txt2detection 1.0.9__py3-none-any.whl → 1.0.11__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of txt2detection might be problematic. Click here for more details.

Files changed (8) hide show
  1. txt2detection/__main__.py +1 -1
  2. txt2detection/attack_flow.py +1 -3
  3. txt2detection/bundler.py +18 -0
  4. {txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/METADATA +1 -1
  5. {txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/RECORD +8 -8
  6. {txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/WHEEL +0 -0
  7. {txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/entry_points.txt +0 -0
  8. {txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/licenses/LICENSE +0 -0
txt2detection/__main__.py CHANGED
@@ -258,7 +258,7 @@ def run_txt2detection(
258
258
  **kwargs,
259
259
  ) -> Bundler:
260
260
  if (
261
- kwargs.get("sigma_file") != "sigma_file"
261
+ not kwargs.get("sigma_file")
262
262
  or ai_create_attack_flow
263
263
  or ai_create_attack_navigator_layer
264
264
  ):
txt2detection/attack_flow.py CHANGED
@@ -9,14 +9,12 @@ from .bundler import Bundler
9
9
  from .ai_extractor.base import BaseAIExtractor
10
10
  from .models import UUID_NAMESPACE
11
11
  from stix2extensions.attack_action import AttackAction, AttackFlow
12
- from stix2extensions._extensions import attack_flow_ExtensionDefinitionSMO
13
-
14
12
 
15
13
  def parse_flow(report, flow: AttackFlowList, techniques, tactics):
16
14
  logging.info(f"flow.success = {flow.success}")
17
15
  if not flow.success:
18
16
  return []
19
- objects = [report, attack_flow_ExtensionDefinitionSMO]
17
+ objects = [report]
20
18
  for domain in ["enterprise-attack", "mobile-attack", "ics-attack"]:
21
19
  flow_objects = parse_domain_flow(report, flow, techniques, tactics, domain)
22
20
  objects.extend(flow_objects)
txt2detection/bundler.py CHANGED
@@ -42,6 +42,7 @@ class Bundler:
42
42
  uuid = None
43
43
  id_map = dict()
44
44
  data: DataContainer
45
+ ATTACK_FLOW_SMO_URL = "https://github.com/muchdogesec/stix2extensions/raw/refs/heads/main/remote-definitions/attack-flow.json"
45
46
  # https://raw.githubusercontent.com/muchdogesec/stix4doge/refs/heads/main/objects/identity/txt2detection.json
46
47
  default_identity = Identity(
47
48
  **{
@@ -361,6 +362,23 @@ class Bundler:
361
362
  for d in container.detections:
362
363
  self.add_rule_indicator(d)
363
364
 
365
+
366
+ @property
367
+ def flow_objects(self):
368
+ return self._flow_objects
369
+
370
+ @flow_objects.setter
371
+ def flow_objects(self, objects):
372
+ smo_objects = requests.get(self.ATTACK_FLOW_SMO_URL).json()["objects"]
373
+ objects.extend(smo_objects)
374
+ for obj in objects:
375
+ if obj["id"] == self.report.id:
376
+ continue
377
+ is_report_object = obj["type"] not in ["extension-definition", "identity"]
378
+ self.add_ref(obj, append_report=is_report_object)
379
+ self._flow_objects = objects
380
+
381
+
364
382
 
365
383
  def make_logsouce_string(source: dict):
366
384
  d = [
{txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: txt2detection
3
- Version: 1.0.9
3
+ Version: 1.0.11
4
4
  Summary: A command line tool that takes a txt file containing threat intelligence and turns it into a detection rule.
5
5
  Project-URL: Homepage, https://github.com/muchdogesec/txt2detection
6
6
  Project-URL: Issues, https://github.com/muchdogesec/txt2detection/issues
{txt2detection-1.0.9.dist-info → txt2detection-1.0.11.dist-info}/RECORD RENAMED
@@ -1,7 +1,7 @@
1
1
  txt2detection/__init__.py,sha256=Fc460P0q_eb2u3Xc89z-fwl-4ai3jrPqPNVwJQYNkNQ,89
2
- txt2detection/__main__.py,sha256=s5XcIctE59ALjys6Y8lRIqS_pQWi1mlNo2gyG8_XS5s,11622
3
- txt2detection/attack_flow.py,sha256=1Ns98ZEoiN8kH-iSo7d6zYtplm11QkhPQAvSZsW4WXQ,8853
4
- txt2detection/bundler.py,sha256=eHyr6jlnd4ZvynHkyy5Hposkp_XqEAxEwGzlViSq1xU,13319
2
+ txt2detection/__main__.py,sha256=cZchD4lx_YscSkqVscYqDboZftsBCUfskaP4585QdI0,11610
3
+ txt2detection/attack_flow.py,sha256=x6GhDZZ8xOzugfMELvHvrhclcIqozGIt9_mzyr2KKnA,8741
4
+ txt2detection/bundler.py,sha256=eGCIwLY0J_SVyOI_1IFsm_8RgvaE_32t5MIc_UyJwm0,13994
5
5
  txt2detection/credential_checker.py,sha256=NuKk7WlDshtdpGecxY1exoi4fUHCygunPH2lZ20oEA8,2598
6
6
  txt2detection/models.py,sha256=_-sR03FEWI46OUZdL7U0tibNn909B0NU9LWNzopBtiY,12888
7
7
  txt2detection/observables.py,sha256=RxgJchvk6_Z2pBxJ6MAGsx00gj8TyRt9W2BTQTb1F9o,6762
@@ -17,8 +17,8 @@ txt2detection/ai_extractor/openrouter.py,sha256=rL-SnzRhzrCnPJGLxbTlRyxU0NAw42Rm
17
17
  txt2detection/ai_extractor/prompts.py,sha256=xI82PelsTidnRzi5wnNbEC4lmkio92YUDd8SZu4CQiE,10961
18
18
  txt2detection/ai_extractor/utils.py,sha256=SUxyPhkGp5yDbX_H_E018i93R8IbyLsQ00PIBDecfuc,540
19
19
  txt2detection/config/detection_languages.yaml,sha256=dgQUJPxhDRJ_IiFEFOiH0yhEer3SkFSIhY4pS3BsX2c,287
20
- txt2detection-1.0.9.dist-info/METADATA,sha256=UHkUnaL9wEt78RNw0EmQenodg2qxZ3gsTDkmVC2W7IE,15869
21
- txt2detection-1.0.9.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
22
- txt2detection-1.0.9.dist-info/entry_points.txt,sha256=ep_rLlS2r1-kKE7S3iKf3SVwbCU9-FZhU9zUebitw7A,62
23
- txt2detection-1.0.9.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
24
- txt2detection-1.0.9.dist-info/RECORD,,
20
+ txt2detection-1.0.11.dist-info/METADATA,sha256=5sPLzlTTug4AOTTk6YH8G7EjfFheA0pLaEKlWUTtMek,15870
21
+ txt2detection-1.0.11.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
22
+ txt2detection-1.0.11.dist-info/entry_points.txt,sha256=ep_rLlS2r1-kKE7S3iKf3SVwbCU9-FZhU9zUebitw7A,62
23
+ txt2detection-1.0.11.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
24
+ txt2detection-1.0.11.dist-info/RECORD,,