From 9ed653905bb31a0fd3cf5f4f5e3ce2648e3a5b48 Mon Sep 17 00:00:00 2001 From: Danny Elliott Date: Mon, 5 Jun 2023 15:04:08 -0300 Subject: [PATCH 1/2] remove cybox false flag for observed-data properties --- adapter-guide/develop-translation-module.md | 12 +-- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 4 - .../stix_translation/json/to_stix_map.json | 4 - .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 79 +++++---------- .../stix_translation/json/to_stix_map.json | 79 +++++---------- .../test_aws_athena_json_to_stix.py | 4 +- .../stix_translation/json/to_stix_map.json | 97 ++++++------------- .../json/stix_2_1/to_stix_map.json | 13 +-- .../stix_translation/json/to_stix_map.json | 13 +-- .../json/stix_2_1/to_stix_map.json | 7 +- .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map_events.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/to_stix_map_events.json | 6 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../stix_translation/json/at_to_stix_map.json | 13 +-- .../stix_translation/json/nf_to_stix_map.json | 13 +-- .../stix_translation/json/to_stix_map.json | 11 --- .../stix_translation/json/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 16 +-- .../stix_translation/json/to_stix_map.json | 16 +-- .../stix_translation/json/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 18 ++-- .../json/stix_2_1/to_stix_map.json | 21 ---- .../stix_translation/json/to_stix_map.json | 21 ---- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 8 -- .../stix_translation/json/to_stix_map.json | 8 -- .../json/stix_2_1/to_stix_map.json | 7 +- .../stix_translation/json/to_stix_map.json | 7 +- .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 2 - .../stix_translation/json/to_stix_map.json | 2 - .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 18 ++-- .../stix_translation/json/to_stix_map.json | 18 ++-- .../json/stix_2_1/to_stix_map.json | 15 +-- .../stix_translation/json/to_stix_map.json | 15 +-- .../test_splunk_json_to_stix.py | 3 +- .../stix_translation/json/to_stix_map.json | 9 +- .../stix_translation/json/to_stix_map.json | 7 +- .../json/stix_2_1/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 6 +- .../stix_translation/json/to_stix_map.json | 9 +- .../json_to_stix/json_to_stix_translator.py | 12 ++- 64 files changed, 220 insertions(+), 552 deletions(-) diff --git a/adapter-guide/develop-translation-module.md b/adapter-guide/develop-translation-module.md index 0c0010122..368c226c6 100644 --- a/adapter-guide/develop-translation-module.md +++ b/adapter-guide/develop-translation-module.md @@ -302,20 +302,16 @@ Using the same data source as in step 3, the following example shows a to-STIX m }, "EventTime": [ { - "key": "created", - "cybox": false + "key": "created" }, { - "key": "modified", - "cybox": false + "key": "modified" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ] } diff --git a/stix_shifter_modules/alertflex/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/alertflex/stix_translation/json/stix_2_1/to_stix_map.json index 3c8d498ea..64c3c7dda 100644 --- a/stix_shifter_modules/alertflex/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/alertflex/stix_translation/json/stix_2_1/to_stix_map.json @@ -2,13 +2,11 @@ "create_time": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "srcip": diff --git a/stix_shifter_modules/alertflex/stix_translation/json/to_stix_map.json b/stix_shifter_modules/alertflex/stix_translation/json/to_stix_map.json index 604beb73e..2a5cbeefd 100644 --- a/stix_shifter_modules/alertflex/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/alertflex/stix_translation/json/to_stix_map.json @@ -2,13 +2,11 @@ "create_time": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "srcip": diff --git a/stix_shifter_modules/arcsight/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/arcsight/stix_translation/json/stix_2_1/to_stix_map.json index 380602359..6e228e4e1 100644 --- a/stix_shifter_modules/arcsight/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/arcsight/stix_translation/json/stix_2_1/to_stix_map.json @@ -3,12 +3,10 @@ "Event Time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { @@ -548,12 +546,10 @@ "Event Time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { diff --git a/stix_shifter_modules/arcsight/stix_translation/json/to_stix_map.json b/stix_shifter_modules/arcsight/stix_translation/json/to_stix_map.json index b84cbd821..e21df8779 100644 --- a/stix_shifter_modules/arcsight/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/arcsight/stix_translation/json/to_stix_map.json @@ -3,12 +3,10 @@ "Event Time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { @@ -555,12 +553,10 @@ "Event Time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { diff --git a/stix_shifter_modules/async_template/stix_translation/json/to_stix_map.json b/stix_shifter_modules/async_template/stix_translation/json/to_stix_map.json index 33f0d60e9..f682031f4 100644 --- a/stix_shifter_modules/async_template/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/async_template/stix_translation/json/to_stix_map.json @@ -57,19 +57,16 @@ ], "EventCount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "StartTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/aws_athena/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/aws_athena/stix_translation/json/stix_2_1/to_stix_map.json index d81286844..ec7e03a1f 100644 --- a/stix_shifter_modules/aws_athena/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/aws_athena/stix_translation/json/stix_2_1/to_stix_map.json @@ -3,12 +3,10 @@ "_time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { @@ -211,7 +209,6 @@ "count": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, { @@ -237,7 +234,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -2378,7 +2374,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -2599,14 +2594,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceid", - "cybox": false + "ds_key": "interfaceid" }, { "key": "ipv6-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceid", - "cybox": false + "ds_key": "interfaceid" } ], "destinationaddress": [ @@ -2663,7 +2656,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochSecondsToTimestamp" } ], @@ -2680,7 +2672,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -2725,14 +2716,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "resource_instancedetails_networkinterfaces_0_ipv6addresses_0": [ @@ -2743,8 +2732,7 @@ { "key": "ipv6-addr.x_aws_interface_id", "object": "nc_ipv6_ip", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" } ], "resource_instancedetails_networkinterfaces_0_publicip": [ @@ -2762,14 +2750,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_public_ip", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_public_ip", - "value": "public", - "cybox": false + "value": "public" } ], "resource_instancedetails_networkinterfaces_0_privatednsname": [ @@ -2799,14 +2785,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip2", - "ds_key": "resource_instancedetails_networkinterfaces_1_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_1_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip2", - "value": "private", - "cybox": false + "value": "private" } ], "resource_instancedetails_networkinterfaces_1_privatednsname": [ @@ -2833,20 +2817,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "nc_remote_ip", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "nc_remote_ip", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname" } ], "service_action_networkconnectionaction_localportdetails_port": [ @@ -2918,14 +2899,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "pp_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "pp_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4": [ @@ -2941,20 +2920,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "pp_remote_ip", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "pp_remote_ip", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname" } ], "service_action_portprobeaction_portprobedetails_0_localportdetails_port": [ @@ -2976,20 +2952,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "api_remote_ip", - "ds_key": "service_action_awsapicallaction_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "api_remote_ip", - "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname" } ], "resource_accesskeydetails_principalid": { @@ -3032,14 +3005,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "dns_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "dns_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "service_action_dnsrequestaction_domain": [ @@ -3085,8 +3056,7 @@ ], "service_eventfirstseen": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { "key": "x-ibm-finding.start", @@ -3095,8 +3065,7 @@ ], "service_eventlastseen": [ { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-ibm-finding.end", diff --git a/stix_shifter_modules/aws_athena/stix_translation/json/to_stix_map.json b/stix_shifter_modules/aws_athena/stix_translation/json/to_stix_map.json index a352568f9..108488f68 100644 --- a/stix_shifter_modules/aws_athena/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/aws_athena/stix_translation/json/to_stix_map.json @@ -3,12 +3,10 @@ "_time": [ { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { @@ -211,7 +209,6 @@ "count": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, { @@ -237,7 +234,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -2408,7 +2404,6 @@ }, "start_time": { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, "status": { @@ -2628,14 +2623,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceid", - "cybox": false + "ds_key": "interfaceid" }, { "key": "ipv6-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceid", - "cybox": false + "ds_key": "interfaceid" } ], "destinationaddress": [ @@ -2692,7 +2685,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochSecondsToTimestamp" } ], @@ -2709,7 +2701,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -2754,14 +2745,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "resource_instancedetails_networkinterfaces_0_ipv6addresses_0": [ @@ -2772,8 +2761,7 @@ { "key": "ipv6-addr.x_aws_interface_id", "object": "nc_ipv6_ip", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" } ], "resource_instancedetails_networkinterfaces_0_publicip": [ @@ -2791,14 +2779,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_public_ip", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_public_ip", - "value": "public", - "cybox": false + "value": "public" } ], "resource_instancedetails_networkinterfaces_0_privatednsname": [ @@ -2828,14 +2814,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip2", - "ds_key": "resource_instancedetails_networkinterfaces_1_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_1_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip2", - "value": "private", - "cybox": false + "value": "private" } ], "resource_instancedetails_networkinterfaces_1_privatednsname": [ @@ -2862,20 +2846,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "nc_remote_ip", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "nc_remote_ip", - "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_networkconnectionaction_remoteipdetails_country_countryname" } ], "service_action_networkconnectionaction_localportdetails_port": [ @@ -2947,14 +2928,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "pp_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "pp_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "service_action_portprobeaction_portprobedetails_0_remoteipdetails_ipaddressv4": [ @@ -2970,20 +2949,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "pp_remote_ip", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "pp_remote_ip", - "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_portprobeaction_portprobedetails_0_remoteipdetails_country_countryname" } ], "service_action_portprobeaction_portprobedetails_0_localportdetails_port": [ @@ -3005,20 +2981,17 @@ { "key": "x-ibm-finding.dst_geolocation", "object": "ibm_finding", - "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname" }, { "key": "ipv4-addr.x_aws_remote_city_name", "object": "api_remote_ip", - "ds_key": "service_action_awsapicallaction_remoteipdetails_city_cityname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_city_cityname" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "api_remote_ip", - "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname", - "cybox": false + "ds_key": "service_action_awsapicallaction_remoteipdetails_country_countryname" } ], "resource_accesskeydetails_principalid": { @@ -3061,14 +3034,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "dns_private_ip1", - "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid", - "cybox": false + "ds_key": "resource_instancedetails_networkinterfaces_0_networkinterfaceid" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "dns_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "service_action_dnsrequestaction_domain": [ @@ -3114,8 +3085,7 @@ ], "service_eventfirstseen": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { "key": "x-ibm-finding.start", @@ -3124,8 +3094,7 @@ ], "service_eventlastseen": [ { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-ibm-finding.end", diff --git a/stix_shifter_modules/aws_athena/tests/stix_translation/test_aws_athena_json_to_stix.py b/stix_shifter_modules/aws_athena/tests/stix_translation/test_aws_athena_json_to_stix.py index 330ce4690..3612746bb 100644 --- a/stix_shifter_modules/aws_athena/tests/stix_translation/test_aws_athena_json_to_stix.py +++ b/stix_shifter_modules/aws_athena/tests/stix_translation/test_aws_athena_json_to_stix.py @@ -444,9 +444,11 @@ def test_guardduty_custom_attr_json_to_stix(self): objects = observed_data['objects'] custom_object = TestAwsResultsToStix.get_first_of_type(objects.values(), 'x-aws-athena') - assert custom_object.keys() == {'type', 'service_action_networkconnectionaction_remoteipdetails_country_countryname', + expected_keys = {'type', 'service_action_networkconnectionaction_remoteipdetails_country_countryname', 'finding_id', 'arn', 'createdat', 'partition', 'resource', 'schemaversion', 'service', 'updatedat'} + + assert custom_object.keys() >= expected_keys assert custom_object['arn'] == 'arn:aws:guardduty:us-east-1:979326520502:detector/6ab6e6ee780ed' \ '494f3b7ca56acdc74df/finding/7ab9d1cb6248e05a0e419a79528761cb' assert custom_object['finding_id'] == '7ab9d1cb6248e05a0e419a79528761cb' diff --git a/stix_shifter_modules/aws_cloud_watch_logs/stix_translation/json/to_stix_map.json b/stix_shifter_modules/aws_cloud_watch_logs/stix_translation/json/to_stix_map.json index b1806621f..f54bc779c 100644 --- a/stix_shifter_modules/aws_cloud_watch_logs/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/aws_cloud_watch_logs/stix_translation/json/to_stix_map.json @@ -17,14 +17,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceId", - "cybox": false + "ds_key": "interfaceId" }, { "key": "ipv6-addr.x_aws_interface_id", "object": "src_ip", - "ds_key": "interfaceId", - "cybox": false + "ds_key": "interfaceId" } ], "dstAddr": [ @@ -86,19 +84,16 @@ "@timestamp": [ { "key": "first_observed", - "cybox": false, "transformer": "AwsToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "AwsToTimestamp" } ], "event_count": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" } ] @@ -123,14 +118,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip1", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_0_ipv6Addresses_0": [ @@ -141,8 +134,7 @@ { "key": "ipv6-addr.x_aws_interface_id", "object": "nc_ipv6_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" } ], "detail_resource_instanceDetails_networkInterfaces_0_publicIp": [ @@ -158,14 +150,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_public_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_public_ip", - "value": "public", - "cybox": false + "value": "public" } ], "detail_resource_instanceDetails_networkInterfaces_0_privateDnsName": [ @@ -193,14 +183,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "nc_private_ip2", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "nc_private_ip2", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_1_privateDnsName": [ @@ -222,14 +210,12 @@ { "key": "ipv4-addr.x_aws_remote_city_name", "object": "nc_remote_ip", - "ds_key": "detail_service_action_networkConnectionAction_remoteIpDetails_city_cityName", - "cybox": false + "ds_key": "detail_service_action_networkConnectionAction_remoteIpDetails_city_cityName" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "nc_remote_ip", - "ds_key": "detail_service_action_networkConnectionAction_remoteIpDetails_country_countryName", - "cybox": false + "ds_key": "detail_service_action_networkConnectionAction_remoteIpDetails_country_countryName" } ], "detail_service_action_networkConnectionAction_localPortDetails_port": [ @@ -296,14 +282,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "pp_private_ip1", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "pp_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_0_ipv6Addresses_0": [ @@ -314,8 +298,7 @@ { "key": "ipv6-addr.x_aws_interface_id", "object": "pp_ipv6_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" } ], "detail_resource_instanceDetails_networkInterfaces_0_privateDnsName": [ @@ -343,14 +326,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "pp_public_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "pp_public_ip", - "value": "public", - "cybox": false + "value": "public" } ], "detail_resource_instanceDetails_networkInterfaces_1_privateIpAddress": [ @@ -366,14 +347,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "pp_private_ip2", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "pp_private_ip2", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_1_privateDnsName": [ @@ -390,14 +369,12 @@ { "key": "ipv4-addr.x_aws_remote_city_name", "object": "pp_remote_ip", - "ds_key": "detail_service_action_portProbeAction_portProbeDetails_0_remoteIpDetails_city_cityName", - "cybox": false + "ds_key": "detail_service_action_portProbeAction_portProbeDetails_0_remoteIpDetails_city_cityName" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "pp_remote_ip", - "ds_key": "detail_service_action_portProbeAction_portProbeDetails_0_remoteIpDetails_country_countryName", - "cybox": false + "ds_key": "detail_service_action_portProbeAction_portProbeDetails_0_remoteIpDetails_country_countryName" } ], "detail_service_action_portProbeAction_portProbeDetails_0_localPortDetails_port": [ @@ -444,14 +421,12 @@ { "key": "ipv4-addr.x_aws_remote_city_name", "object": "api_remote_ip", - "ds_key": "detail_service_action_awsApiCallAction_remoteIpDetails_city_cityName", - "cybox": false + "ds_key": "detail_service_action_awsApiCallAction_remoteIpDetails_city_cityName" }, { "key": "ipv4-addr.x_aws_remote_country_name", "object": "api_remote_ip", - "ds_key": "detail_service_action_awsApiCallAction_remoteIpDetails_country_countryName", - "cybox": false + "ds_key": "detail_service_action_awsApiCallAction_remoteIpDetails_country_countryName" } ], "detail_resource_accessKeyDetails_principalId": { @@ -489,14 +464,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "dns_private_ip1", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "dns_private_ip1", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_0_ipv6Addresses_0": [ @@ -507,8 +480,7 @@ { "key": "ipv6-addr.x_aws_interface_id", "object": "dns_ipv6_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" } ], "detail_resource_instanceDetails_networkInterfaces_0_publicIp": [ @@ -524,14 +496,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "dns_public_ip", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_0_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "dns_public_ip", - "value": "public", - "cybox": false + "value": "public" } ], "detail_resource_instanceDetails_networkInterfaces_0_privateDnsName": [ @@ -559,14 +529,12 @@ { "key": "ipv4-addr.x_aws_interface_id", "object": "dns_private_ip2", - "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId", - "cybox": false + "ds_key": "detail_resource_instanceDetails_networkInterfaces_1_networkInterfaceId" }, { "key": "ipv4-addr.x_aws_ip_type", "object": "dns_private_ip2", - "value": "private", - "cybox": false + "value": "private" } ], "detail_resource_instanceDetails_networkInterfaces_1_privateDnsName": [ @@ -635,17 +603,14 @@ "object": "x_ibm_finding" }, "detail_service_eventFirstSeen": { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, "detail_service_eventLastSeen": { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "event_count": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" } ] diff --git a/stix_shifter_modules/azure_sentinel/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/azure_sentinel/stix_translation/json/stix_2_1/to_stix_map.json index 4195defe0..55b0a3780 100644 --- a/stix_shifter_modules/azure_sentinel/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/azure_sentinel/stix_translation/json/stix_2_1/to_stix_map.json @@ -1,13 +1,11 @@ { "eventDateTime": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "azureTenantId": { @@ -32,8 +30,7 @@ } , "closedDateTime":{ - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "cloudAppStates": { "destinationServiceName": [ @@ -66,8 +63,7 @@ }, "createdDateTime": [ { - "key": "created", - "cybox": false + "key": "created" }, { "key": "x-oca-event.created", @@ -196,8 +192,7 @@ }, "lastModifiedDateTime": [ { - "key": "modified", - "cybox": false + "key": "modified" }, { "key": "x-ibm-finding.time_observed", diff --git a/stix_shifter_modules/azure_sentinel/stix_translation/json/to_stix_map.json b/stix_shifter_modules/azure_sentinel/stix_translation/json/to_stix_map.json index 38171cead..3276ac8d5 100644 --- a/stix_shifter_modules/azure_sentinel/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/azure_sentinel/stix_translation/json/to_stix_map.json @@ -1,13 +1,11 @@ { "eventDateTime": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "azureTenantId": { @@ -32,8 +30,7 @@ } , "closedDateTime":{ - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "cloudAppStates": { "destinationServiceName": [ @@ -66,8 +63,7 @@ }, "createdDateTime": [ { - "key": "created", - "cybox": false + "key": "created" }, { "key": "x-oca-event.created", @@ -196,8 +192,7 @@ }, "lastModifiedDateTime": [ { - "key": "modified", - "cybox": false + "key": "modified" }, { "key": "x-ibm-finding.time_observed", diff --git a/stix_shifter_modules/bigfix/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/bigfix/stix_translation/json/stix_2_1/to_stix_map.json index fdf89adc2..ebd501658 100644 --- a/stix_shifter_modules/bigfix/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/bigfix/stix_translation/json/stix_2_1/to_stix_map.json @@ -68,13 +68,11 @@ "timestamp": [ { "key": "first_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "last_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" } ], "computer_identity": { @@ -82,7 +80,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "local_address": diff --git a/stix_shifter_modules/bigfix/stix_translation/json/to_stix_map.json b/stix_shifter_modules/bigfix/stix_translation/json/to_stix_map.json index d00eb6ea3..226cf26a2 100644 --- a/stix_shifter_modules/bigfix/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/bigfix/stix_translation/json/to_stix_map.json @@ -72,13 +72,11 @@ "timestamp": [ { "key": "first_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "last_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" } ], "computer_identity": { @@ -86,7 +84,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "local_address": diff --git a/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map.json index 9cd75ce50..d5dd8be74 100644 --- a/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map.json @@ -16,8 +16,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "process_name": [ @@ -204,8 +203,7 @@ "object": "cb" }, "last_update": { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "last_server_update": { "key": "x-cb-response.last_server_update", diff --git a/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map_events.json b/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map_events.json index 1a494abaf..56d06adeb 100644 --- a/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map_events.json +++ b/stix_shifter_modules/carbonblack/stix_translation/json/stix_2_1/to_stix_map_events.json @@ -1,12 +1,10 @@ { "event_timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-oca-event.created", diff --git a/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map.json b/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map.json index b49e80dcb..5c5fa65e3 100644 --- a/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map.json @@ -16,8 +16,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "process_name": [ @@ -208,8 +207,7 @@ "object": "cb" }, "last_update": { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "last_server_update": { "key": "x-cb-response.last_server_update", diff --git a/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map_events.json b/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map_events.json index a18684b47..685499eb4 100644 --- a/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map_events.json +++ b/stix_shifter_modules/carbonblack/stix_translation/json/to_stix_map_events.json @@ -1,12 +1,10 @@ { "event_timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-oca-event.created", diff --git a/stix_shifter_modules/cbcloud/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/cbcloud/stix_translation/json/stix_2_1/to_stix_map.json index 763f46709..d3a983610 100644 --- a/stix_shifter_modules/cbcloud/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/cbcloud/stix_translation/json/stix_2_1/to_stix_map.json @@ -127,12 +127,10 @@ }, "device_timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-cbcloud.device_timestamp", diff --git a/stix_shifter_modules/cbcloud/stix_translation/json/to_stix_map.json b/stix_shifter_modules/cbcloud/stix_translation/json/to_stix_map.json index 4194584b3..d28950465 100644 --- a/stix_shifter_modules/cbcloud/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/cbcloud/stix_translation/json/to_stix_map.json @@ -135,12 +135,10 @@ }, "device_timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-cbcloud.device_timestamp", diff --git a/stix_shifter_modules/crowdstrike/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/crowdstrike/stix_translation/json/stix_2_1/to_stix_map.json index bfff02290..c33ec9a6a 100644 --- a/stix_shifter_modules/crowdstrike/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/crowdstrike/stix_translation/json/stix_2_1/to_stix_map.json @@ -1,12 +1,10 @@ { "timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-oca-event.created", diff --git a/stix_shifter_modules/crowdstrike/stix_translation/json/to_stix_map.json b/stix_shifter_modules/crowdstrike/stix_translation/json/to_stix_map.json index 602198787..3c7a12ea8 100644 --- a/stix_shifter_modules/crowdstrike/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/crowdstrike/stix_translation/json/to_stix_map.json @@ -1,12 +1,10 @@ { "timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, { "key": "x-oca-event.created", diff --git a/stix_shifter_modules/csa/stix_translation/json/at_to_stix_map.json b/stix_shifter_modules/csa/stix_translation/json/at_to_stix_map.json index af6b12bb6..3b0c545ff 100644 --- a/stix_shifter_modules/csa/stix_translation/json/at_to_stix_map.json +++ b/stix_shifter_modules/csa/stix_translation/json/at_to_stix_map.json @@ -43,29 +43,24 @@ ], "eventcount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "starttime": [ { "key": "created", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "modified", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "first_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "last_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" } ], "url": { diff --git a/stix_shifter_modules/csa/stix_translation/json/nf_to_stix_map.json b/stix_shifter_modules/csa/stix_translation/json/nf_to_stix_map.json index a3236f064..a46359d9e 100644 --- a/stix_shifter_modules/csa/stix_translation/json/nf_to_stix_map.json +++ b/stix_shifter_modules/csa/stix_translation/json/nf_to_stix_map.json @@ -16,29 +16,24 @@ ], "eventcount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "starttime": [ { "key": "created", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "modified", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "first_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" }, { "key": "last_observed", - "transformer": "EpochSecondsToTimestamp", - "cybox": false + "transformer": "EpochSecondsToTimestamp" } ], "sourceip": [ diff --git a/stix_shifter_modules/cybereason/stix_translation/json/to_stix_map.json b/stix_shifter_modules/cybereason/stix_translation/json/to_stix_map.json index 4961676a1..12d63bc35 100644 --- a/stix_shifter_modules/cybereason/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/cybereason/stix_translation/json/to_stix_map.json @@ -70,7 +70,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -82,7 +81,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -231,13 +229,11 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], "endTime": { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, "imageFile": { @@ -1052,7 +1048,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -1064,7 +1059,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -1354,12 +1348,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -1500,7 +1492,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -1512,7 +1503,6 @@ }, { "key": "last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -1610,7 +1600,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], diff --git a/stix_shifter_modules/datadog/stix_translation/json/to_stix_map.json b/stix_shifter_modules/datadog/stix_translation/json/to_stix_map.json index e7f26329f..0a9eb86e7 100644 --- a/stix_shifter_modules/datadog/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/datadog/stix_translation/json/to_stix_map.json @@ -55,13 +55,11 @@ }, { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "start": [ diff --git a/stix_shifter_modules/demo_template/stix_translation/json/to_stix_map.json b/stix_shifter_modules/demo_template/stix_translation/json/to_stix_map.json index 33f0d60e9..f682031f4 100644 --- a/stix_shifter_modules/demo_template/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/demo_template/stix_translation/json/to_stix_map.json @@ -57,19 +57,16 @@ ], "EventCount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "StartTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json index 3b75cea0b..db5874793 100644 --- a/stix_shifter_modules/elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json @@ -1,12 +1,10 @@ { "@timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "source": { diff --git a/stix_shifter_modules/elastic_ecs/stix_translation/json/to_stix_map.json b/stix_shifter_modules/elastic_ecs/stix_translation/json/to_stix_map.json index 2c5fa8bc1..6c82d2a6e 100644 --- a/stix_shifter_modules/elastic_ecs/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/elastic_ecs/stix_translation/json/to_stix_map.json @@ -1,12 +1,10 @@ { "@timestamp": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "source": { diff --git a/stix_shifter_modules/gcp_chronicle/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/gcp_chronicle/stix_translation/json/stix_2_1/to_stix_map.json index 92bb13e9c..0f4b215fd 100644 --- a/stix_shifter_modules/gcp_chronicle/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/gcp_chronicle/stix_translation/json/stix_2_1/to_stix_map.json @@ -1554,12 +1554,10 @@ "object": "event" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "description": { diff --git a/stix_shifter_modules/gcp_chronicle/stix_translation/json/to_stix_map.json b/stix_shifter_modules/gcp_chronicle/stix_translation/json/to_stix_map.json index ee92e4a62..ec1d02f3a 100644 --- a/stix_shifter_modules/gcp_chronicle/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/gcp_chronicle/stix_translation/json/to_stix_map.json @@ -1596,12 +1596,10 @@ "object": "event" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "description": { diff --git a/stix_shifter_modules/guardium/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/guardium/stix_translation/json/stix_2_1/to_stix_map.json index 7db6fd030..37f2be8f5 100644 --- a/stix_shifter_modules/guardium/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/guardium/stix_translation/json/stix_2_1/to_stix_map.json @@ -131,40 +131,34 @@ ], "EventCount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "timestamp": [ { "key": "first_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" }, { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Create Date": [ { "key": "first_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Timestamp": [ { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Last updated": [ { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/guardium/stix_translation/json/to_stix_map.json b/stix_shifter_modules/guardium/stix_translation/json/to_stix_map.json index 1c8648478..242f3add8 100644 --- a/stix_shifter_modules/guardium/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/guardium/stix_translation/json/to_stix_map.json @@ -131,40 +131,34 @@ ], "EventCount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "timestamp": [ { "key": "first_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" }, { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Create Date": [ { "key": "first_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Timestamp": [ { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Last updated": [ { "key": "last_observed", - "transformer": "GuardiumToTimestamp", - "cybox": false + "transformer": "GuardiumToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/ibm_security_verify/stix_translation/json/to_stix_map.json b/stix_shifter_modules/ibm_security_verify/stix_translation/json/to_stix_map.json index 4a89891de..2ac2b75df 100644 --- a/stix_shifter_modules/ibm_security_verify/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/ibm_security_verify/stix_translation/json/to_stix_map.json @@ -120,13 +120,11 @@ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "performedby_username": { diff --git a/stix_shifter_modules/infoblox/stix_translation/json/to_stix_map.json b/stix_shifter_modules/infoblox/stix_translation/json/to_stix_map.json index c3897bcf6..384f4f6f7 100644 --- a/stix_shifter_modules/infoblox/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/infoblox/stix_translation/json/to_stix_map.json @@ -2,12 +2,10 @@ "dnsEventData": { "event_time": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "private_ip": [ @@ -195,12 +193,10 @@ "job": { "create_time": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ] }, @@ -275,12 +271,10 @@ ], "detected": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "received": [ diff --git a/stix_shifter_modules/msatp/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/msatp/stix_translation/json/stix_2_1/to_stix_map.json index 63f843436..b5c978e5b 100644 --- a/stix_shifter_modules/msatp/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/msatp/stix_translation/json/stix_2_1/to_stix_map.json @@ -148,12 +148,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -215,7 +213,6 @@ ], "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "original_ref": [ @@ -266,12 +263,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -641,7 +636,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "original_ref": [ @@ -742,12 +736,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -1167,7 +1159,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -1195,12 +1186,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -1606,7 +1595,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -1634,12 +1622,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -1995,7 +1981,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -2023,12 +2008,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -2344,7 +2327,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -2372,12 +2354,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -2927,7 +2907,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { diff --git a/stix_shifter_modules/msatp/stix_translation/json/to_stix_map.json b/stix_shifter_modules/msatp/stix_translation/json/to_stix_map.json index 80ba234e8..c3424b154 100644 --- a/stix_shifter_modules/msatp/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/msatp/stix_translation/json/to_stix_map.json @@ -148,12 +148,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -215,7 +213,6 @@ ], "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "original_ref": [ @@ -266,12 +263,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -651,7 +646,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "original_ref": [ @@ -752,12 +746,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -1192,7 +1184,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -1220,12 +1211,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -1641,7 +1630,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -1669,12 +1657,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -2040,7 +2026,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -2068,12 +2053,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -2399,7 +2382,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { @@ -2427,12 +2409,10 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "MsatpToTimestamp" }, { "key": "last_observed", - "cybox": false, "transformer": "MsatpToTimestamp" } ], @@ -2997,7 +2977,6 @@ }, "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "ReportId": { diff --git a/stix_shifter_modules/mysql/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/mysql/stix_translation/json/stix_2_1/to_stix_map.json index de12c2a4c..afde48117 100644 --- a/stix_shifter_modules/mysql/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/mysql/stix_translation/json/stix_2_1/to_stix_map.json @@ -24,13 +24,11 @@ "entry_time": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "url": { diff --git a/stix_shifter_modules/mysql/stix_translation/json/to_stix_map.json b/stix_shifter_modules/mysql/stix_translation/json/to_stix_map.json index 7adea5295..fed9af813 100644 --- a/stix_shifter_modules/mysql/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/mysql/stix_translation/json/to_stix_map.json @@ -24,13 +24,11 @@ "entry_time": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "url": { diff --git a/stix_shifter_modules/okta/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/okta/stix_translation/json/stix_2_1/to_stix_map.json index 4f62a543b..8e3355d26 100644 --- a/stix_shifter_modules/okta/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/okta/stix_translation/json/stix_2_1/to_stix_map.json @@ -307,12 +307,10 @@ }, "published": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ] } \ No newline at end of file diff --git a/stix_shifter_modules/okta/stix_translation/json/to_stix_map.json b/stix_shifter_modules/okta/stix_translation/json/to_stix_map.json index 8cb58bba9..0fe2b7216 100644 --- a/stix_shifter_modules/okta/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/okta/stix_translation/json/to_stix_map.json @@ -307,12 +307,10 @@ }, "published": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ] } \ No newline at end of file diff --git a/stix_shifter_modules/paloalto/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/paloalto/stix_translation/json/stix_2_1/to_stix_map.json index 391cfac63..94a7bee6e 100644 --- a/stix_shifter_modules/paloalto/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/paloalto/stix_translation/json/stix_2_1/to_stix_map.json @@ -253,7 +253,6 @@ }, { "key": "x_action_file_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -265,7 +264,6 @@ }, { "key": "x_actor_process_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -277,7 +275,6 @@ }, { "key": "x_os_actor_process_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -310,7 +307,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -458,7 +454,6 @@ }, { "key": "x_process_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -470,7 +465,6 @@ }, { "key": "x_process_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -482,7 +476,6 @@ }, { "key": "x_process_causality_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -494,7 +487,6 @@ }, { "key": "x_process_os_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], diff --git a/stix_shifter_modules/paloalto/stix_translation/json/to_stix_map.json b/stix_shifter_modules/paloalto/stix_translation/json/to_stix_map.json index 0f98d01c7..8fc117b00 100644 --- a/stix_shifter_modules/paloalto/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/paloalto/stix_translation/json/to_stix_map.json @@ -269,7 +269,6 @@ }, { "key": "x_action_file_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -281,7 +280,6 @@ }, { "key": "x_actor_process_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -293,7 +291,6 @@ }, { "key": "x_os_actor_process_last_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -326,7 +323,6 @@ }, { "key": "first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -474,7 +470,6 @@ }, { "key": "x_process_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -486,7 +481,6 @@ }, { "key": "x_process_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -498,7 +492,6 @@ }, { "key": "x_process_causality_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], @@ -510,7 +503,6 @@ }, { "key": "x_process_os_actor_first_observed", - "cybox": false, "transformer": "EpochToTimestamp" } ], diff --git a/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json index 72668609b..edcf17222 100644 --- a/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/qradar/stix_translation/json/stix_2_1/to_stix_map.json @@ -143,7 +143,6 @@ "eventcount": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, { @@ -160,8 +159,7 @@ "starttime": [ { "key": "first_observed", - "transformer": "QRadarEpochToTimestamp", - "cybox": false + "transformer": "QRadarEpochToTimestamp" }, { "key": "x-ibm-finding.start", @@ -172,8 +170,7 @@ "endtime": [ { "key": "last_observed", - "transformer": "QRadarEpochToTimestamp", - "cybox": false + "transformer": "QRadarEpochToTimestamp" }, { "key": "x-ibm-finding.end", diff --git a/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json b/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json index 9155434b6..bed99074a 100644 --- a/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/qradar/stix_translation/json/to_stix_map.json @@ -143,7 +143,6 @@ "eventcount": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, { @@ -160,8 +159,7 @@ "starttime": [ { "key": "first_observed", - "transformer": "QRadarEpochToTimestamp", - "cybox": false + "transformer": "QRadarEpochToTimestamp" }, { "key": "x-ibm-finding.start", @@ -172,8 +170,7 @@ "endtime": [ { "key": "last_observed", - "transformer": "QRadarEpochToTimestamp", - "cybox": false + "transformer": "QRadarEpochToTimestamp" }, { "key": "x-ibm-finding.end", diff --git a/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json b/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json index b39f0cf2c..37d2cbdc5 100644 --- a/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/qradar_perf_test/stix_translation/json/to_stix_map.json @@ -149,7 +149,6 @@ "eventcount": [ { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, { @@ -166,8 +165,7 @@ "starttime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "x-ibm-finding.start", @@ -178,8 +176,7 @@ "endtime": [ { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "x-ibm-finding.end", diff --git a/stix_shifter_modules/reaqta/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/reaqta/stix_translation/json/stix_2_1/to_stix_map.json index 3bc99a73a..521d54883 100644 --- a/stix_shifter_modules/reaqta/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/reaqta/stix_translation/json/stix_2_1/to_stix_map.json @@ -10,11 +10,9 @@ }, "happenedAt": [ { - "cybox": false, "key": "first_observed" }, { - "cybox": false, "key": "last_observed" } ], diff --git a/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json b/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json index 6ccc01984..a35e55bb0 100644 --- a/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/reaqta/stix_translation/json/to_stix_map.json @@ -10,11 +10,9 @@ }, "happenedAt": [ { - "cybox": false, "key": "first_observed" }, { - "cybox": false, "key": "last_observed" } ], diff --git a/stix_shifter_modules/rhacs/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/rhacs/stix_translation/json/stix_2_1/to_stix_map.json index 70c398277..6914b6655 100644 --- a/stix_shifter_modules/rhacs/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/rhacs/stix_translation/json/stix_2_1/to_stix_map.json @@ -277,11 +277,9 @@ "transformer": "ToIsactive" }, "firstObserved": { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, "lastObserved": { - "key": "last_observed", - "cybox": false + "key": "last_observed" } } diff --git a/stix_shifter_modules/rhacs/stix_translation/json/to_stix_map.json b/stix_shifter_modules/rhacs/stix_translation/json/to_stix_map.json index 0d1841a5a..fa4f9d68a 100644 --- a/stix_shifter_modules/rhacs/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/rhacs/stix_translation/json/to_stix_map.json @@ -277,11 +277,9 @@ "transformer": "ToIsactive" }, "firstObserved": { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, "lastObserved": { - "key": "last_observed", - "cybox": false + "key": "last_observed" } } diff --git a/stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/to_stix_map.json index ccd02d50b..49918420f 100644 --- a/stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/secretserver/stix_translation/json/stix_2_1/to_stix_map.json @@ -38,13 +38,11 @@ "StartTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/secretserver/stix_translation/json/to_stix_map.json b/stix_shifter_modules/secretserver/stix_translation/json/to_stix_map.json index ccd02d50b..49918420f 100644 --- a/stix_shifter_modules/secretserver/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/secretserver/stix_translation/json/to_stix_map.json @@ -38,13 +38,11 @@ "StartTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/security_advisor/stix_translation/json/to_stix_map.json b/stix_shifter_modules/security_advisor/stix_translation/json/to_stix_map.json index 8c6601ed1..e43378f61 100644 --- a/stix_shifter_modules/security_advisor/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/security_advisor/stix_translation/json/to_stix_map.json @@ -99,16 +99,13 @@ "object": "x_security_advisor_finding" }, "createTime": { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, "updateTime": { - "key": "last_observed", - "cybox": false + "key": "last_observed" }, "occurence_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" } } diff --git a/stix_shifter_modules/sentinelone/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/sentinelone/stix_translation/json/stix_2_1/to_stix_map.json index 4d32b7319..861699a80 100644 --- a/stix_shifter_modules/sentinelone/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/sentinelone/stix_translation/json/stix_2_1/to_stix_map.json @@ -242,8 +242,7 @@ "object": "file" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "tgtFileModifiedAt": [ @@ -252,8 +251,7 @@ "object": "file" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "loginAccountSid": { @@ -361,8 +359,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "tgtProcStartTime": [ @@ -371,8 +368,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "srcProcParentStartTime": [ @@ -381,8 +377,7 @@ "object": "parent_process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { "key": "process.parent_ref", @@ -390,8 +385,7 @@ "references": "parent_process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "srcProcPid": [ diff --git a/stix_shifter_modules/sentinelone/stix_translation/json/to_stix_map.json b/stix_shifter_modules/sentinelone/stix_translation/json/to_stix_map.json index 052195eaa..b97486581 100644 --- a/stix_shifter_modules/sentinelone/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/sentinelone/stix_translation/json/to_stix_map.json @@ -242,8 +242,7 @@ "object": "file" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "tgtFileModifiedAt": [ @@ -252,8 +251,7 @@ "object": "file" }, { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "loginAccountSid": { @@ -361,8 +359,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "tgtProcStartTime": [ @@ -371,8 +368,7 @@ "object": "process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "srcProcParentStartTime": [ @@ -381,8 +377,7 @@ "object": "parent_process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" }, { "key": "process.parent_ref", @@ -390,8 +385,7 @@ "references": "parent_process" }, { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "srcProcPid": [ diff --git a/stix_shifter_modules/splunk/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/splunk/stix_translation/json/stix_2_1/to_stix_map.json index 8b2c16b5b..f3ed10675 100644 --- a/stix_shifter_modules/splunk/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/splunk/stix_translation/json/stix_2_1/to_stix_map.json @@ -1,7 +1,6 @@ { "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "_raw": [ @@ -150,13 +149,11 @@ "_time": [ { "key": "first_observed", - "transformer": "SplunkToTimestamp", - "cybox": false + "transformer": "SplunkToTimestamp" }, { "key": "last_observed", - "transformer": "SplunkToTimestamp", - "cybox": false + "transformer": "SplunkToTimestamp" }, { "key": "x-oca-event.created", @@ -169,10 +166,6 @@ "key": "user-account.account_login", "object": "authentication" }, - { - "key": "x_splunk_spl.user", - "cybox": false - }, { "key": "user-account.user_id", "object": "authentication" @@ -190,10 +183,6 @@ "references": "authentication" } ], - "bytes": { - "key": "x_splunk_spl.bytes", - "cybox": false - }, "ssl_hash": [ { "key": "x509-certificate.hashes.SHA-256", diff --git a/stix_shifter_modules/splunk/stix_translation/json/to_stix_map.json