txt2stix 0.0.4__py3-none-any.whl

txt2stix/includes/extractions/ai/config.yaml

@@ -0,0 +1,1023 @@
+# ====== AI EXTRACTIONS =====
+
+####### IPv4 extractions #######
+
+ai_ipv4_address_only:
+  type: ai
+  dogesec_web: true
+  name: 'IPv4 Address Only'
+  description: 'Extracts IPv4 addresses, but not with CIDR or Ports'
+  notes: 'pattern_ipv4_address_only legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv4 addresses from the text.'
+  prompt_helper: 'Do not include any IPv4s that contain a port or CIDR.'
+  prompt_conversion: ''
+  test_cases: generic_ipv4_address_only
+  stix_mapping: ipv4-addr
+
+ai_ipv4_address_cidr:
+  type: ai
+  dogesec_web: true
+  name: 'IPv4 Address with CIDR'
+  description: 'Extracts IPv4 addresses with CIDRs'
+  notes: 'pattern_ipv4_address_cidr legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv4 addresses with a CIDR from the text.'
+  prompt_helper: 'Do not include any IPs that do not have a CIDR.'
+  prompt_conversion: ''
+  test_cases: ipv4_address_cidr
+  stix_mapping: ipv4-addr
+
+ai_ipv4_address_port:
+  type: ai
+  dogesec_web: true
+  name: 'IPv4 Address with Port'
+  description: 'Extracts IPv4 addresses with Port'
+  notes: 'pattern_ipv4_address_port legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv4 addresses with a port from the text.'
+  prompt_helper: 'Do not include any IPv4s that do not contain a port number'
+  prompt_conversion: ''
+  test_cases: ipv4_address_port
+  stix_mapping: ipv4-addr-port
+
+####### IPv6 extractions #######
+
+ai_ipv6_address_only:
+  type: ai
+  dogesec_web: true
+  name: 'IPv6 Address Only'
+  description: 'Extracts IPv6 addresses, but not with CIDR or Ports'
+  notes: 'pattern_ipv6_address_only legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv6 addresses from the text.'
+  prompt_helper: 'Do not include any IPv6s that contain a port or CIDR.'
+  prompt_conversion: ''
+  test_cases: generic_ipv6_address_only
+  stix_mapping: ipv6-addr
+
+ai_ipv6_address_cidr:
+  type: ai
+  dogesec_web: true
+  name: 'IPv6 Address with CIDR'
+  description: 'Extracts IPv6 addresses with CIDRs'
+  notes: 'pattern_ipv6_address_cidr legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv6 addresses with a CIDR from the text.'
+  prompt_helper: 'Do not include any IPv6s that do not contain a CIDR'
+  prompt_conversion: ''
+  test_cases: generic_ipv6_address_cidr
+  stix_mapping: ipv6-addr
+
+ai_ipv6_address_port:
+  type: ai
+  dogesec_web: true
+  name: 'IPv6 Address with Port'
+  description: 'Extracts IPv6 addresses with Port'
+  notes: 'pattern_ipv6_address_port legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all IPv6 addresses with a CIDR from the text.'
+  prompt_helper: 'Do not include any IPv6s that do not contain a port number'
+  prompt_conversion: ''
+  test_cases: generic_ipv6_address_port
+  stix_mapping: ipv6-addr-port
+
+####### Domain name extractions #######
+
+ai_domain_name_only:
+  type: ai
+  dogesec_web: true
+  name: 'Domain name only'
+  description: 'Extracts domains, but not subdomains or IPv4 addresses. Must have a valid TLD. Ensure the top level domain is valid.'
+  notes: 'pattern_domain_name_only legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all valid root domain names from the text. Do not extract subdomains.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_domain_name_only
+  stix_mapping: domain-name
+
+ai_domain_name_subdomain:
+  type: ai
+  dogesec_web: true
+  name: 'Subdomain name only'
+  description: 'Extracts subdomains, but not root domains or IPv4 addresses. Must have a valid TLD. Ensure the top level domain is valid.'
+  notes: 'pattern_domain_name_subdomain legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all valid subdomain names from the text. Do not extract root domains.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_domain_name_subdomain
+  stix_mapping: domain-name
+
+####### URL extractions #######
+
+ai_url:
+  type: ai
+  dogesec_web: true
+  name: 'URL Only'
+  description: 'Extracts base URLs (can be IPs) with no path/file extension. If the sub/domain part is not an IP, then it must have a valid TLD.'
