2 +- cti-python-stix2 | 2 +- 8 files changed, 12 insertions(+), 10 deletions(-) diff --git a/PyMISP b/PyMISP index 0faa75824..64d7c9a24 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 0faa75824f4dbac2b14919bb17e9d0fef79026d7 +Subproject commit 64d7c9a24ad9d3a7ccc1b96fb643c235d2b9e02e diff --git a/app/Lib/cakephp b/app/Lib/cakephp index 5ccb12354..d2e1681eb 160000 --- a/app/Lib/cakephp +++ b/app/Lib/cakephp @@ -1 +1 @@ -Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3 +Subproject commit d2e1681eb8ec75e6c2819fa113834843fed6995a diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index c7104e881..e37f320df 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit c7104e8819d6b789b24a45655aa28625a8c4c346 +Subproject commit e37f320df5a6ba4d9c67662a3670b160e9941bcf diff --git a/app/files/misp-objects b/app/files/misp-objects index 3b5451c32..7ef9a2ba5 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 3b5451c32518da3e29c575e868d245f27c18dcf4 +Subproject commit 7ef9a2ba56efc6553a720d6df27c9ee547e24242 diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 980b59ad3..b2f1a7908 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,6 +128,10 @@ class StixParser(): except PyMISPInvalidFormat: continue + @property + def basename(self): + return os.path.basename(self.filename) + def build_from_STIX_with_report(self): report_attributes = defaultdict(set) report_attributes['name'] = None @@ -162,9 +166,7 @@ class StixParser(): self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) if report_attributes['name'] is None: - self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, - os.path.basename( - self.filename)) + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, self.basename) else: self.misp_event.info = report_attributes['name'] diff --git a/app/files/taxonomies b/app/files/taxonomies index 8c4e2a8e8..0edcb08fa 160000 --- a/app/files/taxonomies +++ b/app/files/taxonomies @@ -1 +1 @@ -Subproject commit 8c4e2a8e8b4d3ec287c43dcae129123fcde8cb2f +Subproject commit 0edcb08fa618f15b51a2bbf0eae6b89c5f603ded diff --git a/app/files/warninglists b/app/files/warninglists index 28687d90d..192d11272 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit 28687d90d575332776480cd5d683361e7485033c +Subproject commit 192d112728f3cab83570a0ad4f6f296e073cf738 diff --git a/cti-python-stix2 b/cti-python-stix2 index e4f08557e..77ca5ae2f 160000 --- a/cti-python-stix2 +++ b/cti-python-stix2 @@ -1 +1 @@ -Subproject commit e4f08557ec93c589a71a6e4060134661f1c4b2c0 +Subproject commit 77ca5ae2f9742652cd90a53f1b83308a8343f2cc From 238a6adeffd1e05e502137e8181e05da11d68034 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:14:29 -0400 Subject: [PATCH 04/10] Moved info assignment to method. --- app/files/scripts/stix2/stix2misp.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index b2f1a7908..8e7cd9609 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,9 +128,11 @@ class StixParser(): except PyMISPInvalidFormat: continue - @property - def basename(self): - return os.path.basename(self.filename) + def _set_info_from_report(report_attributes): + if report_attributes['name'] is None: + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, os.path.basename(self.filename)) + else: + self.misp_event.info = report_attributes['name'] def build_from_STIX_with_report(self): report_attributes = defaultdict(set) @@ -141,10 +143,8 @@ class StixParser(): report_attributes['orgs'].add(report.created_by_ref.split('--')[1]) except AttributeError: pass - if report_attributes['name'] is None: report_attributes['name'] = report.name - if report.get('published'): report_attributes['published'].add(report.published) if 'labels' in report: @@ -164,12 +164,7 @@ class StixParser(): self.misp_event['Org'] = {'name': identity['name']} if len(report_attributes['published']) == 1: self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) - - if report_attributes['name'] is None: - self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, self.basename) - else: - self.misp_event.info = report_attributes['name'] - + self._set_info_from_report(report_attributes) for l in report_attributes['labels']: self.misp_event.add_tag(l) From 80d80162b4a77b56723a6abb3660a1719f2152cd Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:28:38 -0400 Subject: [PATCH 05/10] Fixes missing self argument bug. --- app/files/scripts/stix2/stix2misp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 8e7cd9609..41dfa72ad 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,7 +128,7 @@ class StixParser(): except PyMISPInvalidFormat: continue - def _set_info_from_report(report_attributes): + def _set_info_from_report(self, report_attributes): if report_attributes['name'] is None: self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, os.path.basename(self.filename)) else: From 10cf9e296db10f461ed3fd1a6879ba3d357b6d34 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Fri, 24 Apr 2020 13:10:30 -0400 Subject: [PATCH 06/10] Stix2 importer naming change. --- app/files/scripts/stix2/stix2misp.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index f3ab86084..322e08290 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -130,12 +130,17 @@ class StixParser(): def build_from_STIX_with_report(self): report_attributes = defaultdict(set) + report_attributes['name'] = None + for ruuid, report in self.report.items(): try: report_attributes['orgs'].add(report.created_by_ref.split('--')[1]) except AttributeError: pass - report_attributes['name'].add(report.name) + + if report_attributes['name'] is None: + report_attributes['name'] = report.name + if report.get('published'): report_attributes['published'].add(report.published) if 'labels' in report: @@ -155,10 +160,14 @@ class StixParser(): self.misp_event['Org'] = {'name': identity['name']} if len(report_attributes['published']) == 1: self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) - if len(report_attributes['name']) == 1: - self.misp_event.info = report_attributes['name'].pop() + + if report_attributes['name'] is None: + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, + os.path.basename( + self.filename)) else: - self.misp_event.info = "Imported with MISP import script for {}.".format(self.stix_version) + self.misp_event.info = report_attributes['name'] + for l in report_attributes['labels']: self.misp_event.add_tag(l) From 9fcc9f91bb751f6cc785b23fa7946190812b6c07 Mon Sep 17 00:00:00 2001 From: kscheetz Date: Fri, 24 Apr 2020 13:13:55 -0400 Subject: [PATCH 07/10] Preserve report order. --- app/files/scripts/stix2/stix2misp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 322e08290..980b59ad3 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -24,7 +24,7 @@ import io import re import stix2 from stix2misp_mapping import * -from collections import defaultdict +from collections import defaultdict, OrderedDict _MISP_dir = "/".join([p for p in os.path.dirname(os.path.realpath(__file__)).split('/')[:-4]]) _PyMISP_dir = '{_MISP_dir}/PyMISP'.format(_MISP_dir=_MISP_dir) @@ -107,7 +107,7 @@ class StixParser(): try: self.report[parsed_object['id'].split('--')[1]] = parsed_object except AttributeError: - self.report = {parsed_object['id'].split('--')[1]: parsed_object} + self.report = OrderedDict({parsed_object['id'].split('--')[1]: parsed_object}) def _load_usual_object(self, parsed_object): self.event[parsed_object._type][parsed_object['id'].split('--')[1]] = parsed_object From 631800b80e44c85dc6d5fce710346720294e399a Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:09:25 -0400 Subject: [PATCH 08/10] Simplification for code complexity reqs. --- PyMISP | 2 +- app/Lib/cakephp | 2 +- app/files/misp-galaxy | 2 +- app/files/misp-objects | 2 +- app/files/scripts/stix2/stix2misp.py | 8 +++++--- app/files/taxonomies | 2 +- app/files/warninglists | 2 +- cti-python-stix2 | 2 +- 8 files changed, 12 insertions(+), 10 deletions(-) diff --git a/PyMISP b/PyMISP index 0faa75824..64d7c9a24 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 0faa75824f4dbac2b14919bb17e9d0fef79026d7 +Subproject commit 64d7c9a24ad9d3a7ccc1b96fb643c235d2b9e02e diff --git a/app/Lib/cakephp b/app/Lib/cakephp index 5ccb12354..d2e1681eb 160000 --- a/app/Lib/cakephp +++ b/app/Lib/cakephp @@ -1 +1 @@ -Subproject commit 5ccb12354dfc08ca1b3e0a430e8668bf1610b5d3 +Subproject commit d2e1681eb8ec75e6c2819fa113834843fed6995a diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index c7104e881..e37f320df 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit c7104e8819d6b789b24a45655aa28625a8c4c346 +Subproject commit e37f320df5a6ba4d9c67662a3670b160e9941bcf