def convert_attack_pattern(ap20):
ap1x = AttackPattern()
if "name" in ap20:
ap1x.title = ap20["name"]
if "description" in ap20:
ap1x.add_description(ap20["description"])
if "labels" in ap20:
for l in ap20["labels"]:
add_missing_property_to_description(ap1x, "label", l)
if "external_references" in ap20:
ap1x.capec_id = extract_external_id("capec",
ap20["external_references"])
ttp = TTP(id_=convert_id20(ap20["id"]),
timestamp=text_type(ap20["modified"]))
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(ap1x)
if "kill_chain_phases" in ap20:
process_kill_chain_phases(ap20["kill_chain_phases"], ttp)
if "object_marking_refs" in ap20:
for m_id in ap20["object_marking_refs"]:
ms = create_marking_specification(m_id)
if ms:
CONTAINER.add_marking(ttp, ms, descendants=True)
if "granular_markings" in ap20:
error(
"Granular Markings present in '%s' are not supported by stix2slider",
604, ap20["id"])
# if "kill_chain_phases" in ap20:
# process_kill_chain_phases(ap20["kill_chain_phases"], ttp)
record_id_object_mapping(ap20["id"], ttp)
return ttp
def genData_AttackPattern(data):
from stix.utils import create_id as StixID
from stix.ttp.attack_pattern import AttackPattern
objAttackPattern = AttackPattern()
objAttackPattern.capec_id = None
objAttackPattern.title = data['source'][
'stix.ttp.attack_pattern.AttackPattern.title']
objAttackPattern.description = None
objAttackPattern.short_description = None
return (objAttackPattern)
