Hi everyone-
We just published cti-stix-elevator version 2.1 on PyPi [1]. The source code is available at [2]. read-the-docs documentation is available at [3].
Major Changes
Handle SCOs
More complete support of CybOX objects
Enable use of custom properties for properties missing from STIX 2.x
Support all additional properties and property name changes for version 2.1 WD06
Handle UUIDv5 for SCOs in version 2.1
Other Changes
Fix patterns involving PE binary file header
Handle characteristic observables in infrastructure
Better mapping of STIX 1.x relationship types to STIX 2.x ones
Update logic to create TLP markings as stated in the specification
issue #148 - support ports CybOX object
Handle âContainsâ operator more correctly
Testing Changes
Compare UUIDv5 for equality
One new feature in this release, enabling the use of custom properties for properties missing from STIX 2.x, needs further discussion. The elevator tries to retain as much information from the STIX 1.x content
as possible. Previously, if a STIX 1.x property did not exist in STIX 2.x, the elevator provided an option to include that content in the description property. This was the default behavior, which could be disabled.
As the use of STIX 2.x has evolved, the use of custom properties had been more generally accepted. This version of the elevator provides an additional option for how to handle âmissingâ properties. The previous
option --no-squirrel-gaps has been replaced by the option
--missing-policy , which has three possible values:
use-custom-properties â if the STIX 1.x cannot be represented using the existing properties defined in the STIX 2.x specification, use the custom-properties facility
add-to-description â the previous default behavior. This option remains the default.
ignore â the behavior previously enabled by the âno-squirrel-gapsâ option
An additional new option is provided to work in conjunction with the
--missing-policy option, when its value is use-custom-properties. This option,
--custom-property-prefix , allows for a prefix for the name of the custom properties. As described in the STIX specification document:
Custom Property names
SHOULD start with âx_â followed by a source unique identifier (such as a domain name with dots replaced by underscores), an underscore and then the name. For example,
x_example_com_customfield
The default value for this option is âelevatorâ.
Please enter an issue on Github for bugs and feature requests.
Contributions welcome.
Rich Piazza
Chris Lenk
Emmanuelle Vargas-Gonzalez
MITRE
[1]
https://pypi.org/project/stix2-elevator [2]
https://github.com/oasis-open/cti-stix-elevator [3]
https://stix2-elevator.readthedocs.io/en/latest/