txt2stix 1.0.8__py3-none-any.whl → 1.0.10__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- txt2stix/ai_extractor/openai.py +6 -1
- txt2stix/attack_flow.py +16 -5
- {txt2stix-1.0.8.dist-info → txt2stix-1.0.10.dist-info}/METADATA +1 -1
- {txt2stix-1.0.8.dist-info → txt2stix-1.0.10.dist-info}/RECORD +7 -7
- {txt2stix-1.0.8.dist-info → txt2stix-1.0.10.dist-info}/WHEEL +0 -0
- {txt2stix-1.0.8.dist-info → txt2stix-1.0.10.dist-info}/entry_points.txt +0 -0
- {txt2stix-1.0.8.dist-info → txt2stix-1.0.10.dist-info}/licenses/LICENSE +0 -0
txt2stix/ai_extractor/openai.py
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
|
|
2
|
+
import logging
|
|
2
3
|
import os
|
|
3
4
|
from txt2stix.ai_extractor.base import BaseAIExtractor
|
|
4
5
|
from llama_index.llms.openai import OpenAI
|
|
@@ -11,5 +12,9 @@ class OpenAIExtractor(BaseAIExtractor, provider="openai"):
|
|
|
11
12
|
super().__init__()
|
|
12
13
|
|
|
13
14
|
def count_tokens(self, text):
|
|
14
|
-
|
|
15
|
+
try:
|
|
16
|
+
return len(self.llm._tokenizer.encode(text))
|
|
17
|
+
except Exception as e:
|
|
18
|
+
logging.warning(e)
|
|
19
|
+
return super().count_tokens(text)
|
|
15
20
|
|
txt2stix/attack_flow.py
CHANGED
|
@@ -16,15 +16,26 @@ def parse_flow(report, flow: AttackFlowList, techniques, tactics):
|
|
|
16
16
|
logging.info(f"flow.success = {flow.success}")
|
|
17
17
|
if not flow.success:
|
|
18
18
|
return []
|
|
19
|
-
|
|
19
|
+
objects = [report, attack_flow_ExtensionDefinitionSMO]
|
|
20
|
+
for domain in ["enterprise-attack", "mobile-attack", "ics-attack"]:
|
|
21
|
+
flow_objects = parse_domain_flow(report, flow, techniques, tactics, domain)
|
|
22
|
+
objects.extend(flow_objects)
|
|
23
|
+
return objects
|
|
24
|
+
|
|
25
|
+
def parse_domain_flow(report, flow: AttackFlowList, techniques, tactics, domain):
|
|
26
|
+
flow_objects = []
|
|
27
|
+
flow_obj = None
|
|
20
28
|
last_action = None
|
|
21
29
|
for i, item in enumerate(flow.items):
|
|
22
30
|
try:
|
|
23
31
|
technique = techniques[item.attack_technique_id]
|
|
32
|
+
if technique["domain"] != domain:
|
|
33
|
+
continue
|
|
24
34
|
tactic_id = technique["possible_tactics"][
|
|
25
35
|
flow.tactic_mapping[item.attack_technique_id]
|
|
26
36
|
]
|
|
27
37
|
technique_obj = technique["stix_obj"]
|
|
38
|
+
|
|
28
39
|
tactic_obj = tactics[technique["domain"]][tactic_id]
|
|
29
40
|
action_obj = AttackAction(
|
|
30
41
|
**{
|
|
@@ -40,16 +51,16 @@ def parse_flow(report, flow: AttackFlowList, techniques, tactics):
|
|
|
40
51
|
allow_custom=True,
|
|
41
52
|
)
|
|
42
53
|
action_obj.effect_refs.clear()
|
|
43
|
-
if
|
|
54
|
+
if not flow_obj:
|
|
44
55
|
flow_obj = {
|
|
45
56
|
"type": "attack-flow",
|
|
46
|
-
"id":
|
|
57
|
+
"id": "attack-flow--"+str(uuid.uuid5(UUID_NAMESPACE, f"attack-flow+{domain}+{report.id}")),
|
|
47
58
|
"spec_version": "2.1",
|
|
48
59
|
"created": report.created,
|
|
49
60
|
"modified": report.modified,
|
|
50
61
|
"created_by_ref": report.created_by_ref,
|
|
51
62
|
"start_refs": [action_obj["id"]],
|
|
52
|
-
"name": report.name,
|
|
63
|
+
"name": f"[{domain.split('-')[0].upper()}] {report.name}",
|
|
53
64
|
"description": report.description,
|
|
54
65
|
"scope": "malware",
|
|
55
66
|
"external_references": report.external_references,
|
|
@@ -61,7 +72,7 @@ def parse_flow(report, flow: AttackFlowList, techniques, tactics):
|
|
|
61
72
|
type="relationship",
|
|
62
73
|
spec_version="2.1",
|
|
63
74
|
id="relationship--"
|
|
64
|
-
+ str(uuid.uuid5(UUID_NAMESPACE, f"attack-flow+{report.id}")),
|
|
75
|
+
+ str(uuid.uuid5(UUID_NAMESPACE, f"attack-flow+{report.id}+{flow_obj['id']}")),
|
|
65
76
|
created_by_ref=report.created_by_ref,
|
|
66
77
|
created=report.created,
|
|
67
78
|
modified=report.modified,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: txt2stix
|
|
3
|
-
Version: 1.0.