diff --git a/app/files/misp-objects b/app/files/misp-objects index 3b5451c32..7ef9a2ba5 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 3b5451c32518da3e29c575e868d245f27c18dcf4 +Subproject commit 7ef9a2ba56efc6553a720d6df27c9ee547e24242 diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 980b59ad3..b2f1a7908 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,6 +128,10 @@ class StixParser(): except PyMISPInvalidFormat: continue + @property + def basename(self): + return os.path.basename(self.filename) + def build_from_STIX_with_report(self): report_attributes = defaultdict(set) report_attributes['name'] = None @@ -162,9 +166,7 @@ class StixParser(): self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) if report_attributes['name'] is None: - self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, - os.path.basename( - self.filename)) + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, self.basename) else: self.misp_event.info = report_attributes['name'] diff --git a/app/files/taxonomies b/app/files/taxonomies index 8c4e2a8e8..0edcb08fa 160000 --- a/app/files/taxonomies +++ b/app/files/taxonomies @@ -1 +1 @@ -Subproject commit 8c4e2a8e8b4d3ec287c43dcae129123fcde8cb2f +Subproject commit 0edcb08fa618f15b51a2bbf0eae6b89c5f603ded diff --git a/app/files/warninglists b/app/files/warninglists index 28687d90d..192d11272 160000 --- a/app/files/warninglists +++ b/app/files/warninglists @@ -1 +1 @@ -Subproject commit 28687d90d575332776480cd5d683361e7485033c +Subproject commit 192d112728f3cab83570a0ad4f6f296e073cf738 diff --git a/cti-python-stix2 b/cti-python-stix2 index e4f08557e..77ca5ae2f 160000 --- a/cti-python-stix2 +++ b/cti-python-stix2 @@ -1 +1 @@ -Subproject commit e4f08557ec93c589a71a6e4060134661f1c4b2c0 +Subproject commit 77ca5ae2f9742652cd90a53f1b83308a8343f2cc From b1124f23d19a539dab0bdddbc076d91a8ffce17e Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:14:29 -0400 Subject: [PATCH 09/10] Moved info assignment to method. --- app/files/scripts/stix2/stix2misp.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index b2f1a7908..8e7cd9609 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,9 +128,11 @@ class StixParser(): except PyMISPInvalidFormat: continue - @property - def basename(self): - return os.path.basename(self.filename) + def _set_info_from_report(report_attributes): + if report_attributes['name'] is None: + self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, os.path.basename(self.filename)) + else: + self.misp_event.info = report_attributes['name'] def build_from_STIX_with_report(self): report_attributes = defaultdict(set) @@ -141,10 +143,8 @@ class StixParser(): report_attributes['orgs'].add(report.created_by_ref.split('--')[1]) except AttributeError: pass - if report_attributes['name'] is None: report_attributes['name'] = report.name - if report.get('published'): report_attributes['published'].add(report.published) if 'labels' in report: @@ -164,12 +164,7 @@ class StixParser(): self.misp_event['Org'] = {'name': identity['name']} if len(report_attributes['published']) == 1: self.misp_event.publish_timestamp = self.getTimestampfromDate(report_attributes['published'].pop()) - - if report_attributes['name'] is None: - self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, self.basename) - else: - self.misp_event.info = report_attributes['name'] - + self._set_info_from_report(report_attributes) for l in report_attributes['labels']: self.misp_event.add_tag(l) From e381621a39f7b7817d06f75e56e4c4379862c07c Mon Sep 17 00:00:00 2001 From: kscheetz Date: Tue, 28 Apr 2020 10:28:38 -0400 Subject: [PATCH 10/10] Fixes missing self argument bug. --- app/files/scripts/stix2/stix2misp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/scripts/stix2/stix2misp.py b/app/files/scripts/stix2/stix2misp.py index 8e7cd9609..41dfa72ad 100644 --- a/app/files/scripts/stix2/stix2misp.py +++ b/app/files/scripts/stix2/stix2misp.py @@ -128,7 +128,7 @@ class StixParser(): except PyMISPInvalidFormat: continue - def _set_info_from_report(report_attributes): + def _set_info_from_report(self, report_attributes): if report_attributes['name'] is None: self.misp_event.info = "Imported with MISP import script for {} from {}.".format(self.stix_version, os.path.basename(self.filename)) else: