txt2stix 0.0.4__py3-none-any.whl

txt2stix/pattern/extractors/ip/ipv4_port_extractor.py

@@ -0,0 +1,42 @@
+from ..base_extractor import BaseExtractor
+from ipaddress import IPv4Address
+
+
+class IPv4WithPortExtractor(BaseExtractor):
+    """
+    A class for extracting valid IPv4 addresses with ports from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "ipv4_port".
+        extraction_function (function): The custom extraction function to validate and extract IPv4 addresses with ports.
+    """
+
+    name = "pattern_ipv4_address_port"
+    extraction_function = lambda x: IPv4WithPortExtractor.validate_ipv4_with_port(x)
+
+    @staticmethod
+    def validate_ipv4_with_port(x):
+        """
+        Custom extraction function to validate if the provided string is a valid IPv4 address with a port.
+
+        Args:
+            x (str): The string to be checked.
+
+        Returns:
+            tuple: A tuple containing the extracted IPv4 address and port if valid, False otherwise.
+        """
+        x = x.strip('"')
+        if ":" in x and x.count(":") == 1:
+            ip_address, port = x.split(":")
+
+            try:
+                # Validate the IPv4 address part.
+                IPv4Address(ip_address)
+
+                # Validate the port part.
+                if 1 <= int(port) <= 65535:
+                    return ip_address, port
+            except ValueError:
+                pass
+
+        return False

txt2stix/pattern/extractors/ip/ipv6_cidr_extractor.py

@@ -0,0 +1,18 @@
+# import ipaddress
+from ipaddress import IPv6Address
+
+import validators
+from ..base_extractor import BaseExtractor
+
+
+class IPv6WithCIDRExtractor(BaseExtractor):
+    """
+    A class for extracting valid IPv6 addresses with ports from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "ipv6_port".
+        extraction_function (function): The custom extraction function to validate and extract IPv6 addresses with ports.
+    """
+
+    name = "pattern_ipv6_address_cidr"
+    extraction_function = lambda ipaddress: validators.ipv6(ipaddress, strict=True, cidr=True)

txt2stix/pattern/extractors/ip/ipv6_extractor.py

@@ -0,0 +1,16 @@
+import validators
+from ..base_extractor import BaseExtractor
+import ipaddress
+
+
+class IPv6Extractor(BaseExtractor):
+    """
+    A class for extracting valid IPv6 addresses from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "ipv6".
+        extraction_function (function): The custom extraction function to validate and extract IPv6 addresses.
+    """
+
+    name = "pattern_ipv6_address_only"
+    extraction_function = lambda ipaddress: validators.ipv6(ipaddress, strict=True, cidr=False)

txt2stix/pattern/extractors/ip/ipv6_port_extractor.py

@@ -0,0 +1,46 @@
+import re
+from ipaddress import IPv6Address
+from ..base_extractor import BaseExtractor
+
+class IPv6WithPortExtractor(BaseExtractor):
+    """
+    A class for extracting valid IPv6 addresses with ports from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "ipv6_port".
+        extraction_function (function): The custom extraction function to validate and extract IPv6 addresses with ports.
+    """
+
+    name = "pattern_ipv6_address_port"
+    extraction_function = lambda x: IPv6WithPortExtractor.validate_ipv6_with_port(x)
+
+    @staticmethod
+    def validate_ipv6_with_port(x):
+        """
+        Custom extraction function to validate if the provided string is a valid IPv6 address with a port.
+
+        Args:
+            x (str): The string to be checked.
+
+        Returns:
+            tuple: A tuple containing the extracted IPv6 address and port if valid, False otherwise.
+        """
+        if ":" in x:
+            # Use regex to extract the IPv6 address and port.
+            match = re.match(r"\[(.*)\]:(.*)", x)
+            print([x, match])
+            if match:
+                ip_address, port = match.groups()
+
+                try:
+                    # Validate the IPv6 address part.
+                    ip = IPv6Address(ip_address)
+                    print("yes", ip.exploded)
+
+                    # Validate the port part.
+                    if 1 <= int(port) <= 65535:
+                        return ip_address, port
+                except ValueError:
+                    pass
+
+        return False

