MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [stix2 import] Making sure we do not lose the event uuid

pull/6282/head
chrisr3d 2020-09-02 15:37:27 +02:00
parent b21f9ce13b
commit e877755ae4
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/files/scripts/stix2/stix2misp.py
View File

@ -75,7 +75,7 @@ class StixParser():
except IndexError: except IndexError:
attribute_distribution = 5 attribute_distribution = 5
self._synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json' self._synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json'
self.parse_event(event.objects) self.parse_event(event)
def _load_galaxy(self, galaxy): def _load_galaxy(self, galaxy):
self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False} self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False}
@ -242,10 +242,9 @@ class StixParser():
self.galaxy[target]['used'] = True self.galaxy[target]['used'] = True
break break
def parse_report(self): def parse_report(self, event_uuid=None):
event_infos = set() event_infos = set()
if len(self.report) == 1: self.misp_event.uuid = event_uuid if event_uuid and len(self.report) > 1 else tuple(self.report.keys())[0]
self.misp_event.uuid = tuple(self.report.keys())[0]
for report in self.report.values(): for report in self.report.values():
if hasattr(report, 'name') and report.name: if hasattr(report, 'name') and report.name:
event_infos.add(report.name) event_infos.add(report.name)
@ -356,8 +355,8 @@ class StixFromMISPParser(StixParser):
self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')}) self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')})
self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name) self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name)
def parse_event(self, stix_objects): def parse_event(self, stix_event):
for stix_object in stix_objects: for stix_object in stix_event.objects:
object_type = stix_object['type'] object_type = stix_object['type']
if object_type.startswith('x-misp-object'): if object_type.startswith('x-misp-object'):
object_type = 'custom_object' object_type = 'custom_object'
@ -1184,8 +1183,8 @@ class ExternalStixParser(StixParser):
## PARSING FUNCTIONS. ## ## PARSING FUNCTIONS. ##
################################################################################ ################################################################################
def parse_event(self, stix_objects): def parse_event(self, stix_event):
for stix_object in stix_objects: for stix_object in stix_event.objects:
object_type = stix_object['type'] object_type = stix_object['type']
if object_type in self._stix2misp_mapping: if object_type in self._stix2misp_mapping:
getattr(self, self._stix2misp_mapping[object_type])(stix_object) getattr(self, self._stix2misp_mapping[object_type])(stix_object)
@ -1195,9 +1194,11 @@ class ExternalStixParser(StixParser):
self.parse_relationships() self.parse_relationships()
if self.galaxy: if self.galaxy:
self.parse_galaxies() self.parse_galaxies()
event_uuid = stix_event.id.split('--')[1]
if hasattr(self, 'report'): if hasattr(self, 'report'):
self.parse_report() self.parse_report(event_uuid=event_uuid)
else: else:
self.misp_event.uuid = event_uuid
self.misp_event.info = 'Imported with the STIX to MISP import script.' self.misp_event.info = 'Imported with the STIX to MISP import script.'
self.handle_markings() self.handle_markings()