Merge branch 'dev' of github.com:MISP/misp-stix

MISP · Jun 6, 2024 · 7ea040a · 7ea040a
2 parents b2faea3 + 73c4e00
commit 7ea040a
Show file tree

Hide file tree

Showing 20 changed files with 8,649 additions and 2,310 deletions.
diff --git a/misp_stix_converter/misp_stix_converter.py b/misp_stix_converter/misp_stix_converter.py
@@ -3,7 +3,6 @@
 
 import json
 import os
-import re
 import sys
 from .misp2stix.framing import (
     _stix1_attributes_framing, _stix1_framing, _handle_namespaces,
@@ -713,11 +712,13 @@ def _from_misp(stix_objects):
             return True
     return False
 
+
 def _get_stix2_parser(from_misp: bool, *args: tuple) -> tuple:
     if from_misp:
         return InternalSTIX2toMISPParser, args[:-3]
     return ExternalSTIX2toMISPParser, args
 
+
 def _load_stix_event(filename, tries=0):
     try:
         return STIXPackage.from_xml(filename)
@@ -1079,4 +1080,4 @@ def _generate_traceback(debug: bool, parser, *output_names: List[Path]) -> dict:
             if brol:
                 traceback[feature] = brol
     traceback['results'] = list(output_names)
-    return traceback
+    return traceback
diff --git a/misp_stix_converter/stix2misp/converters/__init__.py b/misp_stix_converter/stix2misp/converters/__init__.py
@@ -21,7 +21,7 @@
 from .stix2_note_converter import STIX2NoteConverter  # noqa
 from .stix2_observable_objects_converter import STIX2ObservableObjectConverter  # noqa
 from .stix2_observed_data_converter import (  # noqa
-    InternalSTIX2ObservedDataConverter)
+    ExternalSTIX2ObservedDataConverter, InternalSTIX2ObservedDataConverter)
 from .stix2_threat_actor_converter import(  # noqa
     ExternalSTIX2ThreatActorConverter, InternalSTIX2ThreatActorConverter)
 from .stix2_tool_converter import (  # noqa

diff --git a/misp_stix_converter/stix2misp/converters/stix2_indicator_converter.py b/misp_stix_converter/stix2misp/converters/stix2_indicator_converter.py
@@ -937,7 +937,9 @@ def _parse_sigma_pattern(self, indicator: Indicator):
                 misp_object = self._create_misp_object('sigma', indicator)
                 if hasattr(indicator, 'object_marking_refs'):
                     tags = tuple(
-                        self._parse_markings(indicator.object_marking_refs)
+                        self.main_parser._handle_tags_from_stix_fields(
+                            indicator
+                        )
                     )
                     for attribute in attributes:
                         misp_attribute = misp_object.add_attribute(**attribute)

diff --git a/misp_stix_converter/stix2misp/converters/stix2_observable_converter.py b/misp_stix_converter/stix2misp/converters/stix2_observable_converter.py
diff --git a/misp_stix_converter/stix2misp/converters/stix2_observable_objects_converter.py b/misp_stix_converter/stix2misp/converters/stix2_observable_objects_converter.py