|
2 | 2 |
|
3 | 3 | <img src="https://raw.githubusercontent.com/MISP/misp-stix/main/documentation/logos/misp-stix.png" width="125" height="125"> |
4 | 4 |
|
5 | | -[](https://www.python.org/downloads/release/python-370/) |
| 5 | +[](https://www.python.org/downloads/release/python-390/) |
6 | 6 | [](https://badge.fury.io/gh/MISP%2Fmisp-stix) |
7 | 7 | [](https://github.com/MISP/misp-stix/actions?query=workflow%3Amisp-stix) |
8 | 8 | [](#License) |
9 | 9 |
|
10 | | -MISP-STIX-converter is a Python library (>=3.8) to handle all the conversions between the [MISP standard format](https://www.misp-standard.org/) and STIX formats. |
| 10 | +MISP-STIX-converter is a Python library (>=3.9) to handle all the conversions between the [MISP standard format](https://www.misp-standard.org/) and STIX formats. |
11 | 11 |
|
12 | 12 | The package is available as [misp-stix](https://pypi.org/project/misp-stix/) in PyPI. |
13 | 13 |
|
@@ -132,65 +132,67 @@ Main feature: |
132 | 132 | ##### Export parameters |
133 | 133 |
|
134 | 134 | ```bash |
135 | | -usage: misp_stix_converter export [-h] -f FILE [FILE ...] -v {1.1.1,1.2,2.0,2.1} [-s] [-m] [--output_dir OUTPUT_DIR] [-o OUTPUT_NAME] [--level {attribute,event}] [--format {json,xml}] [-n NAMESPACE] [-org ORG] |
| 135 | +usage: misp_stix_converter export [-h] -f FILE [FILE ...] -v {1.1.1,1.2,2.0,2.1} [-s] [-m] [--output-dir OUTPUT_DIR] [-o OUTPUT_NAME] [--level {attribute,event}] [--format {json,xml}] [-n NAMESPACE] [-org ORG] |
136 | 136 |
|
137 | 137 | options: |
138 | 138 | -h, --help show this help message and exit |
139 | | - -f FILE [FILE ...], --file FILE [FILE ...] |
| 139 | + -f, --file FILE [FILE ...] |
140 | 140 | Path to the file(s) to convert. |
141 | | - -v {1.1.1,1.2,2.0,2.1}, --version {1.1.1,1.2,2.0,2.1} |
| 141 | + -v, --version {1.1.1,1.2,2.0,2.1} |
142 | 142 | STIX specific version. |
143 | | - -s, --single_output Produce only one result file (in case of multiple input file). |
144 | | - -m, --in_memory Store result in memory (in case of multiple result files) instead of storing it in tmp files. |
145 | | - --output_dir OUTPUT_DIR |
| 143 | + -s, --single-output Produce only one result file (in case of multiple input file). |
| 144 | + -m, --in-memory Store result in memory (in case of multiple result files) instead of storing it in tmp files. |
| 145 | + --output-dir OUTPUT_DIR |
146 | 146 | Output path - used in the case of multiple input files when the `single_output` argument is not used. |
147 | | - -o OUTPUT_NAME, --output_name OUTPUT_NAME |
| 147 | + -o, --output-name OUTPUT_NAME |
148 | 148 | Output file name - used in the case of a single input file or when the `single_output` argument is used. |
149 | 149 |
|
150 | 150 | STIX 1 specific arguments: |
151 | 151 | --level {attribute,event} |
152 | 152 | MISP data structure level. |
153 | 153 | --format {json,xml} STIX 1 format. |
154 | | - -n NAMESPACE, --namespace NAMESPACE |
| 154 | + -n, --namespace NAMESPACE |
155 | 155 | Namespace to be used in the STIX 1 header. |
156 | 156 | -org ORG Organisation name to be used in the STIX 1 header. |
157 | 157 | ``` |
158 | 158 |
|
159 | 159 | ##### Import parameters |
160 | 160 |
|
161 | 161 | ```bash |
162 | | -usage: misp_stix_converter import [-h] -f FILE [FILE ...] [-v {1,2}] [-s] [-o OUTPUT_NAME] [--output_dir OUTPUT_DIR] [-d {0,1,2,3,4}] [-sg SHARING_GROUP] [--galaxies_as_tags] [--org_uuid ORG_UUID] [-cd {0,1,2,3,4}] |
163 | | - [-cg CLUSTER_SHARING_GROUP] [-p PRODUCER] [-c CONFIG] [-u URL] [-a API_KEY] [--skip_ssl] |
| 162 | +usage: misp_stix_converter import [-h] -f FILE [FILE ...] [-v {1,2}] [-s] [-o OUTPUT_NAME] [--output-dir OUTPUT_DIR] [-d {0,1,2,3,4}] [-sg SHARING_GROUP] [--galaxies-as-tags] [--no-force-galaxy-cluster] |
| 163 | + [--org-uuid ORG_UUID] [-cd {0,1,2,3,4}] [-csg CLUSTER_SHARING_GROUP] [-t TITLE] [-p PRODUCER] [-c CONFIG] [-u URL] [-a API_KEY] [--skip-ssl] |
164 | 164 |
|
165 | 165 | options: |
166 | 166 | -h, --help show this help message and exit |
167 | | - -f FILE [FILE ...], --file FILE [FILE ...] |
| 167 | + -f, --file FILE [FILE ...] |
168 | 168 | Path to the file(s) to convert. |
169 | | - -v {1,2}, --version {1,2} |
170 | | - STIX major version - default is 2 |
171 | | - -s, --single_event Produce only one MISP event per STIX file(in case of multiple Report, Grouping or Incident objects). |
172 | | - -o OUTPUT_NAME, --output_name OUTPUT_NAME |
