PyPI - txt2stix - Versions diffs - 1.0.13__tar.gz → 1.1.0__tar.gz - Mend

txt2stix 1.0.13tar.gz → 1.1.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (263) hide show

{txt2stix-1.0.13 → txt2stix-1.1.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: txt2stix
-Version: 1.0.13
+Version: 1.1.0
 Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
 Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
 Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
@@ -22,6 +22,7 @@ Requires-Dist: phonenumbers>=8.13.39
 Requires-Dist: python-dotenv>=1.0.1
 Requires-Dist: requests>=2.32.4
 Requires-Dist: schwifty>=2024.6.1
+Requires-Dist: stix2-validator
 Requires-Dist: stix2extensions
 Requires-Dist: tld>=0.13
 Requires-Dist: tldextract>=5.1.2

{txt2stix-1.0.13 → txt2stix-1.1.0}/docs/stix-mapping.md RENAMED Viewed

@@ -65,7 +65,7 @@ All files uploaded are represented as a unique [STIX Report SDO](https://docs.oa
             "external_id": "<UUID OF REPORT OBJECT>"
         },
         {
-            "source_name": "txt2stix Report MD5",
+            "source_name": "txt2stix_report_md5",
             "external_id": "<MD5 HASH OF DESCRIPTION FIELD>"
         }
     ],
@@ -93,12 +93,7 @@ Objects always created:
 * `indicator`
 * `ipv4-addr`
-* `relationship` (`ipv4-addr` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: ipv4-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `ipv4-addr`)
 ```json
 {
@@ -147,14 +142,9 @@ Objects always created:
 * `indicator`
 * `ipv4-addr`
-* `relationship` (`ipv4-addr` -> `indicator`)
+* `relationship` (`indicator` -> `ipv4-addr`)
 * `network-traffic`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: ipv4-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -219,12 +209,7 @@ Objects always created:
 * `indicator`
 * `ipv6-addr`
-* `relationship` (`ipv6-addr` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: ipv6-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `ipv6-addr`)
 ```json
 {
@@ -273,14 +258,9 @@ Objects always created:
 * `indicator`
 * `ipv6-addr`
-* `relationship` (`ipv6-addr` -> `indicator`)
+* `relationship` (`indicator` -> `ipv6-addr`)
 * `network-traffic`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: ipv6-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -341,12 +321,7 @@ Objects always created:
 * `indicator`
 * `domain-name`
-* `relationship` (`domain-name` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: domain-name is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `domain-name`)
 ```json
 {
@@ -395,12 +370,7 @@ Objects always created:
 * `indicator`
 * `url`
-* `relationship` (`url` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: url is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `url`)
 ```json
 {
@@ -449,12 +419,7 @@ Objects always created:
 * `indicator`
 * `file`
-* `relationship` (`file` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: file is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `file`)
 ```json
 {
@@ -503,12 +468,7 @@ Objects always created:
 * `indicator`
 * `directory`
-* `relationship` (`directory` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO:`indicator` `extracted-from` `report`
-* AI mode relationship SROs: directory is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `directory`)
 ```json
 {
@@ -557,14 +517,9 @@ Objects always created:
 * `indicator`
 * `directory`
-* `relationship` (`directory` -> `indicator`)
+* `relationship` (`indicator` -> `directory`)
 * `file`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: directory is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -653,12 +608,7 @@ Objects always created:
 * `indicator`
 * `file`
-* `relationship` (`file` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: file is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `file`)
 ```json
 {
@@ -709,12 +659,7 @@ Objects always created:
 * `indicator`
 * `email-addr`
-* `relationship` (`email-addr` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: email-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `email-addr`)
 ```json
 {
@@ -763,12 +708,7 @@ Objects always created:
 * `indicator`
 * `mac-addr`
-* `relationship` (`mac-addr` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: mac-addr is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `mac-addr`)
 ```json
 {
@@ -817,12 +757,7 @@ Objects always created:
 * `indicator`
 * `windows-registry-key`
-* `relationship` (`windows-registry-key` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: windows-registry-key is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `windows-registry-key`)
