http://open-source-security-software.net/project/cti-stix-elevator/releases.atom 2025-08-02T13:48:26.756710+00:00 python-feedgen cti-stix-elevator v1.0.0 2017-05-25T18:21:06+00:00 * support for the most current version of the STIX specification (WD02) * data marking support (TLP, Statement (TOU, Simple), AIS) * more complete support for: * Email * Sightings * Files * Cyber observable relationships * Network Traffic * more options on the command line * output-directory (this option is available for running the elevator for multiple files) capture output of for each conversion in a file in this directory * policy no_policy (default) – output converted content, regardless of correctness. strict_policy – no converted content is produced if any (not disabled) log messages are produced or the resulting content is not valid STIX * log-level: DEBUG, INFO, WARN, ERROR, CRITICAL 2017-05-25T18:21:06+00:00 cti-stix-elevator v1.1.0 2018-03-23T16:37:53+00:00 1.1.0 - 2018-03-23 * Warn about maec content * fix win-registry-key issue * Bump to latest stixmarx. * Drop support for Python 3.3 * Clear cybox caches once per elevate call * Don't validate on no policy * Update Tox configuration and and fix logging problem * Added python-stix2 as a dependency * Pattern expression classes * Support silent option in validator * Add support for Python 3.6 * Handle Constants and ObjectPaths * added demorgan's rule stuff to handle boolean expression special case for ranges * fix __str__ methods * Clean up global variables, and made sure they were all reinitialized for each new file. 2018-03-23T16:37:53+00:00 cti-stix-elevator v1.1.1 2018-04-04T18:59:03+00:00 * Process Timestamps in make_constant * Process data markings not handled by the elevator - If no model is defined, elevator will error off in xml parser - added option --markings_allowed. Can be used to avoid an error exit on a defined data marking (i.e., parseable) in convert_marking_specification * Handle some related objects * Handle multiple collapsed comparison expression * Remember mappings between objects and observables * Fixed REs for StartsWith and Contains * No need to pass in bundle_instance when creating patterns * Fixed import of AIS data markings, also made it unconditional * Create coverage.rst 2018-04-04T18:59:03+00:00 cti-stix-elevator v1.1.2 2018-06-18T13:21:47+00:00 2018-06-18T13:21:47+00:00 cti-stix-elevator v1.1.3 2018-06-18T13:22:00+00:00 2018-06-18T13:22:00+00:00 cti-stix-elevator v1.2.0 2018-09-08T19:40:51+00:00 * Close #41, #85, #87, #91, #114, #116, #117, #120, #121 * Handle delimited list in patterns * Fix timestamps * Added modified time to registry keys * Handle Process object more robustly * Handle Vulnerability more robustly * Correctly handle renumbering of objects in ObservedData * Correctly handle multi-part emails * Added _hex to machine and characteristics property names for windows binary file in convert_pattern.py * Handle HTTPSession(HTTPClientRequest), NetworkPacket(ICMP), NetworkSocket * Handle non-String properties in convert_http_network_connection_extension * Added tests for new objects * Fix campaign alias * Remove dns_query from stix conversion. Warn message instead. * Register markings by object and id. Don't try to create markings from idref cases * If markings have id re-use them instead of creating new id * Added some messages to signal skipped markings. * Make adjustments to handle UTF-8 content. * Ignore case for STIX 1.x conditions * Gracefully handle unexpected formatting in STIX 1.x IDs * Make find_dir more efficient 2018-09-08T19:40:51+00:00 cti-stix-elevator v2.0.0 2018-09-27T13:58:01+00:00 Convert to STIX 2.1 content. 2018-09-27T13:58:01+00:00 cti-stix-elevator v2.0.1 2019-01-16T18:18:49+00:00 2.0.1 - 2019-01-16 * #145 - Pass version option given in the command line to the stix-validator 2019-01-16T18:18:49+00:00 cti-stix-elevator v2.1.0 2019-12-20T20:04:25+00:00 Major Changes --------------- * Handle SCOs * Enable use of custom properties for properties missing from STIX 2.x * Support all additional properties and property name changes for version 2.1 * Handle UUIDv5 for SCOs in version 2.1 Other Changes --------------- * Fix patterns involving PE binary file header * Handle characteristic observables in infrastructure * Better mapping of STIX 1.x relationship types to STIX 2.x ones * Update logic to create TLP markings as stated in the specification * issue #148 - support ports CybOX object * Handle “Contains” operator more correctly Testing Changes ----------------- * Compare UUIDv5 for equality 2019-12-20T20:04:25+00:00 cti-stix-elevator v2.1.1 2020-03-10T15:37:24+00:00 2.1.1 - 2019-12-20 * Handle archive files correctly * Handle CIDRs * Handle missing kill-chain definition 2020-03-10T15:37:24+00:00 cti-stix-elevator v3.0.0 2020-07-08T17:19:56+00:00 **The elevator and stepper are compliant with STIX 2.1 CS01** **Python 2.7 and 3.4 are no longer supported** * Other changes: - Handle STIX 1.x (CybOX 2.1) custom cyber objects - Handle SCOs: x509-certificate, autonomous-system, software - Handle File extensions: raster-image-ext, pdf-ext - Correct deterministic id generation algorithm - Handle observable characteristics in infrastructure - Handle parameter observables in COA - *_types property is now optional in 2.1 - Handle some STIX 1.x object references - Improved handling of STIX 1.x RelatedObjects - Handle aliases for threat actors better - Threat_actor goal set correctly - Handle socket address - Handle more headers in email-message - Improved handling of composite observable conversion - Add general elevate() method, deprecate all other methods - Consolidate timestamp logic - Use uuid4s for custom SCOs in the stepper - Check stepper results with stix-validator - In external-references, the reference property must be in URI format * Testing changes - Added testing for python 3.8 - Add new file to test main methods to interact with the elevator, use new method in test_idioms.py * Fixes for issues: #174 - In test case identifying-a-threat-actor-group, a uuid is reused inappropriately #182 - Message 905 about package timestamp is misleading #186 - generate_sco_id fails to generate deterministic ID for some objects that contain special characters #191 - Required attributes not added when upgrading from v2.0 -> v2.1 #193 - 'MarkableText' object has no attribute 'reference' 2020-07-08T17:19:56+00:00 cti-stix-elevator v3.0.1 2020-12-09T17:08:03+00:00 **Patch release for updated dependencies** * Update dependencies - python-stix2 (2.1.0) - stix2validator (2.0.2) - stixmarx (1.0.8) * Other changes: - Implement semantics of patterns more correctly - Impose predicable order for terms in pattern expression involving pdf files - Clear location object cache 2020-12-09T17:08:03+00:00 cti-stix-elevator v4.0.0 2021-05-02T21:37:10+00:00 The elevator and stepper are compliant with STIX 2.1 CS01 Python 3.5 is no longer supported. All compatibility code to support Python 2.7 has been removed (e.g., the six package) Major Changes - Support Extension feature described in section 7.3 of the specification - Support Incident as a specification SDO - Use handle_missing_properties method to encapsulate most extension/custom functionality - Handle related objects with no know STIX 2.1 relationship Other Changes - Handle ArchiveFile different for 2.0 vs 2.1 - email_message:message_id is only in 2.1 - Infer network-traffic protocol from extension type - Handle registry key in example where there is no hive property - Better handling of Sightings - Add object data marking to Relationships when appropriate based on the source and target references - Handle name and title properties of malware better Testing changes - Added testing for python 3.9 - Test for the ignore missing policy for STIX 2.1 2021-05-02T21:37:10+00:00 cti-stix-elevator v4.0.1 2021-06-10T16:37:16+00:00 Default spec_version when invoking the elevator programmatically (i.e., not from the command line) has been corrected to be 2.1 2021-06-10T16:37:16+00:00 cti-stix-elevator v4.0.2 2021-09-11T13:08:30+00:00 * Changes - Avoid generating nested observation expressions, which are invalid - Handle cybox Homename object as domain-name object in STIX 2.x - Make sure identity created_by_ref property is set correctly - Correctly convert file object properties in patterns - Handle nested related objects in STIX 1.x Observables - Handle Information Source in a STIX 1.x package data marking - Better way to avoid infinite recursion when called get_identity - Add suffix 'ref(s)'' to property names for custom/extension of Incident - AIS data markings: - Insure TTP generated STIX 2.x objects and relationship objects have the correct AIS data markings - Change labels to handle CISA-PROPRIETARY correctly 2021-09-11T13:08:30+00:00 cti-stix-elevator v4.1.0 2021-10-08T17:56:55+00:00 This release optionally handles ACS data markings (see install doc) * Other changes - added --acs option for ACS data markings - Fix hash_constant processing to handle defaults - Handle literals in missing policy code - Added time properties to incident extension - Handle malware aliases 2021-10-08T17:56:55+00:00 cti-stix-elevator v4.1.1 2021-12-09T18:05:51+00:00 Minor fixes to handle an empty STIX 1.x description tag, and improved processing of extensions in patterns. 2021-12-09T18:05:51+00:00 cti-stix-elevator v4.1.2 2021-12-22T15:16:44+00:00 - Improved processing of ACS data markings - Handle multiple Vulnerabilites in an Exploit-Target correctly 2021-12-22T15:16:44+00:00 cti-stix-elevator v4.1.3 2022-01-11T17:00:07+00:00 ACS Data Marking issues - Incorporate change to package dependency stix-edh - Warn if ACS indetifier is invalid 2022-01-11T17:00:07+00:00 cti-stix-elevator v4.1.4 2022-01-24T21:05:20+00:00 - Populate name property with placeholder name if missing from STIX 1.x because it is required in STIX 2.x - new command line option -r - Hostname in SocketAddress in pattern is fixed - Revamp handling of Sightings - Compare STIX 1.x ids in a case-insensitive way 2022-01-24T21:05:20+00:00 cti-stix-elevator v4.1.5 2022-02-04T20:17:46+00:00 Additional fix for Hostname in SocketAddress in pattern 2022-02-04T20:17:46+00:00 cti-stix-elevator v4.1.6 2022-06-10T17:32:47+00:00 Fix functionality for --enable and --disable options 2022-06-10T17:32:47+00:00 cti-stix-elevator v4.1.7 2022-09-28T18:42:33+00:00 Add a grouping or report to capture extra stix-package.header info 2022-09-28T18:42:33+00:00