txt2stix/pattern/extractors/others/__init__.py

@@ -0,0 +1,22 @@
+from .asn_extractor import ASNExtractor
+from .cpe_extractor import CPEExtractor
+from .cve_extractor import CVEExtractor
+from .email_extractor import EmailAddressExtractor
+from .filename_extractor import FileNameExtractor
+from .iban_extractor import IBANExtractor
+from .mac_address_extractor import MacAddressExtractor
+from .phonenumber_extractor import PhoneNumberExtractor
+from .user_agent_extractor import UserAgentBaseExtractor
+from .windows_registry_key_extractor import WindowsRegistryKeyExtractor
+
+OTHER_EXTRACTORS = [ASNExtractor,
+                    CPEExtractor,
+                    CVEExtractor,
+                    EmailAddressExtractor,
+                    FileNameExtractor,
+                    IBANExtractor,
+                    MacAddressExtractor,
+                    PhoneNumberExtractor,
+                    UserAgentBaseExtractor,
+                    WindowsRegistryKeyExtractor
+                    ]

txt2stix/pattern/extractors/others/asn_extractor.py

@@ -0,0 +1,14 @@
+from ..base_extractor import BaseExtractor
+
+
+class ASNExtractor(BaseExtractor):
+    """
+    A class for extracting Autonomous System Numbers (ASNs) from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "asn".
+        extraction_regex (str): The regular expression pattern used for extracting ASNs from the text.
+    """
+
+    name = "pattern_autonomous_system_number"
+    extraction_regex = r"\b(?:ASN?)(?: )?(\d{1,5})\b"

txt2stix/pattern/extractors/others/cpe_extractor.py

@@ -0,0 +1,29 @@
+from ..base_extractor import BaseExtractor
+
+
+class CPEExtractor(BaseExtractor):
+    """
+    A class for extracting Common Platform Enumeration (CPE) strings from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "cpe".
+        extraction_function (function): The custom extraction function to validate and extract CPE strings.
+    """
+
+    name = "pattern_cpe_uri"
+    extraction_function = lambda x: CPEExtractor.is_valid_cpe(x)
+
+    @staticmethod
+    def is_valid_cpe(cpe_string):
+        """
+        Custom extraction function to validate if the provided string is a valid CPE string.
+
+        Args:
+            cpe_string (str): The string to be checked.
+
+        Returns:
+            bool: True if the CPE string is valid, False otherwise.
+        """
+
+        if cpe_string.startswith('cpe:') and cpe_string.count(':') == 12:
+            return True

txt2stix/pattern/extractors/others/cve_extractor.py

@@ -0,0 +1,14 @@
+from ..base_extractor import BaseExtractor
+
+
+class CVEExtractor(BaseExtractor):
+    """
+    A class for extracting Common Vulnerabilities and Exposures (CVE) identifiers from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "cve".
+        extraction_regex (str): The regular expression pattern used for extracting CVE identifiers from the text.
+    """
+
+    name = "pattern_cve_id"
+    extraction_regex = r'\bCVE-\d{4}-\d{4,5}\b'

txt2stix/pattern/extractors/others/email_extractor.py

@@ -0,0 +1,21 @@
+from ..base_extractor import BaseExtractor
+from ..helper import TLDs
+
+
+class EmailAddressExtractor(BaseExtractor):
+    """
+    A class for extracting valid email addresses from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "email".
+        extraction_regex (function): The custom extraction function to validate and extract email addresses.
+    """
+    name = "pattern_email_address"
+    extraction_regex = r'[\w.+-]+@[\w-]+\.[\w.-]+'
+
+    @staticmethod
+    def filter_function(email):
+        x = email.split("@")
+        domain = x[-1].split(".")[-1]
+        if domain in TLDs:
+            return True

