Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev

README.md

@@ -38,7 +38,7 @@ Package details at PyPI: [misp-stix](https://pypi.org/project/misp-stix/)
 
 ## Install the latest version from the repository for development purposes
 
-**Note**: poetry is required; e.g., `pip3 install poetry`
+**Note**: poetry is strongly recommended; e.g., `pip3 install poetry`
 
 ```
 git clone https://github.com/MISP/misp-stix.git && cd misp-stix
@@ -48,6 +48,17 @@ poetry install
 
 If you already have poetry face any issue with it while installing or updating misp-stix with it, you can try `pip3 install -U poetry` to make sure you have a version >= 1.2
 
+Alternatively, you can set up a virtual environment with the following:
+
+```
+virtualenv -p python3 venv
+source ./venv/bin/activate
+pip install -U pip
+# Manual install of setuptools to avoid some dependencies issues
+pip install setuptools
+pip install .
+```
+
 ### Running the tests
 
 Tests for MISP format export as STIX 1.1.1 & 1.2:
@@ -69,12 +80,40 @@ poetry run pytest tests/test_stix21_export.py
 
 ### Command-line Usage
 
+If you are not already within your virtual environment, you can either choose to prefix all the following example commands with `poetry run`, or simply activate your python environment:
+
+```bash
+# If you chose to use the recommended option
+poetry shell
+
+# OR
+
+# Another option that should work if you followed the example mentioned above with the install instructions
+./venv/bin/activate
 ```
+
+At this point, you should be able to use the command-line feature. Here are a few examples:
+
+```bash
+# Convert an Events collections to STIX 2.1
 misp_stix_converter export --version 2.1 -f tests/test_events_collection_1.json
+
+# Convert a MISP Event and set a specific name for the STIX 2.1 output file
+misp_stix_converter export --version 2.1 -f tests/test_event.misp.json -o tests/test_event.stix21.json
+
+# Convert a STIX 2 Bundle to MISP, and set specific distributions
+misp_stix_converter import -f tmp/test_bundle.stix21.json -o tmp/test_bundle.misp.json -d 1 -cd 1
+# This will set the distribution for the Event, Attributes and Galaxy Clusters to `this community`
+
+# Convert multiple STIX 2 Bundles to MISP and directly push the results to MISP, knowing your authentication key
+misp_stix_converter import -f tmp/*.stix21.json --url https://localhost --api_key _YOUR_AUTHENTICATION_KEY_
+# This will create a MISP Event for each file
 ```
 
 #### Parameters
 
+For more details on the different options presented with the examples, here is the complete description.
+
 ```bash
 usage: misp_stix_converter [-h] [--debug] {export,import} ...
 
@@ -121,35 +160,36 @@ STIX 1 specific arguments:
 
 ```bash
 usage: misp_stix_converter import [-h] -f FILE [FILE ...] [-v {1,2}] [-s] [-o OUTPUT_NAME] [--output_dir OUTPUT_DIR] [-d {0,1,2,3,4}] [-sg SHARING_GROUP] [--galaxies_as_tags] [--org_uuid ORG_UUID] [-cd {0,1,2,3,4}]
-                                  [-cg CLUSTER_SHARING_GROUP] [-c CONFIG] [--url URL] [--api_key API_KEY] [--skip_ssl]
+                                  [-cg CLUSTER_SHARING_GROUP] [-p PRODUCER] [-c CONFIG] [-u URL] [-a API_KEY] [--skip_ssl]
 
 options:
   -h, --help            show this help message and exit
   -f FILE [FILE ...], --file FILE [FILE ...]
                         Path to the file(s) to convert.
   -v {1,2}, --version {1,2}
-                        STIX major version.
+                        STIX major version - default is 2
   -s, --single_event    Produce only one MISP event per STIX file(in case of multiple Report, Grouping or Incident objects).
   -o OUTPUT_NAME, --output_name OUTPUT_NAME
                         Output file name - used in the case of a single input file or when the `single_output` argument is used.
   --output_dir OUTPUT_DIR
                         Output path - used in the case of multiple input files when the `single_output` argument is not used.
   -d {0,1,2,3,4}, --distribution {0,1,2,3,4}
-                        Distribution level for the imported MISP content.
+                        Distribution level for the imported MISP content - default is 0
   -sg SHARING_GROUP, --sharing_group SHARING_GROUP
                         Sharing group ID when distribution is 4.
   --galaxies_as_tags    Import MISP Galaxies as tag names instead of the standard Galaxy format.
   --org_uuid ORG_UUID   Organisation UUID to use when creating custom Galaxy clusters.
   -cd {0,1,2,3,4}, --cluster_distribution {0,1,2,3,4}
-                        Galaxy Clusters distribution level in case of External STIX 2 content.
+                        Galaxy Clusters distribution level in case of External STIX 2 content - default id 0
   -cg CLUSTER_SHARING_GROUP, --cluster_sharing_group CLUSTER_SHARING_GROUP
                         Galaxy Clusters sharing group ID in case of External STIX 2 content.
   -p PRODUCER, --producer PRODUCER
                         Producer of the imported content - Please make sure you use a name from the list of existing producer Galaxy Clusters.
   -c CONFIG, --config CONFIG
                         Config file containing the URL and the authentication key to connect to your MISP.
-  --url URL             URL to connect to your MISP instance.
-  --api_key API_KEY     Authentication key to connect to your MISP instance.
+  -u URL, --url URL     URL to connect to your MISP instance.
+  -a API_KEY, --api_key API_KEY
+                        Authentication key to connect to your MISP instance.
   --skip_ssl            Skip SSL certificate checking when connecting to your MISP instance.
 ```
 

misp_stix_converter/__init__.py

@@ -1,4 +1,4 @@
-__version__ = '2.4.193'
+__version__ = '2.4.194'
 
 import argparse
 from .misp_stix_mapping import Mapping # noqa

misp_stix_converter/misp_stix_converter.py

@@ -1075,7 +1075,7 @@ def _stix_to_misp(args):
         if args.url is not None and args.api_key is not None:
             misp = PyMISP(args.url, args.api_key, not args.skip_ssl)
             return _process_stix_to_misp_instance(misp, args)
-        if args.config is not None:
+        elif args.config is not None:
             try:
                 with open(args.config, 'rt', encoding='utf-8') as f:
                     config = json.load(f)
@@ -1085,6 +1085,8 @@ def _stix_to_misp(args):
                 return _process_stix_to_misp_instance(misp, args)
             except (FileNotFoundError, KeyError, json.JSONDecodeError):
                 msg = 'Unable to read configuration file to connect to MISP -'
+        else:
+            msg = 'Missing URL or API key to connect to MISP instance -'
     except PyMISPError as error:
         msg = f'Unable to connect to MISP instance ({error}) -'
     print(f'{msg} Saving MISP results into files instead.')

misp_stix_converter/stix2misp/stix2_to_misp.py

@@ -315,7 +315,7 @@ def course_of_action_parser(self) -> _COURSE_OF_ACTION_PARSER_TYPING:
 
     @property
     def event_tags(self) -> list:
-        return getattr(self, '__event_tags', {})
+        return self.__event_tags
 
     @property
     def generic_info_field(self) -> str:

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "misp-stix"
-version = "2.4.193"
+version = "2.4.194"
 description = "Python scripts used by MISP to export MISP format into STIX and to import STIX into MISP format."
 authors = ["Christian Studer <[email protected]>"]
 maintainers = ["Christian Studer <[email protected]>"]
@@ -41,7 +41,7 @@ misp_stix_converter = 'misp_stix_converter:main'
 
 [tool.poetry.dependencies]
 python = "^3.8"
-pymisp = "^2.4.190"
+pymisp = "^2.4.193"
 stix = "^1.2.0"
 cybox = "^2.1.0"
 mixbox = "^1.0.3"