Pavel Eis authored 7 years ago and Pavel Kácha committed 2 years ago

IDEA to STIX connector refractored -- merged into one file IdeaToStix.py and simplified some constructions, fixed some mistakes, added Desription to objects of observed data object and from IDEA Node is now filled both indices to identity object.

Pavel Eis authored 7 years ago and Pavel Kácha committed 2 years ago

Suricata connector - fixed timestamp and logger setup moved before daemonization with added get_logger_files function for not closing logger file desriptors.

Pavel Eis authored 7 years ago and Pavel Kácha committed 2 years ago

Suricata connector added general script for listing all CVE's from Suricata rules files. Just run with argument --path, which leads to Suricata rules folder.

Pavel Eis authored 7 years ago and Pavel Kácha committed 2 years ago

Suricata connector - remake of IDEA categories conversion, added list of CVE's, which pairs CVE to certain suricata alert. Added logging option and some refractoring.

Remake of TP taxonomy to IDEA category conversion, added new source/target protocol TP to IDEA (IANA) conversion and some other IDEA generation fixes.

Flowmon ADS connector update. Connector now knows the specifics of several event types, parses various types of detail field, and completes/modifies resulting Idea accordingly.

IDEA to STIX connector refractored -- merged into one file IdeaToStix.py and simplified some constructions, fixed some mistakes, added Desription to objects of observed data object and from IDEA Node is now filled both indices to identity object.

Argument parsing is now looser and silently ignores additional arguments (ADS may add surplus empty strings)