+  notes: 'pattern_url legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all URLs with no path/file extension from the text. If the sub/domain part is not an IP, then it must have a valid TLD.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_url
+  stix_mapping: url
+
+ai_url_file:
+  type: ai
+  dogesec_web: true
+  name: 'URL with file extension'
+  description: 'Extracts URLs with file extension in path. If the sub/domain part is not an IP, then it must have a valid TLD. Filetype must also match valid filetype. Similar to pattern_url except checks for URL with path to file'
+  notes: 'pattern_url_file legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all URLs with file extension in path from the text. If the sub/domain part is not an IP, then it must have a valid TLD. The file must match valid filetype.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_url_file
+  stix_mapping: url
+
+ai_url_path:
+  type: ai
+  dogesec_web: true
+  name: 'URL path'
+  description: 'Extracts URLs without file extension in path. If the sub/domain part is not an IP, then it must have a valid TLD. Similar to pattern_url except checks for URL with path but without file'
+  notes: 'pattern_url_path legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all URLs without a file extension in their path from the text. If the sub/domain part is not an IP, then it must have a valid TLD.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_url_path
+  stix_mapping: url
+
+####### Hostname extractions #######
+
+ai_host_name:
+  type: ai
+  dogesec_web: true
+  name: 'Hostname extractions'
+  description: 'Extracts hostnames that fail domain TLD validation. Captures data that fails pattern_domain_name TLD validation.'
+  notes: 'pattern_host_name legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all hostnames from the text. Hostnames should not have a valid TLD extension (these are domains).'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_host_name
+  stix_mapping: domain-name
+
+ai_host_name_subdomain:
+  type: ai
+  dogesec_web: true
+  name: 'Hostname (subdomain) extractions'
+  description: 'Extracts hostnames that fail subdomain TLD validation. Captures data that fails pattern_domain_name_subdomain TLD validation.'
+  notes: 'pattern_host_name_subdomain legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all sub-hostnames from the text. Sub-hostnames should not have a valid TLD extension.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_host_name_subdomain
+  stix_mapping: domain-name
+
+ai_host_name_url:
+  type: ai
+  dogesec_web: true
+  name: 'Hostname extractions inside URL'
+  description: 'Extracts hostnames/sub hostnames with full URLs that fail subdomain TLD validation. Captures data that fails pattern_url TLD validation.'
+  notes: 'pattern_host_name_url legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all hostnames / sub-hostnames with full URLs from the text. All extractions should not have a valid TLD extension.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_host_name_url
+  stix_mapping: url
+
+ai_host_name_file:
+  type: ai
+  dogesec_web: true
+  name: 'Hostname with file extension'
+  description: 'Extracts hostnames/sub hostnames with full URLs with file extension in path. Captures data that fails pattern_url_file TLD validation.'
+  notes: 'pattern_host_name_file legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all hostnames / sub-hostnames with full URLs from the text that contain a path to a valid file extension. All extractions should not have a valid TLD extension. All file extensions should be valid file extensions.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_host_name_file
+  stix_mapping: url
+
+ai_host_name_path:
+  type: ai
+  dogesec_web: true
+  name: 'Hostname path'
+  description: 'Extracts hostnames/sub hostnames with full URLs without file extension in path. Captures data that fails pattern_url_path TLD validation.'
+  notes: 'pattern_host_name_path legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all hostnames / sub-hostnames with full URLs (but do not contain a path to a file) from the text that. All extractions should not have a valid TLD extension. All file extensions should be valid file extensions.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_host_name_path
+  stix_mapping: url
+
+####### Directory path extractions #######
+
+ai_directory_windows:
+  type: ai
+  dogesec_web: true
+  name: 'Windows Directory'
+  description: 'Extracts a Windows directory path. The .net docs provide a good overview to Windows paths: https://github.com/dotnet/docs/blob/main/docs/standard/io/file-path-formats.md#file-path-formats-on-windows-systems'
+  notes: 'pattern_directory_windows legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Windows directory paths from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_directory_windows
+  stix_mapping: directory
+
+ai_directory_windows_with_file:
+  type: ai
+  dogesec_web: true
+  name: 'Windows Directory with file reported'
+  description: 'Similar to pattern_directory_windows, but captures paths that include the file printed.'
+  notes: 'pattern_directory_windows_with_file legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Windows directory paths from the text that contain a path to a file. Ensure the file type extension is valid.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_directory_windows_with_file
+  stix_mapping: directory-file
+
+ai_directory_unix:
+  type: ai
+  dogesec_web: true
+  name: 'UNIX Directory'
+  description: 'Extracts a UNIX directory path'
+  notes: 'pattern_directory_unix legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all UNIX directory paths from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_directory_unix
+  stix_mapping: directory
+
+ai_directory_unix_file:
+  type: ai
+  dogesec_web: true
+  name: 'UNIX Directory with file'
+  description: 'Similar to pattern_directory_unix, but captures paths that include the file printed.'
+  notes: 'pattern_directory_unix_file legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all UNIX directory paths from the text that contain a path to a file. Ensure the file type extension is valid.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_directory_unix_file
+  stix_mapping: directory-file
+
+####### File extractions #######
+
+ai_file_name:
+  type: ai
+  dogesec_web: true
+  name: 'File name'
+  description: 'Extracts filename. The file extension must match a valid file extension. filenames have three parts `<NAME>.<EXTENSION>`. Filetypes only contain a single `.`. Note, the `.` and `<EXTENSION>` part are required, but `<NAME>` is optional (because hidden files can be in format like; `.DS_Store`). Uses helpers/mimetype_filename_extension_list.csv to check valid file extension.'
+  notes: 'pattern_file_name legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all file names from the text. Ensure the file type extension is valid.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_name
+  stix_mapping: file
+
+ai_file_hash_all:
+  type: ai
+  dogesec_web: true
+  name: 'File Hash All'
+  description: 'Extracts MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 file hashes'
+  notes: ''
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 file hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_hash_all
+  stix_mapping: file-hash
+
+ai_file_hash_md5:
+  type: ai
+  dogesec_web: false
+  name: 'File Hash MD5'
+  description: 'Extracts MD5 file hashes'
+  notes: 'pattern_file_hash_md5 legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all MD5 hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_hash_md5
+  stix_mapping: file-hash
+
+ai_file_hash_sha_1:
+  type: ai
+  dogesec_web: false
+  name: 'File Hash SHA-1'
+  description: 'Extracts SHA-1 file hashes'
+  notes: 'pattern_file_hash_sha_1 legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all SHA-1 hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_hash_sha_1
+  stix_mapping: file-hash
+
+ai_file_hash_sha_256:
+  type: ai
+  dogesec_web: false
+  name: 'File Hash SHA-256'
+  description: 'Extracts SHA-256 file hashes'
+  notes: 'pattern_file_hash_sha_256 legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all SHA-256 hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_hash_sha_256
+  stix_mapping: file-hash
+
+ai_file_hash_sha_512:
+  type: ai
+  dogesec_web: false
+  name: 'File Hash SHA-512'
+  description: 'Extracts SHA-512 file hashes'
+  notes: 'pattern_file_hash_sha_512 legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all SHA-512 hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_file_hash_sha_512
+  stix_mapping: file-hash
+
+####### Email address extractions #######
+
+ai_email_address:
+  type: ai
+  dogesec_web: true
+  name: 'Email addresses'
+  description: 'Extracts emails with valid TLDs'
+  notes: 'pattern_email_address legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all email addresses from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_email_address
+  stix_mapping: email-addr
+
+####### MAC address extractions #######
+
+ai_mac_address:
+  type: ai
+  dogesec_web: true
+  name: 'MAC Addresses'
+  description: 'Extracts MAC addresses with either `-` or `:` separators.'
