anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(stix): STIX→MISP download export (per-attacker + fleet)

Browse Source 
Adds GET /api/v1/attackers/{uuid}/export/misp and
GET /api/v1/attackers/export/misp backed by misp_export.py, which
converts existing STIX bundles to MISP events via misp-stix
ExternalSTIX2toMISPParser. Fleet endpoint emits {response:[...]}
collection (one event per attacker). Frontend: STIX/MISP buttons on
AttackerDetail header and Attackers list. 13 new tests green.
This commit is contained in:
anti
2026-05-09 08:04:25 -04:00
parent 8990d9321d
commit 1200ac9132
9 changed files with 661 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pyproject.toml
View File

@@ -53,6 +53,9 @@ dependencies = [
# range tracks BEHAVE-INTEGRATION.md §"Versioning".
"decnet-behave-core>=0.1.0,<0.2",
"decnet-behave-shell>=0.1.0,<0.2",
# STIX → MISP conversion: CIRCL-maintained reference converter used by
# MISP itself. Pulls pymisp transitively (needed for MISPEvent output).
"misp-stix>=2026.4",
# MITRE ATT&CK: parse the official STIX 2.1 enterprise-attack bundle
# instead of hand-maintaining technique/tactic name dicts. stix2
# gives typed parsing; mitreattack-python ships MitreAttackData