Description
This is just terrific and can't believe @FloatingGhost got this to work(comments are worth reading)
At the moment I'm just concerned with getting some type of 'referencing' information with the event back into MISP.
For whatever reason it doesn't pick up the header or title and just uses STIX_File.xml and
event info = STIX Import
but there's definitely a
<stix:STIX_Header>
<stix:Package_Intent
and a
<stixCommon:Identity>
<stixCommon:Name
and I thought that was what this was doing --
if isinstance(stix, str) and "\n" not in stix:
# It's probably just a filename
filename = stix
elif hasattr(stix, "name"):
# Steal this one!
filename = stix.name
elif hasattr(stixPackage, "stix_header"):
# Well it has a header, maybe we can steal it
if stixPackage.stix_header:
if stixPackage.stix_header.title not in ["", None]:
filename = stixPackage.stix_header.title + ".xml"
I swear it used to grab that information and add it to the event.
I don't know if there's any suggestions you can give AND sorry if I haven't given any good 'examples' in here, I'm not sure what I'm allowed to copy and paste.
Thank you for your work on this!
=========================================================
Also, in case anyone else looks for this, I did get it to start tagging by modifying convert.py
if misp_event.attributes:
log.debug("Attributes exist. Pushing...")
if mispAPI:
response = mispAPI.add_event(
json.dumps(misp_event, cls=MISPEncode))
event_id = response['Event']['id']
event = mispAPI.get_event(event_id)
uuid = response['Event']['uuid']
mispAPI.tag(uuid,"TAG_Taxii")
if response.get('errors'):
raise Exception("PACKAGE: {}\nERROR: {}".format(
json.dumps(misp_event, cls=MISPEncode),
response.get('errors')))
return response
else:
return True