OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: cti-stix-elevator 2.1 released

Hi everyone-

                        

We just published cti-stix-elevator version 2.1 on PyPi [1]. The source code is available at [2]. read-the-docs documentation is available at [3].

Major Changes

  • Handle SCOs
  • More complete support of CybOX objects
  • Enable use of custom properties for properties missing from STIX 2.x
  • Support all additional properties and property name changes for version 2.1 WD06
  • Handle UUIDv5 for SCOs in version 2.1

Other Changes

  • Fix patterns involving PE binary file header
  • Handle characteristic observables in infrastructure
  • Better mapping of STIX 1.x relationship types to STIX 2.x ones
  • Update logic to create TLP markings as stated in the specification
  • issue #148 - support ports CybOX object
  • Handle âContainsâ operator more correctly

Testing Changes

  • Compare UUIDv5 for equality

 

One new feature in this release, enabling the use of custom properties for properties missing from STIX 2.x, needs further discussion.  The elevator tries to retain as much information from the STIX 1.x content as possible.  Previously, if a STIX 1.x property did not exist in STIX 2.x, the elevator provided an option to include that content in the description property.  This was the default behavior, which could be disabled.

 

As the use of STIX 2.x has evolved, the use of custom properties had been more generally accepted.  This version of the elevator provides an additional option for how to handle âmissingâ properties.  The previous option --no-squirrel-gaps has been replaced by the option

--missing-policy, which has three possible values:

 

  • use-custom-properties â if the STIX 1.x cannot be represented using the existing properties defined in the STIX 2.x specification, use the custom-properties facility
  • add-to-description â the previous default behavior.  This option remains the default.
  • ignore â the behavior previously enabled by the âno-squirrel-gapsâ option

 

An additional new option is provided to work in conjunction with the --missing-policy option, when its value is use-custom-properties.  This option, --custom-property-prefix, allows for a prefix for the name of the custom properties.  As described in the STIX specification document:

 

Custom Property names SHOULD start with âx_â followed by a source unique identifier (such as a domain name with dots replaced by underscores), an underscore and then the name. For example, x_example_com_customfield

 

The default value for this option is âelevatorâ. 

           

Please enter an issue on Github for bugs and feature requests.

 

Contributions welcome.

  

Rich Piazza

Chris Lenk

Emmanuelle Vargas-Gonzalez

 

MITRE

 

[1] https://pypi.org/project/stix2-elevator

[2] https://github.com/oasis-open/cti-stix-elevator

[3] https://stix2-elevator.readthedocs.io/en/latest/  

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]