-
Notifications
You must be signed in to change notification settings - Fork 23
/
CHANGELOG
302 lines (231 loc) · 11.4 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
CHANGELOG
=========
4.1.7 - 2022-09-28
- A report or grouping is created to store the extra STIX package header information
4.1.6 - 2022-06-10
- fix functionality for --enable and --disable options
4.1.5 - 2022-02-04
- Additional fix for Hostname in SocketAddress in pattern
4.1.4 - 2022-01-24
- Handle required properties
- new command line option -r
- Hostname in SocketAddress in pattern is fixed
- Revamp handling of Sightings
- Compare STIX 1.x ids in a case-insensitive way
4.1.3 - 2022-01-11
ACS Data Marking issues
- Incorporate change to package dependency stix-edh
- Warn if ACS identifier is invalid
4.1.2 - 2021-12-22
- Improved processing of ACS data markings
- Handle multiple Vulnerabilites in an Exploit-Target correctly
4.1.1 - 2021-12-09
Minor fixes to handle an empty STIX 1.x description tag, and improved processing of extensions in patterns.
4.1.0 - 2021-10-08
This release optionally handles ACS data markings (see install doc)
* Other changes
- added --acs oiption for ACS data markings
- Fix hash_constant processing to handle defaults
- Handle literals in missing policy code
- Added time properties to incident extension
- Handle malware aliases
4.0.2 - 2021-09-10
* Changes
- Avoid generating nested observation expressions, which are invalid
- Handle cybox Homename object as domain-name object in STIX 2.x
- Make sure identity created_by_ref property is set correctly
- Correcly convert file object properties in patterns
- Handle nested related objects in STIX 1.x Observables
- Handle Information Source in a STIX 1.x package data marking
- Better way to avoid infinite recursion when called get_identity
- Add suffix 'ref(s)'' to property names for custom/extension of Incident
- AIS data markings:
- Insure TTP generated STIX 2.x objects and relationship objects have the correct AIS data markings
- Change labels to handle CISA-PROPRIETARY correctly
4.0.1 - 2021-06-10
Default spec_version when invoking the elevator programmatically (i.e., not from the command line)
has been corrected to be 2.1
4.0.0 - 2021-05-02
The elevator and stepper are compliant with STIX 2.1 CS03
Python 3.5 is no longer supported.
All compatibility code to support Python 2.7 has been removed (e.g., the six package)
* Major Changes
- Support Extension feature described in section 7.3 of the specification
- Support Incident as a specification SDO
- Use handle_missing_properties method to encapsulate most extension/custom functionality
- Handle related objects with no know STIX 2.1 relationship
* Other Changes
- Handle ArchiveFile different for 2.0 vs 2.1
- email_message:message_id is only in 2.1
- Infer network-traffic protocol from extension type
- Handle registry key in example where there is no hive property
- Better handling of Sightings
- Add object data marking to Relationships when appropriate based on the source and target references
- Handle name and title properties of malware better
* Testing changes
- Added testing for python 3.9
- Test for the ignore missing policy for STIX 2.1
3.0.1 - 2020-12-09
* Update dependencies
- python-stix2 (2.1.0)
- stix2validator (2.0.2)
- stixmarx (1.0.8)
* Other changes:
- Implement semantics of patterns more correctly
- Impose predicable order for terms in pattern expression involving pdf files
- Clear location object cache
3.0.0 - 2020-07-08
**The elevator and stepper are compliant with STIX 2.1 CS01**
**Python 2.7 and 3.4 are no longer supported**
* Other changes:
- Handle STIX 1.x (CybOX 2.1) custom cyber objects
- Handle SCOs: x509-certificate, autonomous-system, software
- Handle File extensions: raster-image-ext, pdf-ext
- Correct deterministic id generation algorithm
- Handle observable characteristics in infrastructure
- Handle parameter observables in COA
- *_types property is now optional in 2.1
- Handle some STIX 1.x object references
- Improved handling of STIX 1.x RelatedObjects
- Handle aliases for threat actors better
- Threat_actor goal set correctly
- Handle socket address
- Handle more headers in email-message
- Improved handling of composite observable conversion
- Add general elevate() method, deprecate all other methods
- Consolidate timestamp logic
- Use uuid4s for custom SCOs in the stepper
- Check stepper results with stix-validator
- In external-references, the reference property must be in URI format
* Testing changes
- Added testing for python 3.8
- Add new file to test main methods to interact with the elevator, use new method in test_idioms.py
* Fixes for issues:
#174 - In test case identifying-a-threat-actor-group, a uuid is reused inappropriately
#182 - Message 905 about package timestamp is misleading
#186 - generate_sco_id fails to generate deterministic ID for some objects that contain special characters
#191 - Required attributes not added when upgrading from v2.0 -> v2.1
#193 - 'MarkableText' object has no attribute 'reference'
2.1.1 - 2019-12-20
* Handle archive files correctly
* Handle CIDRs
* Handle missing kill-chain definition
2.1.0 - 2019-12-11
* Handle SCOs
* More complete support of CybOX objects
* Enable use of custom properties for properties missing from STIX 2.x
* Support all additional properties and property name changes for STIX 2.1 WD06
* Handle UUIDv5 for SCOs in STIX 2.1
* Fix patterns involving PE binary file header
* Handle characteristic observables in infrastructure
* Better mapping of STIX 1.x relationship types to STIX 2.x ones
* Update logic to create TLP markings as stated in the specification
* issue #148 - support ports CybOX object
* Handle “Contains” operator more correctly
* Allow SNORT/YARA patterns
2.0.1 - 2019-01-16
* #145 - Pass version option given in the command line to the stix-validator
2.0.0 - 2019-01-04
* Introduce the "stepper" to convert STIX 2.0 content to STIX 2.1 content
* Enable the elevator to convert from STIX 1.x content to STIX 2.0 or STIX 2.1 content
* Surround pattern with [], even if the term cannot be converted
* Use country code, if given
* Process party_name, even if name already given.