173 | | - Output file name - used in the case of a single input file or when the `single_output` argument is used. |
174 | | - --output_dir OUTPUT_DIR |
175 | | - Output path - used in the case of multiple input files when the `single_output` argument is not used. |
176 | | - -d {0,1,2,3,4}, --distribution {0,1,2,3,4} |
177 | | - Distribution level for the imported MISP content - default is 0 |
178 | | - -sg SHARING_GROUP, --sharing_group SHARING_GROUP |
| 169 | + -v, --version {1,2} STIX major version - default is 2 |
| 170 | + -s, --single-event Produce only one MISP event per STIX file(in case of multiple Report, Grouping or Incident objects). |
| 171 | + -o, --output-name OUTPUT_NAME |
| 172 | + Output file name - used in the case of a single input file or when the `single_event` argument is used. |
| 173 | + --output-dir OUTPUT_DIR |
| 174 | + Output path - used in the case of multiple input files when the `single_event` argument is not used. |
| 175 | + -d, --distribution {0,1,2,3,4} |
| 176 | + Distribution level for the imported MISP content (default is 0) - 0: Your organisation only - 1: This community only - 2: Connected communities - 3: All communities - 4: Sharing Group |
| 177 | + -sg, --sharing-group SHARING_GROUP |
179 | 178 | Sharing group ID when distribution is 4. |
180 | | - --galaxies_as_tags Import MISP Galaxies as tag names instead of the standard Galaxy format. |
181 | | - --org_uuid ORG_UUID Organisation UUID to use when creating custom Galaxy clusters. |
182 | | - -cd {0,1,2,3,4}, --cluster_distribution {0,1,2,3,4} |
183 | | - Galaxy Clusters distribution level in case of External STIX 2 content - default id 0 |
184 | | - -cg CLUSTER_SHARING_GROUP, --cluster_sharing_group CLUSTER_SHARING_GROUP |
| 179 | + --galaxies-as-tags Import MISP Galaxies as tag names instead of the standard Galaxy format. |
| 180 | + --no-force-galaxy-cluster |
| 181 | + Do not force the creation of custom Galaxy clusters in some specific cases when STIX objects could be converted either as clusters or MISP objects for instance. |
| 182 | + --org-uuid ORG_UUID Organisation UUID to use when creating custom Galaxy clusters. |
| 183 | + -cd, --cluster-distribution {0,1,2,3,4} |
| 184 | + Galaxy Clusters distribution level in case of External STIX 2 content (default id 0) - 0: Your organisation only - 1: This community only - 2: Connected communities - 3: All communities - 4: |
| 185 | + Sharing Group |
| 186 | + -csg, --cluster-sharing-group CLUSTER_SHARING_GROUP |
185 | 187 | Galaxy Clusters sharing group ID in case of External STIX 2 content. |
186 | | - -p PRODUCER, --producer PRODUCER |
| 188 | + -t, --title TITLE Title used to set the MISP Event `info` field. |
| 189 | + -p, --producer PRODUCER |
187 | 190 | Producer of the imported content - Please make sure you use a name from the list of existing producer Galaxy Clusters. |
188 | | - -c CONFIG, --config CONFIG |
189 | | - Config file containing the URL and the authentication key to connect to your MISP. |
190 | | - -u URL, --url URL URL to connect to your MISP instance. |
191 | | - -a API_KEY, --api_key API_KEY |
| 191 | + -c, --config CONFIG Config file containing the URL and the authentication key to connect to your MISP. |
| 192 | + -u, --url URL URL to connect to your MISP instance. |
| 193 | + -a, --api-key API_KEY |
192 | 194 | Authentication key to connect to your MISP instance. |
193 | | - --skip_ssl Skip SSL certificate checking when connecting to your MISP instance. |
| 195 | + --skip-ssl Skip SSL certificate checking when connecting to your MISP instance. |
194 | 196 | ``` |
195 | 197 |
|
196 | 198 | ### In Python scripts |
@@ -325,8 +327,8 @@ You can find there all the different cases illustrated with examples. |
325 | 327 | misp-stix is released under a BSD 2-Clause "Simplified" License allow easy reuse with other libraries. |
326 | 328 |
|
327 | 329 | ~~~ |
328 | | -Copyright 2019-2023 Christian Studer |
329 | | -Copyright 2019-2023 CIRCL - Computer Incident Response Center Luxembourg c/o "security made in Lëtzebuerg" (SMILE) g.i.e. |
| 330 | +Copyright 2019-2025 Christian Studer |
| 331 | +Copyright 2019-2025 CIRCL - Computer Incident Response Center Luxembourg c/o "security made in Lëtzebuerg" (SMILE) g.i.e. |
330 | 332 |
|
331 | 333 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
332 | 334 |
|
|
0 commit comments