 ```json
 {
@@ -871,12 +806,7 @@ Objects always created:
 * `indicator`
 * `autonomous-system`
-* `relationship` (`autonomous-system` -> `indicator`)
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: autonomous-system is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+* `relationship` (`indicator` -> `autonomous-system`)
 ```json
 {
@@ -925,14 +855,9 @@ Objects always created:
 * `indicator`
 * `user-agent`
-* `relationship` (`user-agent` -> `indicator`)
+* `relationship` (`indicator` -> `user-agent`)
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/user-agent.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: user-agent is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -985,14 +910,9 @@ Objects always created:
 * `indicator`
 * `cryptocurrency-wallet`
-* `relationship` (`cryptocurrency-wallet` -> `indicator`)
+* `relationship` (`indicator` -> `cryptocurrency-wallet`)
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/cryptocurrency-wallet.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: cryptocurrency-wallet is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
   {
     "type": "indicator",
@@ -1041,16 +961,11 @@ Objects always created:
 * `indicator`
 * `cryptocurrency-wallet`
-* `relationship` (`cryptocurrency-wallet` -> `indicator`)
+* `relationship` (`indicator` -> `cryptocurrency-wallet`)
 * `cryptocurrency-transaction` for all crypto transactions that exist related to the wallet (is not always generated if lookup unsuccessful)
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/cryptocurrency-wallet.json
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/cryptocurrency-transaction.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: cryptocurrency-wallet is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
   {
     "type": "indicator",
@@ -1099,16 +1014,11 @@ Objects always created:
 * `indicator`
 * `cryptocurrency-transaction`
-* `relationship` (`cryptocurrency-transaction` -> `indicator`)
+* `relationship` (`indicator` -> `cryptocurrency-transaction`)
 * `cryptocurrency-wallet` for wallets seen in transaction identified by crypto2stix (is not always generated if lookup unsuccessful)
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/cryptocurrency-transaction.json
 * `extensions-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/cryptocurrency-wallet.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: cryptocurrency-transaction is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
   {
     "type": "indicator",
@@ -1172,16 +1082,11 @@ This will also generate all `cryptocurrency-wallets` seen in the transaction.
 Objects always created:
 * `indicator`
-* `bank-card` (with `relationship` to `indicator`)
-* `relationship` (`bank-card` -> `indicator`)
+* `bank-card`
+* `relationship` (`indicator` -> `bank-card`)
 * `identity` (with `relationship` to `bank-card`) generated by creditcard2stix (is not always generated if lookup unsuccessful)
 * `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/bank-card.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: bank-card is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -1222,14 +1127,9 @@ Objects always created:
 * `indicator`
 * `bank-account`
-* `relationship` (`bank-card` -> `indicator`)
+* `relationship` (`indicator` -> `bank-card`)
 * `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/bank-account.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: bank-card is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -1287,14 +1187,9 @@ Objects always created:
 * `indicator`
 * `phone-number`
-* `relationship` (`phone-number` -> `indicator`)
+* `relationship` (`indicator` -> `phone-number`)
 * `extension-definition`: https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/extension-definitions/scos/phone-number.json
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `indicator` `extracted-from` `report`
-* AI mode relationship SROs: phone-number is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "indicator",
@@ -1352,11 +1247,6 @@ Objects created:
 * `attack-pattern`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `attack-pattern` `extracted-from` `report`
-* AI mode relationship SROs: attack-pattern is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "attack-pattern",
@@ -1389,11 +1279,6 @@ Objects created:
 * `campaign`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `campaign` `extracted-from` `report`