txt2stix/pattern/extractors/others/filename_extractor.py

@@ -0,0 +1,17 @@
+from ..base_extractor import BaseExtractor
+
+class FileNameExtractor(BaseExtractor):
+    """
+    A class for extracting file names with suspicious file extensions from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "file_name".
+        file_extensions (str): A string containing the regex pattern for suspicious file extensions.
+        extraction_regex (str): The regular expression pattern used for extracting file names with suspicious extensions.
+    """
+
+    name = "pattern_file_name"
+    file_extensions = "(?:(?:7(?:Z|z))|(?:AP(?:K|P))|(?:B(?:AT|IN|MP))|(?:C(?:LASS|AB|ER|GI|HM|MD|RX))|(?:D(?:OCX?|EB|LL))|EXE|FLV|(?:G(?:ADGET|IF|Z))|INF|(?:J(?:A(?:VA|R)|PG|S))|(?:L(?:NK|OG))|(?:M(?:O(?:F|V)|P(?:4|G)|S(?:G|I)|4V))|ODT|(?:P(?:LUGIN|PTX?|7S|DF|HP|NG|SD|F|Y))|(?:R(?:AR|PM))|(?:S(?:VG|WF|YS|O))|(?:T(?:IFF?|AR|GZ|MP|XT))|(?:V(?:BS|IR))|(?:W(?:MV|SF))|XLSX?|ZIPX?|(?:ap(?:k|p))|(?:b(?:at|in|mp))|(?:c(?:lass|ab|er|gi|hm|md|rx))|(?:d(?:ocx?|eb|ll))|exe|flv|(?:g(?:adget|if|z))|inf|(?:j(?:a(?:va|r)|pg|s))|(?:l(?:nk|og))|(?:m(?:o(?:f|v)|p(?:4|g)|s(?:g|i)|4v))|odt|(?:p(?:lugin|ptx?|7s|df|hp|ng|sd|f|y))|(?:r(?:ar|pm))|(?:s(?:vg|wf|ys|o))|(?:t(?:iff?|ar|gz|mp|xt))|(?:v(?:bs|ir))|(?:w(?:mv|sf))|xlsx?|zipx?)"
+    extraction_regex = rf"(?!['\"])([^\\/:\*\?\"\<\>\|\s]*)\.({file_extensions})(?!\()"
+
+

txt2stix/pattern/extractors/others/iban_extractor.py

@@ -0,0 +1,15 @@
+from validators import iban
+from ..base_extractor import BaseExtractor
+
+
+class IBANExtractor(BaseExtractor):
+    """
+    A class for extracting International Bank Account Number (IBAN) codes from text using a custom extraction function.
+
+    Attributes:
+        name (str): The name of the extractor, set to "IBAN".
+        extraction_function (function): The custom extraction function to validate and extract IBAN codes.
+    """
+
+    name = "pattern_iban_number"
+    extraction_function = lambda x: iban(x)

txt2stix/pattern/extractors/others/mac_address_extractor.py

@@ -0,0 +1,13 @@
+from ..base_extractor import BaseExtractor
+
+class MacAddressExtractor(BaseExtractor):
+    """
+    A class for extracting MAC addresses from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "mac_address".
+        extraction_regex (str): The regular expression pattern used for extracting MAC addresses from the text.
+    """
+
+    name = "pattern_mac_address"
+    extraction_regex = r'([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})'

txt2stix/pattern/extractors/others/phonenumber_extractor.py

@@ -0,0 +1,41 @@
+import re
+
+import phonenumbers
+from ..base_extractor import BaseExtractor
+
+
+class PhoneNumberExtractor(BaseExtractor):
+    """
+    A class for extracting phone numbers from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "phone_number".
+        extraction_regex (str): The regular expression pattern used for extracting phone numbers from the text.
+    """
+
+    name = "pattern_phone_number"
+    extraction_regex = r'((\+|00)\d{1,3}[ \-]?\d{1,5}[ \-]?\d{1,5}[ \-]?\d{1,5})'
+
+    @staticmethod
+    def validate_phone_number(regex, phone_number):
+        match = re.fullmatch(regex, phone_number)
+        return match
+
+    @staticmethod
+    def filter_function(input_string):
+        input_string = input_string.replace(" ", "")
+        if len(input_string) >= 15 or len(input_string) <= 7:
+            return False
+        return PhoneNumberExtractor.parse_phone_number(input_string)
+    
+    @staticmethod
+    def parse_phone_number(phone_number: str):
+        try:
+            phone_number = '+' + phone_number.replace(' ', '').removeprefix('00').removeprefix('+')
+            phone = phonenumbers.parse(phone_number, None)
+            if not phonenumbers.is_valid_number(phone):
+                return None
+            return phone
+        except:
+            return None
+

