maecproject / maec-to-stix Goto Github PK
View Code? Open in Web Editor NEWMAEC to STIX Wrapper/Indicator Extraction API
Home Page: http://maec-to-stix.readthedocs.org
License: BSD 3-Clause "New" or "Revised" License
maec-to-stix's People
Stargazers
Watchers
maec-to-stix's Issues
File_Path of FileObjectType should not include the Device_Path
As far as I understand, there is an error when calculating the File_Path property of a FileObjectType.
Consider this example output:
<cybox:Object id="maecToSTIX:Object-8344835b-8a33-48b7-a4b0-2c7f9c5bb54a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:File_Path condition="Equals">c:\autoexec.bat</FileObj:File_Path>
</cybox:Properties>
</cybox:Object>
According to the documentation:
The File_Path field specifies the relative or fully-qualified path to the file, not including the path to the device where the file system containing the file resides.
Thus, I think the following would be the correct output for the given object:
<cybox:Object id="maecToSTIX:Object-8344835b-8a33-48b7-a4b0-2c7f9c5bb54a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:File_Path condition="Equals">autoexec.bat</FileObj:File_Path>
<FileObj:Device_Path condition="Equals">c:\</FileObj:Device_Path>
</cybox:Properties>
</cybox:Object>
or
<cybox:Object id="maecToSTIX:Object-8344835b-8a33-48b7-a4b0-2c7f9c5bb54a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Full_Path condition="Equals">c:\autoexec.bat</FileObj:Full_Path>
</cybox:Properties>
</cybox:Object>
maec must be instance of lxml.etree._Element or lxml.etree._ElementTree
$ python maec_to_stix.py -w -i examples/example_1_maec.xml -o output_stix.xml
Traceback (most recent call last):
File "maec_to_stix.py", line 69, in
main()
File "maec_to_stix.py", line 51, in main
stix_package = wrap_maec_package(args.infile)
File "/Users/Gabriel/Downloads/maec-to-stix-master/maec_to_stix/init.py", line 25, in wrap_maec_package
stix_package = wrap_maec(maec_package, package_filename)
File "/Users/Gabriel/Downloads/maec-to-stix-master/maec_to_stix/stix_wrapper/init.py", line 23, in wrap_maec
maec_malware_instance.maec = maec_package
File "/Library/Python/2.7/site-packages/stix/extensions/malware/maec_4_1_malware.py", line 36, in maec
raise ValueError('maec must be instance of lxml.etree._Element '
ValueError: maec must be instance of lxml.etree._Element or lxml.etree._ElementTree
Hello, I am trying to use the script but it is giving me this error.
When extracting indicatiors, all network indicators are ignored
When extracting indicators from a maec file, it seems that all network indicators are ignored.
Example maec action:
<maecBundle:Action id="maec-6ae42d195ed01779d8fed50b397fc5d0-act-1612">
<cybox:Name xsi:type="maecVocabs:NetworkActionNameVocab-1.0">connect to socket address</cybox:Name>
<cybox:Associated_Objects>
<cybox:Associated_Object id="maec-6ae42d195ed01779d8fed50b397fc5d0-obj-3378">
<cybox:Properties xsi:type="NetworkConnectionObj:NetworkConnectionObjectType">
<NetworkConnectionObj:Layer4_Protocol datatype="string">UDP</NetworkConnectionObj:Layer4_Protocol>
<NetworkConnectionObj:Source_Socket_Address xsi:type="SocketAddressObj:SocketAddressObjectType">
<SocketAddressObj:IP_Address xsi:type="AddressObj:AddressObjectType" category="ipv4-addr">
<AddressObj:Address_Value>192.168.178.11</AddressObj:Address_Value>
</SocketAddressObj:IP_Address>
<SocketAddressObj:Port xsi:type="PortObj:PortObjectType">
<PortObj:Port_Value>1523</PortObj:Port_Value>
</SocketAddressObj:Port>
</NetworkConnectionObj:Source_Socket_Address>
<NetworkConnectionObj:Destination_Socket_Address xsi:type="SocketAddressObj:SocketAddressObjectType">
<SocketAddressObj:IP_Address xsi:type="AddressObj:AddressObjectType" category="ipv4-addr">
<AddressObj:Address_Value>192.168.178.2</AddressObj:Address_Value>
</SocketAddressObj:IP_Address>
<SocketAddressObj:Port xsi:type="PortObj:PortObjectType">
<PortObj:Port_Value>53</PortObj:Port_Value>
</SocketAddressObj:Port>
</NetworkConnectionObj:Destination_Socket_Address>
</cybox:Properties>
</cybox:Associated_Object>
</cybox:Associated_Objects>
</maecBundle:Action>
Expected Output: A NetworkConnectionObj
Actual Output: Nothing at all.
Is there any support for network objects planned?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.