new: [stix import] Parsing observable compositions from external STIX files

app/files/scripts/stix2misp.py

@@ -1103,12 +1103,14 @@ class ExternalStixParser(StixParser):
                             self.handle_object_case(attribute_type, attribute_value, compl_data, to_ids=True, object_uuid=uuid)
                 except AttributeError:
                     self.parse_description(indicator)
+            elif hasattr(observable, 'observable_composition') and observable.observable_composition:
+                self.parse_external_observable(observable.observable_composition.observables, to_ids=True)
         if hasattr(indicator, 'related_indicators') and indicator.related_indicators:
             for related_indicator in indicator.related_indicators:
                 self.parse_external_single_indicator(related_indicator.item)
 
     # Parse observables of an external STIX document
-    def parse_external_observable(self, observables):
+    def parse_external_observable(self, observables, to_ids=False):
         for observable in observables:
             title = observable.title
             observable_object = observable.object_
@@ -1126,7 +1128,7 @@ class ExternalStixParser(StixParser):
                 object_uuid = self.fetch_uuid(observable_object.id_)
                 if isinstance(attribute_value, (str, int)):
                     # if the returned value is a simple value, we build an attribute
-                    attribute = {'to_ids': False, 'uuid': object_uuid}
+                    attribute = {'to_ids': to_ids, 'uuid': object_uuid}
                     if hasattr(observable, 'handling') and observable.handling:
                         attribute['Tag'] = []
                         for handling in observable.handling: