-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
67 lines (54 loc) · 2.59 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
VERIS2STIX
==========
The veris2stix utility is written in Python and can be used to convert a VERIS
record to a STIX document. The code has been used to convert all VERIS records
in the VERIS-community database (VCDB, available at https://github.com/vz-risk/VCDB).
veris2stix can be used to convert one VERIS record, or a collection of VERIS
records in a directory.
DEPENDENCIES
============
* python-stix v1.1.1.x : https://pypi.python.org/pypi/stix
* python-cybox v2.1.x.y: https://pypi.python.org/pypi/cybox
* python-dateutil : https://labix.org/python-dateutil
To install dependencies, we recommend you use `pip`:
$ pip install stix # this installs python-cybox and python-dateutil
HOW TO USE
==========
```
usage: convert.py [-h] [--infile INFILE] [--indir INDIR] [--outdir OUTDIR]
[--from-vcdb]
VERIS-to-STIX Converter
optional arguments:
-h, --help show this help message and exit
--infile INFILE Path to input file
--indir INDIR Path to directory containing input files
--outdir OUTDIR Directory for exported STIX documents
--from-vcdb The input documents are from VCDB (default: True)
```
An `--infile` or `--indir` argument must be passed in for the veris2stix utility
to run.
VCDB
====
Currently, veris2stix assumes that the VERIS records it is converting are from
the VCDB. A keyword argument of "vcdb" defaults to True when invoking the function
"convert_file". VERIS records from the VCDB contain useful information in their
"plus" item, by informal convention, that is used when converting the VERIS record
to a STIX document. Since the "plus" item is defined by the VERIS schema to
contain any arbitrary information, VERIS records not from the VCDB are unlikely
contain consistent information that can be reliably used during the conversion.
The files verisc-mapping.json and verisc-enum.json have been annotated to indicate
the STIX mapping. These files may contain out-of-date information, but in general
should coincide with the mappings that were implemented. When in doubt, the python
code should be assumed to be correct.
OUTPUT MESSAGES
===============
There are three levels of output messages:
* [INFO] - General informational messages about the operation of the veris2stix
utility.
* [WARN] - Warning messages about some VERIS item which is not handled, an
ambiguous mapping, etc.
* [ERROR] - Error messages regarding missing required items in the VERIS record.
KNOWN ISSUES
============
A few of the VERIS records contained in the VCDB have minor syntax errors, which
cause veris2stix to produce a STIX document that cannot be verified.