txt2stix 1.2.0__py3-none-any.whl → 1.2.2__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- txt2stix/indicator.py +27 -26
- txt2stix/txt2stix.py +15 -11
- {txt2stix-1.2.0.dist-info → txt2stix-1.2.2.dist-info}/METADATA +1 -1
- {txt2stix-1.2.0.dist-info → txt2stix-1.2.2.dist-info}/RECORD +7 -7
- {txt2stix-1.2.0.dist-info → txt2stix-1.2.2.dist-info}/WHEEL +0 -0
- {txt2stix-1.2.0.dist-info → txt2stix-1.2.2.dist-info}/entry_points.txt +0 -0
- {txt2stix-1.2.0.dist-info → txt2stix-1.2.2.dist-info}/licenses/LICENSE +0 -0
txt2stix/indicator.py
CHANGED
|
@@ -686,17 +686,18 @@ def _build_observables(
|
|
|
686
686
|
f"txt2stix+{extracted_value}",
|
|
687
687
|
)
|
|
688
688
|
)
|
|
689
|
+
_date = datetime(2020, 1, 1, tzinfo=UTC)
|
|
689
690
|
|
|
690
691
|
if stix_mapping == "attack-pattern":
|
|
691
692
|
stix_objects = [
|
|
692
693
|
dict_to_stix2(
|
|
693
694
|
{
|
|
694
695
|
"type": "attack-pattern",
|
|
695
|
-
|
|
696
|
+
"id": stix_mapping + "--" + _id_part,
|
|
696
697
|
"spec_version": "2.1",
|
|
697
698
|
"created_by_ref": indicator["created_by_ref"],
|
|
698
|
-
"created":
|
|
699
|
-
"modified":
|
|
699
|
+
"created": _date,
|
|
700
|
+
"modified": _date,
|
|
700
701
|
"name": extracted_value,
|
|
701
702
|
"external_references": indicator["external_references"],
|
|
702
703
|
}
|
|
@@ -708,11 +709,11 @@ def _build_observables(
|
|
|
708
709
|
dict_to_stix2(
|
|
709
710
|
{
|
|
710
711
|
"type": "campaign",
|
|
711
|
-
|
|
712
|
+
"id": stix_mapping + "--" + _id_part,
|
|
712
713
|
"spec_version": "2.1",
|
|
713
714
|
"created_by_ref": indicator["created_by_ref"],
|
|
714
|
-
"created":
|
|
715
|
-
"modified":
|
|
715
|
+
"created": _date,
|
|
716
|
+
"modified": _date,
|
|
716
717
|
"name": extracted_value,
|
|
717
718
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
718
719
|
"external_references": indicator["external_references"],
|
|
@@ -725,11 +726,11 @@ def _build_observables(
|
|
|
725
726
|
dict_to_stix2(
|
|
726
727
|
{
|
|
727
728
|
"type": "course-of-action",
|
|
728
|
-
|
|
729
|
+
"id": stix_mapping + "--" + _id_part,
|
|
729
730
|
"spec_version": "2.1",
|
|
730
731
|
"created_by_ref": indicator["created_by_ref"],
|
|
731
|
-
"created":
|
|
732
|
-
"modified":
|
|
732
|
+
"created": _date,
|
|
733
|
+
"modified": _date,
|
|
733
734
|
"name": extracted_value,
|
|
734
735
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
735
736
|
"external_references": indicator["external_references"],
|
|
@@ -742,11 +743,11 @@ def _build_observables(
|
|
|
742
743
|
dict_to_stix2(
|
|
743
744
|
{
|
|
744
745
|
"type": "infrastructure",
|
|
745
|
-
|
|
746
|
+
"id": stix_mapping + "--" + _id_part,
|
|
746
747
|
"spec_version": "2.1",
|
|
747
748
|
"created_by_ref": indicator["created_by_ref"],
|
|
748
|
-
"created":
|
|
749
|
-
"modified":
|
|
749
|
+
"created": _date,
|
|
750
|
+
"modified": _date,
|
|
750
751
|
"name": extracted_value,
|
|
751
752
|
"infrastructure_types": ["unknown"],
|
|
752
753
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
@@ -760,11 +761,11 @@ def _build_observables(
|
|
|
760
761
|
dict_to_stix2(
|
|
761
762
|
{
|
|
762
763
|
"type": "intrusion-set",
|
|
763
|
-
|
|
764
|
+
"id": stix_mapping + "--" + _id_part,
|
|
764
765
|
"spec_version": "2.1",
|
|
765
766
|
"created_by_ref": indicator["created_by_ref"],
|
|
766
|
-
"created":
|
|
767
|
-
"modified":
|
|
767
|
+
"created": _date,
|
|
768
|
+
"modified": _date,
|
|
768
769
|
"name": extracted_value,
|
|
769
