Skip to content
This repository has been archived by the owner on May 29, 2024. It is now read-only.

Rewrite MISP plugin to convert to/from STIX-2 Indicators and Sightings #102

Merged
merged 12 commits into from
Mar 8, 2021
Merged

Rewrite MISP plugin to convert to/from STIX-2 Indicators and Sightings #102

merged 12 commits into from
Mar 8, 2021

Conversation

0snap
Copy link
Contributor

@0snap 0snap commented Mar 2, 2021
edited
Loading

📔 Description

Following up on the STIX-2 rewrite of Threat Bus: this PR updates the MISP plugin.

  • Convert MISP attributes to STIX-2 Indicators
  • Convert STIX-2 Sightings to MISP sightings
  • New message-passing integration test
  • Updated unit tests

📝 Checklist

  • All user-facing changes have changelog entries.
  • The changes are reflected on docs.tenzir.com/threatbus, if necessary.
  • The PR description contains instructions for the reviewer, if necessary.

🎯 Review Instructions

  • Run the unit-tests (make dev-mode && make unit-tests)
  • Fire up a local MISP or connect to our testbed and start Threat Bus using this branch
  • Click some attributes in the MISP web view
  • Send some sightings using our test utils

@lgtm-com
Copy link

lgtm-com bot commented Mar 2, 2021

This pull request introduces 2 alerts when merging 9008df7 into dd8c889 - view on LGTM.com

new alerts:

  • 2 for Unused import

@0snap 0snap force-pushed the story/ch22586 branch 2 times, most recently from 9c07ee3 to 1ba54e7 Compare March 2, 2021 14:56
@0snap 0snap requested review from tobim and a team March 2, 2021 15:05
@0snap 0snap added the feature New functionality label Mar 2, 2021
@0snap 0snap marked this pull request as ready for review March 2, 2021 15:07
tobim
tobim suggested changes Mar 3, 2021
View reviewed changes
Copy link
Member

@tobim tobim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good progress. The unit tests are looking great! I think we should also add a check for type mismatches, like what happens if to_ids or deleted contain a string?

@0snap 0snap force-pushed the story/ch22586 branch 2 times, most recently from 3897e61 to 03f3bd0 Compare March 4, 2021 10:50
@0snap 0snap requested a review from tobim March 4, 2021 12:14
tobim
tobim approved these changes Mar 8, 2021
View reviewed changes
Copy link
Member

@tobim tobim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this and verified that it works locally. Code changes look good!

@0snap 0snap merged commit 5ad3665 into master Mar 8, 2021
@0snap 0snap deleted the story/ch22586 branch March 8, 2021 09:46
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@tobim tobim tobim approved these changes

Assignees
No one assigned
Labels
feature New functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0snap @tobim