django-mantis-stix-importer 0.2.0

A module implementing import of STIX and CybOX XML files for the Mantis Cyber Threat Intelligence Mgmt. Framework.

A module implementing import of STIX and CybOX XML files for the Mantis Cyber Threat Intelligence Mgmt. Framework.

Documentation

The full documentation is at http://django-mantis-stix-importer.readthedocs.org.

Quickstart

Please refer to the quickstart information of MANTIS, available at http://django-mantis.readthedocs.org.

Once you are set up with MANTIS, you can use the Django manage.py to import STIX indicators into your system as follows:

$ python manage.py mantis_stix_import <xml-file>  <xml-file> ... [--settings=<path_to_your_django_settings_module]

Here is the output of --help for mantis_stix_import:

Usage: manage.py mantis_stix_import [options] xml-file xml-file ... (you can use wildcards)

Imports stix XML files of specified paths into DINGO

Options:
  -v VERBOSITY, --verbosity=VERBOSITY
                        Verbosity level; 0=minimal output, 1=normal output, 2=verbose output, 3=very verbose output
  --settings=SETTINGS   The Python path to a settings module, e.g. "myproject.settings.main".
                        If this isn't provided, the DJANGO_SETTINGS_MODULE environment variable will be used.
  --pythonpath=PYTHONPATH
                        A directory to add to the Python path, e.g. "/home/djangoprojects/myproject".
  --traceback           Print traceback on exception
  -m MARKING_JSON, --marking_json=MARKING_JSON
                        File with json representation of information of marking to be associated with imports.
  -p PLACEHOLDER_FILLERS, --marking_pfill=PLACEHOLDER_FILLERS
                        Key-value pairs used to fill in placeholders in marking as described in marking file.
  --version             show program's version number and exit
  -h, --help            show this help message and exit

Acknowledgments

The basic layout for this Django app with out-of-the-box configuration of setup.py for easy build, submission to PyPi, etc., and Sphinx documentation tree was generated with Audrey Roy’s excellent Cookiecutter and Daniel Greenfield’s cookiecutter-djangopackage template.

History

0.2.0 (2014-02-26)

• Added ability to generate identifier for top-level element (usually a STIX_Package) if an identifier for that element is missing: if a default namespace has been defined, then an identifier is generated by taking the MD5-hash of the xml file.

• Markings present in STIX_Package are read out and attached to all InfoObjects generated from the STIX_Package.

  Note: Mantis does currently not interpret the XPATH expression that specifies the scope of the marking (which is not much of an issue, since it seems that the feature to restrict the scope of a marking is not much used at the moment).

• Timestamp present in STIX_Header/Information_Source/Time/Produced_Time is read.

• Added a command-line argument to add a default-timestamp to the STIX import command.

• Bug fixes:

  • Attributes other than id and idref that contained a namespace were not handled correctly. The handler function attr_with_namespace_handler fixes this.

  • In 0.1.0, the xsi:type attribute was not recorded, because in most cases, its information is used for determining the data type of elements and InfoObjects. But there are cases, e.g., in Markings, where this is not the case. For these cases, the xsi:type attribute is kept in the InfoObject.

  • Family revision info was not recorded; this has been fixed.

0.1.0 (2013-12-19)

• Bugfixes; added documentation

0.0.9 (2013-12-18)

• First release on PyPI.