770
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
770
771
|
"external_references": indicator["external_references"],
|
|
@@ -777,11 +778,11 @@ def _build_observables(
|
|
|
777
778
|
dict_to_stix2(
|
|
778
779
|
{
|
|
779
780
|
"type": "malware",
|
|
780
|
-
|
|
781
|
+
"id": stix_mapping + "--" + _id_part,
|
|
781
782
|
"spec_version": "2.1",
|
|
782
783
|
"created_by_ref": indicator["created_by_ref"],
|
|
783
|
-
"created":
|
|
784
|
-
"modified":
|
|
784
|
+
"created": _date,
|
|
785
|
+
"modified": _date,
|
|
785
786
|
"name": extracted_value,
|
|
786
787
|
"malware_types": ["unknown"],
|
|
787
788
|
"is_family": True,
|
|
@@ -796,11 +797,11 @@ def _build_observables(
|
|
|
796
797
|
dict_to_stix2(
|
|
797
798
|
{
|
|
798
799
|
"type": "threat-actor",
|
|
799
|
-
|
|
800
|
+
"id": stix_mapping + "--" + _id_part,
|
|
800
801
|
"spec_version": "2.1",
|
|
801
802
|
"created_by_ref": indicator["created_by_ref"],
|
|
802
|
-
"created":
|
|
803
|
-
"modified":
|
|
803
|
+
"created": _date,
|
|
804
|
+
"modified": _date,
|
|
804
805
|
"name": extracted_value,
|
|
805
806
|
"threat_actor_types": "unknown",
|
|
806
807
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
@@ -814,11 +815,11 @@ def _build_observables(
|
|
|
814
815
|
dict_to_stix2(
|
|
815
816
|
{
|
|
816
817
|
"type": "tool",
|
|
817
|
-
|
|
818
|
+
"id": stix_mapping + "--" + _id_part,
|
|
818
819
|
"spec_version": "2.1",
|
|
819
820
|
"created_by_ref": indicator["created_by_ref"],
|
|
820
|
-
"created":
|
|
821
|
-
"modified":
|
|
821
|
+
"created": _date,
|
|
822
|
+
"modified": _date,
|
|
822
823
|
"name": extracted_value,
|
|
823
824
|
"tool_types": "unknown",
|
|
824
825
|
"object_marking_refs": indicator["object_marking_refs"],
|
|
@@ -834,8 +835,8 @@ def _build_observables(
|
|
|
834
835
|
"type": "identity",
|
|
835
836
|
"spec_version": "2.1",
|
|
836
837
|
"created_by_ref": indicator["created_by_ref"],
|
|
837
|
-
"created":
|
|
838
|
-
"modified":
|
|
838
|
+
"created": _date,
|
|
839
|
+
"modified": _date,
|
|
839
840
|
"id": "identity--" + _id_part,
|
|
840
841
|
"name": extracted_value,
|
|
841
842
|
"identity_class": "unspecified",
|
txt2stix/txt2stix.py
CHANGED
|
@@ -461,17 +461,21 @@ def run_txt2stix(
|
|
|
461
461
|
# First, perform extraction-phase (LLM and extractor calls). This does not
|
|
462
462
|
# modify the provided bundler so the results can be saved and replayed.
|
|
463
463
|
# skip extraction phase if txt2stix_data is passed
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
464
|
+
if not txt2stix_data:
|
|
465
|
+
logging.info("=== Extraction Phase ===")
|
|
466
|
+
txt2stix_data = extraction_phase(
|
|
467
|
+
preprocessed_text,
|
|
468
|
+
extractors_map,
|
|
469
|
+
ai_content_check_provider=ai_content_check_provider,
|
|
470
|
+
input_token_limit=input_token_limit,
|
|
471
|
+
ai_settings_extractions=ai_settings_extractions,
|
|
472
|
+
ai_settings_relationships=ai_settings_relationships,
|
|
473
|
+
relationship_mode=relationship_mode,
|
|
474
|
+
ignore_extraction_boundary=ignore_extraction_boundary,
|
|
475
|
+
ai_extract_if_no_incidence=ai_extract_if_no_incidence,
|
|
476
|
+
)
|
|
477
|
+
else:
|
|
478
|
+
logging.info("=== Skipping Extraction Phase (replaying saved data) ===")
|
|
475
479
|
|
|
476
480
|
# Then, process the extracted data into the bundler (no LLM calls).
|
|
477
481
|
processing_phase(
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: txt2stix
|
|
3
|
-
Version: 1.2.
|
|
3
|
+
Version: 1.2.2
|
|
4
4
|
Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
|
|
5
5
|
Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
|
|
6
6
|
Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
|
|
@@ -4,11 +4,11 @@ txt2stix/bundler.py,sha256=GmpWW9ek4iFZdEIyjVSpd9RnmyeNsZJOpnax5Tt0uT0,16748
|
|
|
4
4
|
txt2stix/common.py,sha256=ISnGNKqJPE1EcfhL-x_4G18mcwt1urmorkW-ru9kV-0,585
|
|
5
5
|
txt2stix/credential_checker.py,sha256=eWDP-jY3-jm8zI0JMoUcyoQZ_JqPNfCIr_HAO8nVYz0,3044
|
|
6
6
|
txt2stix/extractions.py,sha256=_tlsqYHhfAoV-PJzxRHysrX47uxCsMlSg7PQWxww1u0,2171
|
|
7
|
-
txt2stix/indicator.py,sha256=
|
|
7
|
+
txt2stix/indicator.py,sha256=WTj5YIcq37XrjVregfGXvIm2mDuI20gc6IT1-0WcOn8,30629
|
|
8
8
|
txt2stix/lookups.py,sha256=h42YVtYUkWZm6ZPv2h5hHDHDzDs3yBqrT_T7pj2MDZI,2301
|
|
9
9
|
txt2stix/retriever.py,sha256=CwcCVER1sAPHeMojcIgdWMEJ5596tyYDf5HAJXiBdOM,7021
|
|
10
10
|
txt2stix/stix.py,sha256=9nXD9a2dCY4uaatl-mlIA1k3srwQBhGW-tUSho3iYe0,30
|
|
11
|
-
txt2stix/txt2stix.py,sha256=
|
|
11
|
+
txt2stix/txt2stix.py,sha256=SIufADnIfptZmA-HyQoRsWP7MKiYLFWPyKpltQGjej4,23541
|
|
12
12
|
txt2stix/utils.py,sha256=Le0VYx8n8UNpcjqwpx7Avb06qIS9_hId8yP8_PquBUs,3333
|
|
13
13
|
txt2stix/ai_extractor/__init__.py,sha256=5Tf6Co9THzytBdFEVhD-7vvT05TT3nSpltnAV1sfdoM,349
|
|
14
14
|
txt2stix/ai_extractor/anthropic.py,sha256=B5Z3nm2-w5KBhLcVJGkhNF0dn4lUo-fW_DnbOeJKA5Q,481
|
|
@@ -114,8 +114,8 @@ txt2stix/includes/lookups/threat_actor.txt,sha256=QfDO9maQuqKBgW_Sdd7VGv1SHZ9Ra-
|
|
|
114
114
|
txt2stix/includes/lookups/tld.txt,sha256=-MEgJea2NMG_KDsnc4BVvI8eRk5Dm93L-t8SGYx5wMo,8598
|
|
115
115
|
txt2stix/includes/lookups/tool.txt,sha256=HGKG6JpUE26w6ezzSxOjBkp15UpSaB7N-mZ_NU_3G7A,6
|
|
116
116
|
txt2stix/includes/tests/test_cases.yaml,sha256=vErA3c5fySeWvJ5yJ8dCTEo3ufRATASAjaF4gj4Az1M,22424
|
|
117
|
-
txt2stix-1.2.
|
|
118
|
-
txt2stix-1.2.
|
|
119
|
-
txt2stix-1.2.
|
|
120
|
-
txt2stix-1.2.
|
|
121
|
-
txt2stix-1.2.
|
|
117
|
+
txt2stix-1.2.2.dist-info/METADATA,sha256=ypbyaoqFcACdGCySfYBi5ozl0MsaoFqw2v5bvl1T0HE,15031
|
|
118
|
+
txt2stix-1.2.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
|
|
119
|
+
txt2stix-1.2.2.dist-info/entry_points.txt,sha256=x6QPtt65hWeomw4IpJ_wQUesBl1M4WOLODbhOKyWMFg,55
|
|
120
|
+
txt2stix-1.2.2.dist-info/licenses/LICENSE,sha256=BK8Ppqlc4pdgnNzIxnxde0taoQ1BgicdyqmBvMiNYgY,11364
|
|
121
|
+
txt2stix-1.2.2.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|