txt2stix/pattern/extractors/others/user_agent_extractor.py

@@ -0,0 +1,20 @@
+from ..base_extractor import BaseExtractor
+
+
+class UserAgentBaseExtractor(BaseExtractor):
+    """
+    A class for extracting user agent strings from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "user_agent".
+        platforms (str): The regex pattern to match the user agent platform name.
+        user_agent_details (str): The regex pattern to match additional user agent details within parentheses.
+        user_agent (str): The regex pattern to match the entire user agent string.
+        extraction_regex (str): The regular expression pattern used for extracting user agent strings from the text.
+    """
+
+    name = "pattern_user_agent"
+    platforms = r"([a-zA-Z]+)"
+    user_agent_details = r"\([\w;\s\,.:-]+\)"
+    user_agent = rf"((User-Agent: )|(user-agent: ))?Mozilla/5.0([ ](({user_agent_details})|(({platforms}/)[^\s\"\',]+)))+"
+    extraction_regex = r"Mozilla\/\d+\.\d+(\s+\([^\)]+\))?"

txt2stix/pattern/extractors/others/windows_registry_key_extractor.py

@@ -0,0 +1,18 @@
+import re
+from ..base_extractor import BaseExtractor
+
+
+class WindowsRegistryKeyExtractor(BaseExtractor):
+    """
+    A class for extracting valid Windows Registry keys from text using a regular expression.
+
+    Attributes:
+        name (str): The name of the extractor, set to "windows_registry_key".
+        valid_root_keys (str): The valid root keys of the Windows Registry.
+        extraction_regex (str): The regular expression pattern used for extracting Windows Registry keys from the text.
+    """
+
+    name = "pattern_windows_registry_key"
+    valid_root_keys = ['HKEY_CLASSES_ROOT', 'HKCR', 'HKEY_CURRENT_USER', 'HKCU', 'HKEY_LOCAL_MACHINE', 'HKLM', 'HKEY_USERS', 'HKU', 'HKEY_CURRENT_CONFIG', 'HKCC', 'HKEY_PERFORMANCE_DATA', 'HKEY_DYN_DATA']
+    prefix_regex = r'(?:' + '|'.join(re.escape(item) for item in valid_root_keys) + r')'
+    extraction_regex = rf'\b({prefix_regex}[\\\w]+)\b'

txt2stix/pattern/extractors/url/__init__.py

@@ -0,0 +1,7 @@
+from .url_file_extractor import URLFileExtractor
+from .url_path_extractor import URLPathExtractor
+from .url_extractor import URLExtractor
+
+URL_EXTRACTORS = [URLFileExtractor,
+                  URLPathExtractor
+                  ]

txt2stix/pattern/extractors/url/url_extractor.py

@@ -0,0 +1,22 @@
+
+from .url_path_extractor import URLPathExtractor
+
+
+
+class URLExtractor(URLPathExtractor):
+    """
+    A class for extracting valid URLs from text using a combination of regular expressions and validation functions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "url".
+        extraction_function (function): The extraction function that validates and extracts URLs from the given text.
+    """
+
+    name = "pattern_url"
+    filter_function = lambda url: not URLPathExtractor.is_path(url) and URLPathExtractor.validate_host(url)
+
+
+class HostnameUrlExtractor(URLExtractor):
+    name = "pattern_host_name_url"
+
+    filter_function = lambda url: not URLPathExtractor.is_path(url) and URLPathExtractor.validate_host(url, validate_tld=False)

txt2stix/pattern/extractors/url/url_file_extractor.py

@@ -0,0 +1,21 @@
+
+from ..helper import validate_file_extension
+from .url_path_extractor import URLPathExtractor
+
+
+class URLFileExtractor(URLPathExtractor):
+    """
+    A class for extracting valid URLs from text using a combination of regular expressions and validation functions.
+
+    Attributes:
+        name (str): The name of the extractor, set to "url".
+        extraction_function (function): The extraction function that validates and extracts URLs from the given text.
+    """
+
+    name = "pattern_url_file"
+    filter_function = lambda url: URLFileExtractor.is_path(url) and URLPathExtractor.validate_host(url) and validate_file_extension(url)
+    
+
+class HostnameFileExtractor(URLFileExtractor):
+    name = "pattern_host_name_file"
+    filter_function = lambda url: URLFileExtractor.is_path(url) and validate_file_extension(url) and URLPathExtractor.validate_host(url, validate_tld=False)