* Fix extension names in object paths
* Use stix2-validator 2.0.0, stixmarx 1.0.3, pycountry 1.17.8
* Add version argument for validator
* Issue #47: Use environment to pass options
* Issue #129: Handle report with no header.
Testing changes:
* Add stepper test. Only test stepper once per Python version
* Include all tests in coverage report, test both versions of STIX in all versions of Python.
* Travis runs tox testing both STIX 2.0 and 2.1
* Update all idiom files to work with STIX 2.1 elevator and stepper tests
* Add python37 testing.
1.2.0 - 2018-09-10
* Close #41, #85, #87, #91, #114, #116, #117, #120, #121
* Handle delimited list in patterns
* Fix timestamps
* Added modified time to registry keys
* Handle Process object more robustly
* Handle Vulnerability more robustly
* Correctly handle renumbering of objects in ObservedData
* Correctly handle multi-part emails
* Added _hex to machine and characteristics property names for windows binary file in convert_pattern.py
* Handle HTTPSession(HTTPClientRequest), NetworkPacket(ICMP), NetworkSocket
* Handle non-String properties in convert_http_network_connection_extension
* Added tests for new objects
* Fix campaign alias
* Remove dns_query from stix conversion. Warn message instead.
* Register markings by object and id. Don't try to create markings from idref cases
* If markings have id re-use them instead of creating new id
* Added some messages to signal skipped markings.
* Make adjustments to handle UTF-8 content.
* Ignore case for STIX 1.x conditions
* Gracefully handle unexpected formatting in STIX 1.x IDs
* Make find_dir more efficient
1.1.3 - 2018-06-15
* Fix old links for Pypi in documentation
* When running development scripts, use a higher recursion limit
* When testing - if a difference was found find the location
* Run validator all the time, not just when the policy is strict
* Fix extension properties and type names - they need to use -, not _ and in patterns extension properties names should be quoted if they contain a -
* Make sure external references had a source name, even if you use 'unknown'
1.1.2 - 2018-06-01
* Create read-the-docs pages
* Handle empty lists in add_string_property_to_description
* Removed roles property conversion in Identity
* Handle the name of the identity differently when converting a threat actor
* Store indicators from report temporariliy in the indicators property of the bundle (fixes #102)
* Published is a required property on Report so use the created property
* Update setup.py with required metadata
1.1.1 - 2018-04-04
* Process Timestamps in make_constant
* Process data markings not handled by the elevator
- If no model is defined, elevator will error off in xml parser
- added option --markings_allowed. Can be used to avoid an error exit on a defined data marking (i.e., parseable)
in convert_marking_specification
* Handle some related objects
* Handle multiple collapsed comparison expression
* Remember mappings between objects and observables
* Fixed REs for StartsWith and Contains
* No need to pass in bundle_instance when creating patterns
* Fixed import of AIS data markings, also made it unconditional
* Create coverage.rst
1.1.0 - 2018-03-23
* Warn about maec content
* fix win-registry-key issue
* Bump to latest stixmarx.
* Drop support for Python 3.3
* Clear cybox caches once per elevate call
* Don't validate on no policy
* Update Tox configuration and and fix logging problem
* Added python-stix2 as a dependency
* Pattern expression classes
* Support silent option in validator
* Add support for Python 3.6
* Handle Constants and ObjectPaths
* added demorgan's rule stuff to handle boolean expression special case for ranges
* fix __str__ methods
* Clean up global variables, and made sure they were all reinitialized for each new file.
1.0.0 - 2017-05-25
* Support for the most current version of the STIX specification (WD02)
* Data marking support (TLP, Statement (TOU, Simple), AIS)
* More complete support for:
- Email
- Sightings
- Files
- Cyber observable relationships
- Network Traffic
* More options on the command line
- output-directory (this option is available for running the elevator for multiple files)
capture output of for each conversion in a file in this directory
- policy
no_policy (default) – output converted content, regardless of correctness.
strict_policy – no converted content is produced if any (not disabled) log messages are produced
or the resulting content is not valid STIX
- log-level
DEBUG, INFO, WARN, ERROR, CRITICAL
0.2.0 - 2017-02-03
beta release
0.2.0 -