-* AI mode relationship SROs: campaign is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "campaign",
@@ -1426,11 +1311,6 @@ Objects created:
 * `course-of-action`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `course-of-action` `extracted-from` `report`
-* AI mode relationship SROs: course-of-action is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "course-of-action",
@@ -1463,11 +1343,6 @@ Objects created:
 * `infrastructure`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `infrastructure` `extracted-from` `report`
-* AI mode relationship SROs: infrastructure is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type":"infrastructure",
@@ -1501,11 +1376,6 @@ Objects created:
 * `intrusion-set`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `intrusion-set` `extracted-from` `report`
-* AI mode relationship SROs: intrusion-set is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "intrusion-set",
@@ -1538,11 +1408,6 @@ Objects created:
 * `malware`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `malware` `extracted-from` `report`
-* AI mode relationship SROs: malware is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "malware",
@@ -1577,11 +1442,6 @@ Objects created:
 * `threat-actor`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `threat-actor` `extracted-from` `report`
-* AI mode relationship SROs: threat-actor is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "threat-actor",
@@ -1615,11 +1475,6 @@ Objects created:
 * `tool`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `tool` `extracted-from` `report`
-* AI mode relationship SROs: tool is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "tool",
@@ -1653,11 +1508,6 @@ Objects created:
 * `identity`
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `identity` `extracted-from` `report`
-* AI mode relationship SROs: identity is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
 ```json
 {
     "type": "identity",
@@ -1685,7 +1535,7 @@ Relationship mode object generation behaviour:
 }
 ```
-## STIX Mapping (remote created objects)
+## STIX Mapping (remotely created objects)
 Some objects created for extractions do not need to be generated by txt2stix, they can be looked up from an external databases.
@@ -1701,10 +1551,7 @@ GET CTIBUTLER_BASE_URL/v1/attack-enterprise/objects/:attack_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-attack-enterprise-name`
@@ -1732,10 +1579,7 @@ GET CTIBUTLER_BASE_URL/v1/attack-mobile/objects/:attack_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-attack-mobile-name`
@@ -1765,10 +1609,7 @@ GET CTIBUTLER_BASE_URL/v1/attack-ics/objects/:attack_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-attack-ics-name`
@@ -1798,10 +1639,7 @@ GET CTIBUTLER_BASE_URL/v1/capec/objects/:capec_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported `course-of-action` / `attack-pattern` objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-capec-name`
@@ -1821,10 +1659,7 @@ GET CTIBUTLER_BASE_URL/v1/cwe/objects/:cwe_id/
 `CTIBUTLER_APIKEY` in request passed if set.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported `weakness` object is (`source_ref`) object connected to Report
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-cwe-name`
@@ -1846,10 +1681,7 @@ GET CTIBUTLER_BASE_URL/v1/atlas/objects/:atlas_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-atlas-name`
@@ -1871,10 +1703,7 @@ GET CTIBUTLER_BASE_URL/v1/disarm/objects/:disarm_id/
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported object(s) is (`source_ref`) object connected to Report with type `extracted-from`
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `ctibutler-mitre-atlas-name`
@@ -1896,10 +1725,7 @@ GET CTIBUTLER_BASE_URL/v1/location/objects/?alpha2_code=ID
 All the objects returned are imported.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: `location` `extracted-from` `report`
-* AI mode relationship SROs: location is connected as `source_ref` or `target_ref` to 0 or more objects based on AI analysis
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `vulmatch-cve-id`
@@ -1911,10 +1737,7 @@ GET VULMATCH_BASE_URL/v1/cve/objects/:cve_id/
 `VULMATCH_APIKEY` in request passed if set.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported `vulnerability` object is (`source_ref`) object connected to Report
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ### stix-mapping: `vulmatch-cpe-id`
@@ -1926,16 +1749,13 @@ GET VULMATCH_BASE_URL/v1/cpe/objects/:cpe_id/
 `VULMATCH_APIKEY` in request passed if set.