txt2stix/pattern/extractors/url/url_path_extractor.py

@@ -0,0 +1,74 @@
+import tldextract
+import validators
+
+from txt2stix import utils
+
+from ..base_extractor import BaseExtractor
+from ..helper import check_false_positive_domain, validate_file_extension
+from urllib.parse import urlparse
+from ipaddress import ip_address
+
+
+class URLPathExtractor(BaseExtractor):
+    """
+    URLPathExtractor is a class that extracts URLs from input data using a simple validation mechanism.
+
+    Attributes:
+        name (str): The name of the extractor.
+        extraction_function (function): The function to extract URLs.
+    """
+    name = "pattern_url_path"
+    extraction_function = lambda url: URLPathExtractor.is_valid_url(url)
+    filter_function = lambda url: URLPathExtractor.is_path(url) and URLPathExtractor.validate_host(url) and not validate_file_extension(url)
+
+    @classmethod
+    def is_path(cls, url):
+        path = urlparse(url).path
+        if path and path != "/":
+            return True
+        return False
+
+    @classmethod
+    def validate_host(cls, url, validate_tld=True):
+        uri = urlparse(url)
+        if not validators.hostname(uri.hostname):
+            return False
+        if validate_tld and not cls.is_ip_address(uri.hostname):
+            return utils.validate_tld(uri.hostname)
+        return True
+
+    @staticmethod
+    def is_ip_address(address):
+        try:
+            ip_address(address)
+            return True
+        except:
+            return False
+    @staticmethod
+    def is_valid_url(url):
+        """
+        Checks if a given URL is valid and does not point to a file.
+
+        Args:
+            url (str): The URL to be validated.
+
+        Returns:
+            bool: True if the URL is valid and doesn't point to a file, False otherwise.
+        """
+        try:
+            # Check if "http" or "www" is present in the URL
+            if validators.url(url):
+                extracted_domain = tldextract.extract(url)
+                if check_false_positive_domain(extracted_domain.domain):
+                        return True
+        except Exception as e:
+            # An exception occurred, consider the URL invalid
+            return False
+
+        # Default case: URL is not valid or doesn't meet the conditions
+        return False
+
+
+class HostnamePathExtractor(URLPathExtractor):
+    name = "pattern_host_name_path"
+    filter_function = lambda url: URLPathExtractor.is_path(url) and URLPathExtractor.validate_host(url, validate_tld=False) and not validate_file_extension(url)