b/stix_shifter_modules/splunk/stix_translation/json/to_stix_map.json index c8f8d843d..6fc55b579 100644 --- a/stix_shifter_modules/splunk/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/splunk/stix_translation/json/to_stix_map.json @@ -1,7 +1,6 @@ { "event_count": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "_raw": [ @@ -150,13 +149,11 @@ "_time": [ { "key": "first_observed", - "transformer": "SplunkToTimestamp", - "cybox": false + "transformer": "SplunkToTimestamp" }, { "key": "last_observed", - "transformer": "SplunkToTimestamp", - "cybox": false + "transformer": "SplunkToTimestamp" }, { "key": "x-oca-event.created", @@ -169,10 +166,6 @@ "key": "user-account.account_login", "object": "authentication" }, - { - "key": "x_splunk_spl.user", - "cybox": false - }, { "key": "user-account.user_id", "object": "authentication" @@ -190,10 +183,6 @@ "references": "authentication" } ], - "bytes": { - "key": "x_splunk_spl.bytes", - "cybox": false - }, "ssl_hash": [ { "key": "x509-certificate.hashes.SHA-256", diff --git a/stix_shifter_modules/splunk/tests/stix_translation/test_splunk_json_to_stix.py b/stix_shifter_modules/splunk/tests/stix_translation/test_splunk_json_to_stix.py index bdaeae02c..4a5e66749 100644 --- a/stix_shifter_modules/splunk/tests/stix_translation/test_splunk_json_to_stix.py +++ b/stix_shifter_modules/splunk/tests/stix_translation/test_splunk_json_to_stix.py @@ -165,7 +165,7 @@ def test_change_cim_to_stix(self): assert (dir_obj['created'] == "2018-08-15T15:11:55.676Z") assert (dir_obj['modified'] == "2018-08-15T18:10:30.456Z") - assert(objects.keys() == set(map(str, range(0, 5)))) + assert (objects.keys() == set(map(str, range(0, 5)))) def test_certificate_cim_to_stix(self): count = 1 @@ -399,7 +399,6 @@ def test_custom_mapping(self): }, "event_count": { "key": "number_observed", - "cybox": False, "transformer": "ToInteger" }, "src_ip": [ diff --git a/stix_shifter_modules/sumologic/stix_translation/json/to_stix_map.json b/stix_shifter_modules/sumologic/stix_translation/json/to_stix_map.json index 401a3de7e..27b59d128 100644 --- a/stix_shifter_modules/sumologic/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/sumologic/stix_translation/json/to_stix_map.json @@ -31,8 +31,7 @@ }, { "key": "number_observed", - "transformer": "ToInteger", - "cybox": false + "transformer": "ToInteger" } ], "_messagetime": [ @@ -48,13 +47,11 @@ }, { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "_messageid": { diff --git a/stix_shifter_modules/synchronous_template/stix_translation/json/to_stix_map.json b/stix_shifter_modules/synchronous_template/stix_translation/json/to_stix_map.json index 33f0d60e9..f682031f4 100644 --- a/stix_shifter_modules/synchronous_template/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/synchronous_template/stix_translation/json/to_stix_map.json @@ -57,19 +57,16 @@ ], "EventCount": { "key": "number_observed", - "cybox": false, "transformer": "ToInteger" }, "StartTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "Url": { diff --git a/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/stix_2_1/to_stix_map.json b/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/stix_2_1/to_stix_map.json index dd9461884..8f685c706 100644 --- a/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/stix_2_1/to_stix_map.json +++ b/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/stix_2_1/to_stix_map.json @@ -2,13 +2,11 @@ "eventTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "src": [ diff --git a/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/to_stix_map.json b/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/to_stix_map.json index c111b49e3..1c7d8ee83 100644 --- a/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/to_stix_map.json +++ b/stix_shifter_modules/trendmicro_vision_one/stix_translation/json/to_stix_map.json @@ -2,13 +2,11 @@ "eventTime": [ { "key": "first_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" }, { "key": "last_observed", - "transformer": "EpochToTimestamp", - "cybox": false + "transformer": "EpochToTimestamp" } ], "src": [ diff --git a/stix_shifter_utils/modules/car/stix_translation/json/to_stix_map.json b/stix_shifter_utils/modules/car/stix_translation/json/to_stix_map.json index c63a42566..e2e308eb3 100644 --- a/stix_shifter_utils/modules/car/stix_translation/json/to_stix_map.json +++ b/stix_shifter_utils/modules/car/stix_translation/json/to_stix_map.json @@ -1,20 +1,17 @@ { "first_observed": [ { - "key": "first_observed", - "cybox": false + "key": "first_observed" } ], "last_observed": [ { - "key": "last_observed", - "cybox": false + "key": "last_observed" } ], "number_observed": [ { - "key": "number_observed", - "cybox": false + "key": "number_observed" } ], "process.pid": [ diff --git a/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py b/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py index d3f2e4e5e..d9a81fb82 100644 --- a/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py +++ b/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py @@ -66,7 +66,7 @@ def __init__(self, data_source, ds_to_stix_map, transformers, options, callback= self.callback = callback # parse through options - self.cybox_default = options.get('cybox_default', True) + # self.cybox_default = options.get('cybox_default', True) self.properties = observable.properties @@ -301,7 +301,12 @@ def _handle_value(self, data, parent_data, ds_sub_key, to_stix_config_prop, obje references = references = prop['references'] if 'references' in prop else None # unwrap array of stix values to separate stix objects unwrap = True if 'unwrap' in prop and isinstance(data, list) else False - cybox = prop.get('cybox', self.cybox_default) + if "." in key: + cybox = True + else: + cybox = False + + # cybox = prop.get('cybox', self.cybox_default) if self.callback: try: @@ -313,7 +318,8 @@ def _handle_value(self, data, parent_data, ds_sub_key, to_stix_config_prop, obje config_keys = key.split('.') if len(config_keys) < 2: - if False is prop.get('cybox', self.cybox_default): + # if False is prop.get('cybox', self.cybox_default): + if not cybox: object_tag_ref_map['out_cybox'][key] = self._compose_value_object(data, [], observable_key=key, object_tag_ref_map=object_tag_ref_map, transformer=transformer, references=references, unwrap=unwrap) pass else: From f25486d728fcb13e9928ccf6e0e33e46ab528194 Mon Sep 17 00:00:00 2001 From: Danny Elliott Date: Wed, 7 Jun 2023 10:12:31 -0300 Subject: [PATCH 2/2] remove commented code --- .../stix_translation/src/json_to_stix/json_to_stix_translator.py | 1 - 1 file changed, 1 deletion(-) diff --git a/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py b/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py index d9a81fb82..ab5663cc7 100644 --- a/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py +++ b/stix_shifter_utils/stix_translation/src/json_to_stix/json_to_stix_translator.py @@ -66,7 +66,6 @@ def __init__(self, data_source, ds_to_stix_map, transformers, options, callback= self.callback = callback # parse through options - # self.cybox_default = options.get('cybox_default', True) self.properties = observable.properties