PyMISP/pymisp/tools/stix.py

36 lines
1.3 KiB
Python
Raw Normal View History

2016-10-27 22:25:17 +02:00
# -*- coding: utf-8 -*-
try:
2020-01-23 10:27:40 +01:00
from misp_stix_converter.converters.buildMISPAttribute import buildEvent # type: ignore
from misp_stix_converter.converters import convert # type: ignore
from misp_stix_converter.converters.convert import MISPtoSTIX # type: ignore
2016-10-27 22:25:17 +02:00
has_misp_stix_converter = True
except ImportError:
has_misp_stix_converter = False
2020-01-23 10:27:40 +01:00
def load_stix(stix, distribution: int=3, threat_level_id: int=2, analysis: int=0):
2016-10-27 22:25:17 +02:00
'''Returns a MISPEvent object from a STIX package'''
if not has_misp_stix_converter:
2016-11-16 16:35:06 +01:00
raise Exception('You need to install misp_stix_converter: pip install git+https://github.com/MISP/MISP-STIX-Converter.git')
stix = convert.load_stix(stix)
2016-10-27 22:25:17 +02:00
return buildEvent(stix, distribution=distribution,
threat_level_id=threat_level_id, analysis=analysis)
2020-01-23 10:27:40 +01:00
def make_stix_package(misp_event, to_json: bool=False, to_xml: bool=False):
2016-10-27 22:25:17 +02:00
'''Returns a STIXPackage from a MISPEvent.
Optionally can return the package in json or xml.
'''
if not has_misp_stix_converter:
2016-11-16 16:35:06 +01:00
raise Exception('You need to install misp_stix_converter: pip install git+https://github.com/MISP/MISP-STIX-Converter.git')
2016-10-27 22:25:17 +02:00
package = MISPtoSTIX(misp_event)
if to_json:
return package.to_json()
elif to_xml:
return package.to_xml()
else:
return package