txt2stix/retriever.py

@@ -0,0 +1,126 @@
+import logging
+from urllib.parse import urljoin
+import dotenv, os
+import stix2
+import requests
+
+dotenv.load_dotenv()
+
+
+class STIXObjectRetriever:
+    def __init__(self, host="ctibutler") -> None:
+        if host == "ctibutler":
+            self.api_root = os.environ['CTIBUTLER_BASE_URL'] + '/'
+            self.api_key = os.environ.get('CTIBUTLER_API_KEY')
+        elif host == "vulmatch":
+            self.api_root = os.environ['VULMATCH_BASE_URL'] + '/'
+            self.api_key = os.environ.get('VULMATCH_API_KEY')
+        else:
+            raise NotImplementedError("The type `%s` is not supported", host)
+
+    def get_attack_object(self, matrix, attack_id):
+        endpoint = urljoin(self.api_root, f"v1/attack-{matrix}/objects/{attack_id}/")
+        return self._retrieve_objects(endpoint)
+    
+    def get_attack_objects(self, matrix, attack_ids):
+        endpoint = urljoin(self.api_root, f"v1/attack-{matrix}/objects/?attack_id={','.join(attack_ids)}")
+        return self._retrieve_objects(endpoint)
+    
+    def get_objects_by_id(self, id, type):
+        return self._retrieve_objects(urljoin(self.api_root, f"v1/{type}/objects/{id}/"))
+    
+    def get_location_objects(self, id):
+        return self._retrieve_objects(urljoin(self.api_root, f"v1/location/objects/?alpha2_code={id}"))
+    
+    def get_objects_by_name(self, name, type):
+        return self._retrieve_objects(urljoin(self.api_root, f"v1/{type}/objects/?name={name}"))
+    
+    def get_objects_by_alias(self, alias, type):
+        return self._retrieve_objects(urljoin(self.api_root, f"v1/{type}/objects/?alias={alias}"))
+    
+    def _retrieve_objects(self, endpoint, key='objects'):
+        s = requests.Session()
+        s.headers.update({
+            "API-KEY":  self.api_key,
+        })
+        data = []
+        page = 1
+        while True:
+            resp = s.get(endpoint, params=dict(page=page, page_size=50))
+            resp.raise_for_status()
+            d = resp.json()
+            if len(d[key]) == 0:
+                break
+            data.extend(d[key])
+            page+=1
+            if d['page_results_count'] < d['page_size']:
+                break
+        return data
+    
+def retrieve_stix_objects(stix_mapping: str, id, host=None):
+    try:
+        object_path = stix_mapping
+        if stix_mapping in ['location']:
+            host = 'ctibutler'
+        if not host:
+            host, object_path = stix_mapping.split('-', 1)
+        retreiver = STIXObjectRetriever(host)
+        match object_path:
+            ### ATT&CK by ID
+            case 'mitre-attack-ics-id':
+                return retreiver.get_attack_object('ics', id)
+            case 'mitre-attack-mobile-id':
+                return retreiver.get_attack_object('mobile', id)
+            case 'mitre-attack-enterprise-id':
+                return retreiver.get_attack_object('enterprise', id)
+            
+            ### Others by ID
+            case "mitre-capec-id":
+                return retreiver.get_objects_by_id(id, 'capec')
+            case "mitre-atlas-id":
+                return retreiver.get_objects_by_id(id, 'atlas')
+            case "disarm-id":
+                return retreiver.get_objects_by_id(id, 'disarm')
+            case "mitre-cwe-id":
+                return retreiver.get_objects_by_id(id, 'cwe')
+            case "cve-id":
+                return retreiver.get_objects_by_id(id, 'cve')
+            case "cpe-id":
+                return retreiver.get_objects_by_id(id, 'cpe')
+            case "location":
+                return retreiver.get_location_objects(id)
+            
+            ### ATT&CK by Name
+            case "mitre-attack-enterprise-name":
+                return retreiver.get_objects_by_name(id, 'attack-enterprise')
+            case "mitre-attack-mobile-name":
+                return retreiver.get_objects_by_name(id, 'attack-mobile')
+            case "mitre-attack-ics-name":
+                return retreiver.get_objects_by_name(id, 'attack-ics')
+            
+            ### ATT&CK by Alias
+            case "mitre-attack-enterprise-aliases":
+                return retreiver.get_objects_by_alias(id, 'attack-enterprise')
+            case "mitre-attack-mobile-aliases":
+                return retreiver.get_objects_by_alias(id, 'attack-mobile')
+            case "mitre-attack-ics-aliases":
+                return retreiver.get_objects_by_alias(id, 'attack-ics')
+            
+            ### OTHERS by Name
+            case "mitre-capec-name":
+                return retreiver.get_objects_by_name(id, 'capec')
+            case "mitre-cwe-name":
+                return retreiver.get_objects_by_name(id, 'cwe')
+            case "mitre-atlas-name":
+                return retreiver.get_objects_by_name(id, 'atlas')
+            case "disarm-name":
+                return retreiver.get_objects_by_name(id, 'disarm')
+            case _:
+                raise NotImplementedError(f"pair {(host, object_path)=} not implemented")
+    except (NotImplementedError, ValueError):
+        pass
+    except Exception as e:
+        msg = f"failed to get {object_path} for {id} from {host}"
+        logging.info(msg)
+        logging.debug(msg, exc_info=True)
+    return None

txt2stix/stix.py

@@ -0,0 +1 @@
+from txt2stix.bundler import *