-Relationship mode object generation behaviour:
-* Standard relationship SRO: Imported `software` object is (`source_ref`) object connected to Report
-* AI mode relationship SROs: all imported objects are connected as source or target object (depending on if extraction is source or target)
+If no objects are returned by an extraction, you will see an error in the logs and data file/
 ## Relationship objects
-### Fixed SCO to Indicator relationships for extractions
+### Fixed Indicator -> SRO relationships for extractions
-In some extractions, SROs are created to link extractions (SCO linked to Indicator)
+In some extractions, SROs are created to link extractions (Indicator -> SCO)
 These relationships are modelled as follows;
@@ -1948,42 +1768,9 @@ These relationships are modelled as follows;
     "created": "<REPORT CREATED DATE>",
     "modified": "<REPORT CREATED DATE>",
     "relationship_type": "<DEFINED BY EXTRACTION>",
-    "source_ref": "<SCO ID>",
-    "target_ref": "indicator--<ID>",
-    "description": "<SOURCE OBJECT NAME> is found in <REPORT NAME>",
-    "object_marking_refs": [
-        "marking-definition--<TLP LEVEL SET>"
-        "marking-definition--f92e15d9-6afc-5ae2-bb3e-85a1fd83a3b5"
-    ],
-    "external_references": [
-        {
-            "source_name": "txt2stix_report_id",
-            "external_id": "<UUID OF REPORT OBJECT>"
-        },
-        {
-            "source_name": "txt2stix_extraction_type",
-            "external_id": "<EXTRACTION SLUG>_<EXTRACTION_VERSION>"
-        }
-    ]
-}
-```
-### Relationships generated in `standard` relationship mode
-In standard mode, one SRO is created for each extraction back to the source report object created for the job.
-```json
-{
-    "type": "relationship",
-    "spec_version": "2.1",
-    "id": "relationship--<GENERATED BY STIX2 LIBRARY>",
-    "created_by_ref": "identity--<DEFAULT/CUSTOM IDENTITY ID>",
-    "created": "<REPORT CREATED DATE>",
-    "modified": "<REPORT CREATED DATE>",
-    "relationship_type": "extracted-from",
-    "source_ref": "<SOURCE OBJECT ID AS DEFINED BY STIX EXTRACTION>",
-    "target_ref": "report--<REPORT OBJECT ID CREATED FOR JOB>",
-    "description": "<SOURCE OBJECT NAME> is found in <REPORT NAME>",
+    "source_ref": "indicator--<ID>",
+    "target_ref": "<SCO ID>",
+    "description": "STIX pattern contains <SCO VALUE>",
     "object_marking_refs": [
         "marking-definition--<TLP LEVEL SET>"
         "marking-definition--f92e15d9-6afc-5ae2-bb3e-85a1fd83a3b5"

{txt2stix-1.0.13 → txt2stix-1.1.0}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "txt2stix"
-version = "1.0.13"
+version = "1.1.0"
 authors = [{ name = "dogesec" }]
 maintainers = [{ name = "dogesec" }]
 description = "txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle."
@@ -32,6 +32,7 @@ dependencies = [
   'llama-index-llms-openai>=0.4.5',
   'mistune>=3.0.2',
   'beautifulsoup4>=4.12.3',
+  'stix2-validator',
 ]
 [tool.hatch.metadata]

txt2stix-1.1.0/tests/data/manually_generated_reports/bad_vulmatch_lookups.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ cpe:2.3:a:appcheap:app_builder:500000:::::wordpress::
2	+ CVE-2026-99999

{txt2stix-1.0.13 → txt2stix-1.1.0}/tests/manual-tests/cases-standard-tests.md RENAMED Viewed

@@ -557,4 +557,24 @@ python3 txt2stix.py \
     --use_extractions 'ai_ipv4_address_only' \
     --ai_settings_extractions openai:gpt-4o \
     --report_id 2b3326b4-dfcf-4391-b550-e91652f9ffcd
-```
+```
+### test vulmatch lookup failure behaviour
+(should create no objects)
+```shell
+python3 txt2stix.py \
+	--relationship_mode standard \
+	--input_file tests/data/manually_generated_reports/bad_vulmatch_lookups.txt \
+	--name 'test vulmatch lookup failure behaviour' \
+	--tlp_level clear \
+	--confidence 100 \
+	--use_extractions pattern_cve_id,pattern_cpe_uri \
+	--report_id c0766db1-0748-429b-8e4c-f1a3a9fd1a3a
+```

txt2stix 1.0.13__tar.gz → 1.1.0__tar.gz

txt2stix 1.0.13tar.gz → 1.1.0tar.gz