+  notes: 'pattern_mac_address legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all MAC addresses from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_mac_address
+  stix_mapping: mac-addr
+
+####### Windows registry key extractions #######
+
+ai_windows_registry_key:
+  type: ai
+  dogesec_web: true
+  name: 'Windows Registry Key'
+  description: 'Must start with a valid prefix as defined in /includes/helpers/windows_registry_key_prefix.txt'
+  notes: 'pattern_windows_registry_key legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Windows Registry Keys from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_windows_registry_key
+  stix_mapping: windows-registry-key
+
+####### User agent extractions #######
+
+ai_user_agent:
+  type: ai
+  dogesec_web: true
+  name: 'User Agent'
+  description: 'Will capture a string that looks like a user agent. User Agents should follow: https://www.rfc-editor.org/rfc/rfc7231#section-5.5.3 . The problem here is that there is no defined prefix for user agent strings, they can be anything. txt2stix follows a similar approach to: https://regex101.com/r/nXKYBB/3'
+  notes: 'pattern_user_agent legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all user agents from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_user_agent
+  stix_mapping: user-agent
+
+####### ASN extractions #######
+
+ai_autonomous_system_number:
+  type: ai
+  dogesec_web: true
+  name: 'Autonomous System Numbers (ASN)'
+  description: 'Always follow the formats: `ASN XXXXX` (e.g  `ASN15139`), `ASNXXXXX` (e.g  `ASN 15139`), `AS XXXXX` (e.g  `AS15139`), or `ASXXXXX` (e.g  `AS 15139`)'
+  notes: 'pattern_user_agent legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Autonomous System Numbers (ASN)'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_autonomous_system_number
+  stix_mapping: autonomous-system
+
+####### Cryptocurrency extractions #######
+
+ai_cryptocurrency_btc_wallet:
+  type: ai
+  dogesec_web: true
+  name: 'Cryptocurrency Bitcoin Wallet'
+  description: 'Will extract bitcoin wallet hashes and create a crytocurrency-wallet object'
+  notes: 'pattern_cryptocurrency_btc_wallet legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Bitcoin Wallet hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_cryptocurrency_btc_wallet
+  stix_mapping: cryptocurrency-wallet
+
+ai_cryptocurrency_btc_wallet_transaction:
+  type: ai
+  dogesec_web: true
+  name: 'Cryptocurrency Bitcoin Wallet And Transaction'
+  description: 'Will extract bitcoin wallet hashes and lookup all transactions the extracted wallets have been seen in. Will create a cryptocurrency-wallet object for the wallet extracted, will create cryptocurrency-transaction objects for all transactions the wallet is found in. Use either ai_cryptocurrency_btc_wallet_transaction or ai_cryptocurrency_btc_transaction but not both in same extraction.'
+  notes: 'pattern_cryptocurrency_btc_wallet_transaction legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Bitcoin transaction hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_cryptocurrency_btc_wallet
+  stix_mapping: cryptocurrency-wallet-with-transaction
+
+ai_cryptocurrency_btc_transaction:
+  type: ai
+  dogesec_web: true
+  name: 'Cryptocurrency Bitcoin Transaction'
+  description: 'Will extract bitcoin transaction hashes. Will create a cryptocurrency-transaction object for the transaction extracted and will create cryptocurrency-wallet objects for all wallets seen in the input or output of the transaction. Use either ai_cryptocurrency_btc_wallet_transaction or ai_cryptocurrency_btc_transaction but not both in same extraction.'
+  notes: 'pattern_cryptocurrency_btc_transaction legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Bitcoin transaction hashes from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_cryptocurrency_btc_transaction
+  stix_mapping: cryptocurrency-transaction
+
+####### CVE extractions #######
+
+ai_cve_id:
+  type: ai
+  dogesec_web: true
+  name: 'CVE'
+  description: 'CVEs IDs always take the format; `CVE-YYYY-NNNNN` (e.g. `CVE-2022-29098`) or `CVE-YYYY-NNNN` (e.g. `CVE-1999-0007`).'
+  notes: 'pattern_cve_id legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all CVE IDs from the text.'
+  prompt_helper: ''
+  prompt_conversion: 'If needed, you can read more about CVEs here: https://nvd.nist.gov/vuln'
+  test_cases: generic_cve_id
+  stix_mapping: vulmatch-cve-id
+
+####### CPE extractions #######
+
+ai_cpe_uri:
+  type: ai
+  dogesec_web: true
+  name: 'CPE'
+  description: 'CPE URIs always start with `cpe:2.3` and have 13 parts (or 12 `:` characters)'
+  notes: 'pattern_cpe_uri legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all CPEs match strings from the text.'
