Skip to content

indicator:Confidence missing after importing STIX1.1.1/2.0 files into MISP #42

New issue
New issue
Open
Open
indicator:Confidence missing after importing STIX1.1.1/2.0 files into MISP#42
@Wajihulhassan

Description

@Wajihulhassan
Wajihulhassan
opened on Sep 14, 2021

Hello,

I am currently using MISP v2.4.148. I exported STIX files (both 1.1.1 and 2.0 versions) from Anomali TI and then successfully imported those STIX files inside the MISP instance using Import STIX feature. However, there is one issue: every indicator present in the STIX file has a "Confidence" value (indicator:Confidence), but that value is ignored/dropped by MISP during the import process.

Is there any solution to this problem? I really need that confidence value associated with each imported indicator inside the MISP. I am posting one example below for you to look at:

<stix:Indicators>
        <stix:Indicator id="threatstream:indicator-XXXXXX" timestamp="2021-09-12T18:13:40.701650+00:00" xsi:type='indicator:IndicatorType'>
            <indicator:Title>spam_ip: 80.109.155.86</indicator:Title>
            <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
            <indicator:Description>TS ID: 57531849646; iType: spam_ip; Date First: 2021-09-10T02:26:53.448Z; State: active; Org: Magenta Telekom; Source: NixSpam; MoreDetail: imported by user 668</indicator:Description>
            <indicator:Observable id="threatstream:Observable-XXXXXXX">
                <cybox:Title>spam_ip: 80.109.155.86</cybox:Title>
                <cybox:Keywords>
                    <cybox:Keyword>low</cybox:Keyword>
                </cybox:Keywords>
                <cybox:Object id="threatstream:Address-XXXXXXX">
                    <cybox:Properties xsi:type="AddressObj:AddressObjectType" category="ipv4-addr">
                        <AddressObj:Address_Value>80.109.155.86</AddressObj:Address_Value>
                    </cybox:Properties>
                </cybox:Object>
            </indicator:Observable>
            <indicator:Handling>
                <marking:Marking>
                    <marking:Controlled_Structure>../../../descendant-or-self::node()</marking:Controlled_Structure>
                    <marking:Marking_Structure xsi:type='tlpMarking:TLPMarkingStructureType' color="AMBER"/>
                </marking:Marking>
            </indicator:Handling>
            <indicator:Confidence timestamp="2021-09-12T18:13:40.702217+00:00">
                <stixCommon:Value vocab_reference="https://en.wikipedia.org/wiki/Percentage" vocab_name="Percentage">37</stixCommon:Value>
            </indicator:Confidence>
            <indicator:Producer>
                <stixCommon:Time>
                    <cyboxCommon:Produced_Time>2021-09-10T02:26:53.448000+00:00</cyboxCommon:Produced_Time>
                </stixCommon:Time>
            </indicator:Producer>
        </stix:Indicator>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions