def convert_attack_pattern(ap20): ap1x = AttackPattern() if "name" in ap20: ap1x.title = ap20["name"] if "description" in ap20: ap1x.add_description(ap20["description"]) if "labels" in ap20: for l in ap20["labels"]: add_missing_property_to_description(ap1x, "label", l) if "external_references" in ap20: ap1x.capec_id = extract_external_id("capec", ap20["external_references"]) ttp = TTP(id_=convert_id20(ap20["id"]), timestamp=text_type(ap20["modified"])) ttp.behavior = Behavior() ttp.behavior.add_attack_pattern(ap1x) if "kill_chain_phases" in ap20: process_kill_chain_phases(ap20["kill_chain_phases"], ttp) if "object_marking_refs" in ap20: for m_id in ap20["object_marking_refs"]: ms = create_marking_specification(m_id) if ms: CONTAINER.add_marking(ttp, ms, descendants=True) if "granular_markings" in ap20: error( "Granular Markings present in '%s' are not supported by stix2slider", 604, ap20["id"]) # if "kill_chain_phases" in ap20: # process_kill_chain_phases(ap20["kill_chain_phases"], ttp) record_id_object_mapping(ap20["id"], ttp) return ttp
def genData_AttackPattern(data): from stix.utils import create_id as StixID from stix.ttp.attack_pattern import AttackPattern objAttackPattern = AttackPattern() objAttackPattern.capec_id = None objAttackPattern.title = data['source'][ 'stix.ttp.attack_pattern.AttackPattern.title'] objAttackPattern.description = None objAttackPattern.short_description = None return (objAttackPattern)