+  prompt_helper: ''
+  prompt_conversion: 'If needed, you can read more about CVEs here: https://nvd.nist.gov/products'
+  test_cases: generic_cpe_uri
+  stix_mapping: vulmatch-cpe-id
+
+####### Bank card extractions #######
+
+ai_bank_card_all:
+  type: ai
+  dogesec_web: true
+  name: 'Bank Card All'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: ''
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all MasterCard, Visa, American Express, Union Pay, Diners, JCB, and Discover bank card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_mastercard
+  stix_mapping: bank-card
+
+ai_bank_card_mastercard:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card MasterCard'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_mastercard (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all MasterCard card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_mastercard
+  stix_mapping: bank-card
+
+ai_bank_card_visa:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card Visa'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_visa (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Visa card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_visa
+  stix_mapping: bank-card
+
+ai_bank_card_amex:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card American Express'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_amex (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all American Express card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_amex
+  stix_mapping: bank-card
+
+ai_bank_card_union_pay:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card Union Pay'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_union_pay (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Union Pay card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_union_pay
+  stix_mapping: bank-card
+
+ai_bank_card_diners:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card Diners'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_diners (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Diners card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_diners
+  stix_mapping: bank-card
+
+ai_bank_card_jcb:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card JCB'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_jcb (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all JCB card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_jcb
+  stix_mapping: bank-card
+
+ai_bank_card_discover:
+  type: ai
+  dogesec_web: false
+  name: 'Bank Card Discover'
+  description: 'Will also enrich card information if BIN List API key set'
+  notes: 'RECOMMENDED FOR BETTER ACCURACY: Use pattern_bank_card_discover (AI can be unpredictable with sensitive data)'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Discover card numbers from the text.'
+  prompt_helper: ''
+  prompt_conversion: ''
+  test_cases: generic_bank_card_discover
+  stix_mapping: bank-card
+
+####### IBAN Extractions #######
+
+ai_iban_number:
+  type: ai
+  dogesec_web: true
+  name: 'IBAN'
+  description: 'Will extract IBAN numbers and create a bank-account object'
+  notes: 'pattern_iban_number legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all International Bank Account Numbers (IBAN) from the text.'
+  prompt_helper: 'If needed, you can read more about IBAN numbers with examples here: https://www.iban.com/structure'
+  prompt_conversion: ''
+  test_cases: generic_iban_number
+  stix_mapping: bank-account
+
+####### Phone number Extractions #######
+
+ai_phone_number:
+  type: ai
+  dogesec_web: true
+  name: 'Phone number'
+  description: 'Will extract phone numbers and create a phone-number object'
+  notes: 'pattern_phone_number legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all phone numbers from the text.'
+  prompt_helper: 'If needed, you can read more about the E.164 standard with examples here: https://en.wikipedia.org/wiki/E.164'
+  prompt_conversion: 'Please convert the number to the E.164 standard with the correct country code. Remove any whitespace from the final value.'
+  test_cases: generic_phone_number
+  stix_mapping: phone-number
+
+####### County extractions #######
+
+ai_country:
+  type: ai
+  dogesec_web: true
+  name: 'Country'
+  description: 'Will extract countries, turn into two digit country codes, and import location object from CTI Butler.'
+  notes: 'lookup_country_alpha2 legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all countries described in the text, including countries printed as IS0-3166 Alpha2 and Alpha3 codes.'
+  prompt_helper: 'If you are unsure, you can read more about the standard here: https://www.iso.org/iso-3166-country-codes.html'
+  prompt_conversion: 'Convert all country extractions to their corresponding IS0-3166 Alpha2 codes.'
+  test_cases: ai_country
+  stix_mapping: ctibutler-location
+
+####### MITRE ATT&CK #######
+
+ai_mitre_attack_enterprise:
+  type: ai
+  dogesec_web: true
+  name: 'MITRE ATT&CK Enterprise'
+  description: 'Will extract references to MITRE ATT&CK Enterprise objects, convert to ID, and import object from CTI Butler.'
+  notes: 'lookup_mitre_attack_enterprise_id and lookup_mitre_attack_enterprise_name legacy extractions also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all references to MITRE ATT&CK Enterprise tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Mobile in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/enterprise/'
+  prompt_conversion: 'You should respond with only the ATT&CK ID.'
+  test_cases: ai_mitre_attack_enterprise
+  stix_mapping: ctibutler-mitre-attack-enterprise-id
+
+ai_mitre_attack_mobile:
+  type: ai
+  dogesec_web: true
+  name: 'MITRE ATT&CK Mobile'
+  description: 'Will extract references to MITRE ATT&CK Mobile objects, convert to ID, and import object from CTI Butler.'
+  notes: 'lookup_mitre_attack_mobile_id and lookup_mitre_attack_mobile_name legacy extractions also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all references to MITRE ATT&CK Mobile tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK ICS or MITRE ATT&CK Enterprise in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/mobile/'
+  prompt_conversion: 'You should respond with only the ATT&CK ID.'
