Skip to content

MISP-STIX Spring Release

Latest
Latest

Choose a tag to compare

View all tags
@chrisr3d chrisr3d released this 16 Jun 07:12
· 63 commits to main since this release
2025.6.12
ad0ce05
This commit was signed with the committer’s verified signature.
chrisr3d Christian Studer
GPG key ID: 6BBED1B63A6D639F
Verified
Learn about vigilant mode.

We're excited to share a new set of updates to misp-stix, bringing better STIX 2.x compatibility, smarter Galaxy Cluster handling, and improved validation — all wrapped up with stronger test coverage and smoother tooling.

Highlights of recent misp-stix changes (Jan–June 2025)

STIX 2.x compatibility improvements

  • Enhanced import/export of custom Galaxy Clusters (Campaign, Threat Actor, Malware, Tool, Attack Pattern, etc.)
  • Support for TLP 2.0 and improved parsing of ACS Marking and access privileges
  • Better meta field mapping, labels, and synonym handling for SDOs

Validation & standard compliance

  • Initial use of stix2validator to validate country codes was replaced by pycountry for more reliable handling

Bug fixes and stability

  • Resolved issues with malformed or missing fields (name, object_refs, country, custom fields)
  • Improved fallback logic and inheritance handling in mapping methods

Tests & coverage

  • Broadened test suite for custom STIX object conversions
  • Added regression tests and more comprehensive sample coverage

Packaging & tooling

  • Regular dependency updates (poetry, lockfiles, submodules)
  • Cleanup and consistency improvements in CLI options and argument naming

Detailed changelog

2025.6.12 - 2025-06-12

Chg

  • [package, poetry] Updated version

Fix

  • [stix2 export] Improving the categorisation of MISP as JSON content to call the right conversion to STIX 2.x method
  • [stix2 import] Fixed mapping inheritance to avoid unavailability of a mapping method

2025.5.13 - 2025-05-13

Add

  • [stix2 import] Mapping TLP 2 definitions

Chg

  • [package] New version
  • [submodules] Bumped latest mitre/cti & misp-galaxies versions

Fix

  • [stix2 export] Making sure Identity objects are not raise any exception because of a custom field
  • [stix2 import] Fixed access privilege parsing from ACS marking extension definitions

2025.4.30 - 2025-04-30

Add

  • [test] Tests for custom Campaign Galaxy Clusters export to STIX 2.x
  • [stix2 export] Converting Custom Galaxy Clusters imported from STIX 2.x Campaign objects, back to STIX 2.x

Chg

  • [poetry, package] Bumped latest version
  • [stix2 export] Validating country values while converting country galaxy clusters and custom location galaxy clusters
  • [poetry] Bumped latest versions in lock file
  • [tests] Updated test samples for Campaign objects import as Custom Galaxy

Fix

  • [stix2 import] Using the right method to parse malware sample refs
  • [stix2 import] Properly adding Galaxy with Cluster when converting Malware object both as MISP object and Cluster
  • [stix2 import] Avoiding issues with missing name field in SDOs converted from STIX 2.x to MISP Galaxy Clusters
  • [stix2 export] Catching exceptions on invalid country value
  • [tests] Added tests for custom Vulnerability Galaxy Cluster export to STIX 2.x
  • [stix2 import] Removed empty line
  • [tests] Covering all fields in tests for custom Tool Galaxy Cluster
  • [stix2 export] Avoiding issues with custom stix objects id in object_refs field of a Note
  • [tests] Tests for Custom Threat Actor Galaxy export to STIX 2.x
  • [stix2 export] Typo on the Threat Actor meta fields mapping
  • [stix2 import] Added missing mapping for STIX 2.1 Threat Actor fields
  • [tests] Better tests for custom Attack Pattern Clusters meta fields & added tests for custom Malware Clusters export to STIX 2.x
  • [stix2 export] Better labels and malware/threat actor/tool types field handling
  • [stix2 export] Better meta fields mapping handling
  • [stix2 export] Added missing country code warning
  • [stix2 import] Fixed STIX 2.1 Malware object to cluster meta fields mapping
  • [stix2 export] Converting custom location Galaxy Clusters to STIX 2.1 Location objects
  • [stix2 export] Updated Galaxy Clusters mapping & generic meta fields list
  • [poetry, package] Added stix2validator dependency and updated lock file accordingly
  • [tests] Updated tests for location clusters export to STIX 2.1
  • [stix2 export] Passing meta values without making them a list when they are single values
  • [tests] Better tests for Intrusion Set objects conversion in both directions
  • [stix2 export] Better intrusion set clusters conversion
  • [tests] Better tests for Campaign objects conversion
  • [stix2 import] Parsing all Campaign object fields
  • [tests] Better tests for Attack Pattern objects
  • [stix2 export] Added missing parsing of attack pattern synonyms converted as aliases in STIX 2.1 Attack Pattern objects
  • [stix2 export] Typo missing stix version to populate custom galaxies mapping
  • [stix2 export] Typo in SDO types exported from galaxy clusters
  • [stix2 export] Enabling the ability to export to any STIX 2.x version the custom galaxy clusters previously generated during the conversion from STIX 2.x
  • [stix2 import] Properly parsing access privileges

2025.4.10 - 2025-04-11

Chg

  • [package] Bumped latest version
  • [poetry] Bumped lock file with latest versions
  • [poetry] Updated lock file with latest versions

Fix

  • [stix2 import] Made the Observable objects fetching method available for all standalone Observable objects conversion classes
  • [stix2 import] Avoiding KeyError exxception when trying to fetch an observable object based on its id referenced in an observed data

2025.4.4 - 2025-04-04

Chg

  • [package, poetry] New library version
  • [submodules] Bumped latest versions
  • [poetry] Bumped lock file with latest versions

Fix

  • [tests] Updated test following the updated galaxy & cluster definition
  • [stix2 import] Avoiding issues with Sighting objects

2025.03.04 - 2025-03-13

Chg

  • [poetry, package] Library version bump
  • [poetry] Bumped latest lock file

Fix

  • [stix2 import] Passing the cluster distribution value to galaxy definitions too
  • [stix2 import] Making Python 3.9 happy with my return typings being str or None
  • [tests] Updated tests following recent change on the location objects conversion
  • [stix2 import] Fixed imports
  • [stix2 import] Converting STIX 2.1 Location objects with only global region, country or area attributes as custom galaxy
  • [stix2 import] Removed unused mapping methods
  • [stix2 import] Removed mapping that was move to converters

2025.02.14 - 2025-02-14

Chg

  • [package] Bumped version
  • [poetry] Bumped lock file
  • [poetry] Replaced deprecated section name

Fix

  • [stix2 import] Keeping UUID from Custom objects used to describe a Galaxy Cluster which we import back to MISP
  • [stix2 import] Replaced undefined methods with actual error message handling

2025.01.10 - 2025-01-10

Chg

  • [poetry, package] Bumped versions
  • [stix2 import] Aligned the force contextual data argument to its naming on MISP

2025.01.09 - 2025-01-09

Add

  • [stix2 import] New argument to force the conversion of a STIX 2.x SDO as Galaxy Cluster

Chg

  • [readme] Updated package information, CLI description & updated active period information
  • [poetry] Bumped lock file with latest versions
  • [poetry, package] Bumped package version
Assets 2
Loading