|
|
3
|
+
Version: 1.0.10
|
|
4
4
|
Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
|
|
5
5
|
Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
|
|
6
6
|
Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
txt2stix/__init__.py,sha256=Sm_VT913IFuAZ6dJEdVz3baPwC5VYtHySVfBAOUG92w,803
|
|
2
|
-
txt2stix/attack_flow.py,sha256=
|
|
2
|
+
txt2stix/attack_flow.py,sha256=FA5mRf4iVe9E6e_WfGF9PK6MTz8f3UhvDKjO_PDFHso,9164
|
|
3
3
|
txt2stix/bundler.py,sha256=kqUNW9_jktuMyWSkoAa-ydZY-L5gzSSkthb7OdhUiKo,16854
|
|
4
4
|
txt2stix/common.py,sha256=ISnGNKqJPE1EcfhL-x_4G18mcwt1urmorkW-ru9kV-0,585
|
|
5
5
|
txt2stix/credential_checker.py,sha256=eWDP-jY3-jm8zI0JMoUcyoQZ_JqPNfCIr_HAO8nVYz0,3044
|
|
@@ -15,7 +15,7 @@ txt2stix/ai_extractor/anthropic.py,sha256=mdz-8CB-BSCEqnK5l35DRZURVPUf508ef2b48X
|
|
|
15
15
|
txt2stix/ai_extractor/base.py,sha256=w8FFceCtOZ4_uAaVMTZCzUdKnC3_3nDBafBzHlfHCn0,3959
|
|
16
16
|
txt2stix/ai_extractor/deepseek.py,sha256=2XehIYbWXG6Odq68nQX4CNtl5GdmBlAmjLP_lG2eEFo,660
|
|
17
17
|
txt2stix/ai_extractor/gemini.py,sha256=yJC7knYzl-TScyCBd-MTpUf-NT6znC25E7vXxNMqjLU,578
|
|
18
|
-
txt2stix/ai_extractor/openai.py,sha256=
|
|
18
|
+
txt2stix/ai_extractor/openai.py,sha256=FK3UlKozwoBVoBYS_CDGa9lSOae5AC3rMcOH_v0y5_Q,629
|
|
19
19
|
txt2stix/ai_extractor/openrouter.py,sha256=hAA6mTOMcpA28XYsOCvuJH7WMJqXCxfqZGJf_VrDsIk,628
|
|
20
20
|
txt2stix/ai_extractor/prompts.py,sha256=NtqtVyPPtShPlVZ5SrFmo-LCkfpANIIi4H9rjqaxqDo,10559
|
|
21
21
|
txt2stix/ai_extractor/utils.py,sha256=xPVtp_lI7254MvkXPt9YY_Vter0uiPLKMGcv5poXVKs,4763
|
|
@@ -113,8 +113,8 @@ txt2stix/includes/lookups/threat_actor.txt,sha256=QfDO9maQuqKBgW_Sdd7VGv1SHZ9Ra-
|
|
|
113
113
|
txt2stix/includes/lookups/tld.txt,sha256=-MEgJea2NMG_KDsnc4BVvI8eRk5Dm93L-t8SGYx5wMo,8598
|
|
114
114
|
txt2stix/includes/lookups/tool.txt,sha256=HGKG6JpUE26w6ezzSxOjBkp15UpSaB7N-mZ_NU_3G7A,6
|
|
115
115
|
txt2stix/includes/tests/test_cases.yaml,sha256=QD1FdIunpPkOpsn6wJRqs2vil_hv8OSVaqUp4a96aZg,22247
|
|
116
|
-
txt2stix-1.0.
|
|
117
|
-
txt2stix-1.0.
|
|
118
|
-
txt2stix-1.0.
|
|
119
|
-
txt2stix-1.0.
|
|
120
|
-
txt2stix-1.0.
|
|
116
|
+
txt2stix-1.0.10.dist-info/METADATA,sha256=WwlOoDYDpsMjlPQlSd7qlCOxxnVIbe95ebhYggZmKBk,15483
|
|
117
|
+
txt2stix-1.0.10.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
|
|
118
|
+
txt2stix-1.0.10.dist-info/entry_points.txt,sha256=x6QPtt65hWeomw4IpJ_wQUesBl1M4WOLODbhOKyWMFg,55
|
|
119
|
+
txt2stix-1.0.10.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
|
|
120
|
+
txt2stix-1.0.10.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|