+  test_cases: ai_mitre_attack_mobile
+  stix_mapping: ctibutler-mitre-attack-mobile-id
+
+ai_mitre_attack_ics:
+  type: ai
+  dogesec_web: true
+  name: 'MITRE ATT&CK ICS'
+  description: 'Will extract references to MITRE ATT&CK ICS objects, convert to ID, and import object from CTI Butler.'
+  notes: 'lookup_mitre_attack_ics_id and lookup_mitre_attack_ics_name legacy extractions also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all references to MITRE ATT&CK ICS tactics, techniques, groups, data sources, mitigations, software, and campaigns described in the text. These references may not be explicit in the text so you should be careful to account for the natural language of the text your analysis. Do not include MITRE ATT&CK Mobile or MITRE ATT&CK Enterprise in the results.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE ATT&CK Enterprise here: https://attack.mitre.org/matrices/ics/'
+  prompt_conversion: 'You should respond with only the ATT&CK ID.'
+  test_cases: ai_mitre_attack_ics
+  stix_mapping: ctibutler-mitre-attack-ics-id
+
+####### MITRE CAPEC #######
+
+ai_mitre_capec:
+  type: ai
+  dogesec_web: true
+  name: 'MITRE CAPEC ID'
+  description: 'Will extract references to MITRE CAPEC objects, convert to ID, and import object from CTI Butler.'
+  notes: 'lookup_mitre_capec_id and lookup_mitre_capec_name legacy extractions also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all references to a MITRE CAPEC object from the text.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://capec.mitre.org/'
+  prompt_conversion: 'You should respond with only the CAPEC ID.'
+  test_cases: ai_mitre_capec
+  stix_mapping: ctibutler-mitre-capec-id
+
+####### MITRE CWE #######
+
+ai_mitre_cwe:
+  type: ai
+  dogesec_web: true
+  name: 'MITRE CWE'
+  description: 'Will extract references to MITRE CWE objects, convert to ID, and import object from CTI Butler.'
+  notes: 'lookup_mitre_cwe_id and lookup_mitre_cwe_name legacy extractions also exists if you cannot use AI'
+  created: 2020-01-01
+  modified: 2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all references to a MITRE CWE object from the text.'
+  prompt_helper: 'If you are unsure, you can learn more about MITRE CAPEC here: https://cwe.mitre.org/'
+  prompt_conversion: 'You should respond with only the CWE ID.'
+  test_cases: ai_mitre_cwe
+  stix_mapping: ctibutler-mitre-cwe-id
+
+####### Generic Extractions #######
+
+ai_attack_pattern:
+  type: ai
+  dogesec_web: true
+  name: 'Attack Pattern'
+  description: 'Will extract all Attack Pattern references'
+  notes: 'lookup_attack_pattern legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Attack Patterns from the text.'
+  prompt_helper: 'Attack Patterns are a type of TTP that describe ways that adversaries attempt to compromise targets. Attack Patterns are used to help categorize attacks, generalize specific attacks to the patterns that they follow, and provide detailed information about how attacks are performed. An example of an attack pattern is "spear phishing": a common type of attack where an attacker sends a carefully crafted e-mail message to a party with the intent of getting them to click a link or open an attachment to deliver malware.'
+  prompt_conversion: 'Summarise the extraction into a short title describing the Attack Pattern'
+  test_cases: lookup_attack_pattern
+  stix_mapping: attack-pattern
+
+ai_campaign:
+  type: ai
+  dogesec_web: true
+  name: 'Campaign'
+  description: 'Will extract all Campaign references'
+  notes: 'lookup_campaign legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Campaigns from the text.'
+  prompt_helper: 'A Campaign is a grouping of adversarial behaviors that describes a set of malicious activities or attacks (sometimes called waves) that occur over a period of time against a specific set of targets. Campaigns usually have well defined objectives and may be part of an Intrusion Set. Campaigns are often attributed to an intrusion set and threat actors.'
+  prompt_conversion: 'Summarise the extraction into the name of the Campaign'
+  test_cases: lookup_campaign
+  stix_mapping: campaign
+
+ai_course_of_action:
+  type: ai
+  dogesec_web: true
+  name: 'Course of Action'
+  description: 'Will extract all Course of Action references'
+  notes: 'lookup_course_of_action legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Course of Actions from the text.'
+  prompt_helper: 'A Course of Action (CoA) is a recommendation from a producer of intelligence to a consumer on the actions that they might take in response to that intelligence. The CoA may be preventative to deter exploitation or corrective to counter its potential impact. The CoA may describe automatable actions (applying patches, configuring firewalls, etc.), manual processes, or a combination of the two. For example, a CoA that describes how to remediate a vulnerability could describe how to apply the patch that removes that vulnerability.'
+  prompt_conversion: 'Summarise the extraction into a short title describing the Course of Action'
+  test_cases: lookup_course_of_action
+  stix_mapping: course-of-action
+
+ai_identity:
+  type: ai
+  dogesec_web: true
+  name: 'Identity'
+  description: 'Will extract all Identity references'
+  notes: 'lookup_identity legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Identities from the text.'
+  prompt_helper: 'Identities can represent actual individuals, organizations, or groups (e.g., ACME, Inc.) as well as classes of individuals, organizations, systems or groups (e.g., the finance sector).'
+  prompt_conversion: ''
+  test_cases: lookup_identity
+  stix_mapping: identity
+
+ai_infrastructure:
+  type: ai
+  dogesec_web: true
+  name: 'Infrastructure'
+  description: 'Will extract all Infrastructure references'
+  notes: 'lookup_infrastructure legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Infrastructure from the text.'
+  prompt_helper: 'The Infrastructure SDO represents a type of TTP and describes any systems, software services and any associated physical or virtual resources intended to support some purpose (e.g., C2 servers used as part of an attack, device or server that are part of defence, database servers targeted by an attack, etc.).'
+  prompt_conversion: ''
+  test_cases: lookup_infrastructure
+  stix_mapping: infrastructure
+
+ai_intrusion_set:
+  type: ai
+  dogesec_web: true
+  name: 'Intrusion Set'
+  description: 'Will extract all Intrusion Set references'
+  notes: 'lookup_intrusion_set legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Intrusion Sets from the text.'
+  prompt_helper: 'An Intrusion Set is a grouped set of adversarial behaviors and resources with common properties that is believed to be orchestrated by a single organization. An Intrusion Set may capture multiple Campaigns or other activities that are all tied together by shared attributes indicating a common known or unknown Threat Actor.'
+  prompt_conversion: 'Summarise the extraction into a short title describing the Intrusion Set'
+  test_cases: lookup_intrusion_set
+  stix_mapping: intrusion-set
+
+ai_malware:
+  type: ai
+  dogesec_web: true
+  name: 'Malware'
+  description: 'Will extract all Malware references'
+  notes: 'lookup_malware legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Malware names from the text.'
+  prompt_helper: 'Malware is a type of TTP that represents malicious code. It generally refers to a program that is inserted into a system, usually covertly. The intent is to compromise the confidentiality, integrity, or availability of the victims data, applications, or operating system (OS) or otherwise annoy or disrupt the victim.'
+  prompt_conversion: ''
+  test_cases: lookup_malware
+  stix_mapping: malware
+
+ai_threat_actor:
+  type: ai
+  dogesec_web: true
+  name: 'Threat Actor'
+  description: 'Will extract all Threat Actor references'
+  notes: 'lookup_threat_actor legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Threat Actor names from the text.'
+  prompt_helper: 'Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. A Threat Actor is not an Intrusion Set but may support or be affiliated with various Intrusion Sets, groups, or organizations over time. Threat Actors can be characterized by their motives, capabilities, goals, sophistication level, past activities, resources they have access to, and their role in the organization.'
+  prompt_conversion: ''
+  test_cases: lookup_threat_actor
+  stix_mapping: threat-actor
+
+ai_tool:
+  type: ai
+  dogesec_web: true
+  name: 'Tool'
+  description: 'Will extract all Tool references'
+  notes: 'lookup_tool legacy extraction also exists if you cannot use AI'
+  created: 2020-01-01
+  modified:  2020-01-01
+  created_by: DOGESEC
+  version: 1.0.0
+  prompt_base: 'Extract all Software names from the text.'
+  prompt_helper: 'Legitimate software that can be used by threat actors to perform attacks. Unlike malware, these software packages are often found on a system and have legitimate purposes for power users, system administrators, network administrators, or even normal users. Remote access tools (e.g., RDP) and network scanning tools (e.g., Nmap) are examples of software that may be used by a Threat Actor during an attack.'
+  prompt_conversion: ''
+  test_cases: lookup_tool
+  stix_mapping: tool