From 9f889f119f9256013178ea133e1dde6447b17e6d Mon Sep 17 00:00:00 2001 From: YuvHayun Date: Sun, 11 Jun 2023 12:43:29 +0300 Subject: [PATCH 1/3] fixes --- .../Integrations/TAXII2Server/TAXII2Server.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.py b/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.py index 22602dc14690..4bafbd2af9f6 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.py +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.py @@ -913,12 +913,9 @@ def create_extension_definition(object_type, extensions_dict, xsoar_type, the updated Stix object, its extension and updated extensions_dict. """ extension_definition = {} - if object_type in extensions_dict: - extension_id = extensions_dict.get(object_type, {}).get('extension_id') - xsoar_indicator_to_return = extensions_dict.get(object_type, {}).get('xsoar_indicator_to_return') - else: - xsoar_indicator_to_return['extension_type'] = 'property_extension' - extension_id = f'extension-definition--{uuid.uuid4()}' + xsoar_indicator_to_return['extension_type'] = 'property_extension' + extension_id = f'extension-definition--{uuid.uuid4()}' + if object_type not in extensions_dict: extension_definition = { 'id': extension_id, 'type': 'extension-definition', @@ -934,7 +931,7 @@ def create_extension_definition(object_type, extensions_dict, xsoar_type, 'version': '1.0', 'extension_types': ['property-extension'] } - extensions_dict[object_type] = {'extension_id': extension_id, 'xsoar_indicator_to_return': xsoar_indicator_to_return} + extensions_dict[object_type] = True stix_object['extensions'] = { extension_id: xsoar_indicator_to_return } From 0f1bda823c748275a7d660f3f633dfa9bd419366 Mon Sep 17 00:00:00 2001 From: YuvHayun Date: Sun, 11 Jun 2023 13:12:17 +0300 Subject: [PATCH 2/3] fixes --- Packs/TAXIIServer/ReleaseNotes/2_0_37.md | 6 ++++++ Packs/TAXIIServer/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/TAXIIServer/ReleaseNotes/2_0_37.md diff --git a/Packs/TAXIIServer/ReleaseNotes/2_0_37.md b/Packs/TAXIIServer/ReleaseNotes/2_0_37.md new file mode 100644 index 000000000000..e173de794f3f --- /dev/null +++ b/Packs/TAXIIServer/ReleaseNotes/2_0_37.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### TAXII2 Server + +- Fixed an issue where the same extension was shown to all objects. diff --git a/Packs/TAXIIServer/pack_metadata.json b/Packs/TAXIIServer/pack_metadata.json index f0c188bb9791..73b2a8b72e40 100644 --- a/Packs/TAXIIServer/pack_metadata.json +++ b/Packs/TAXIIServer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "TAXII Server", "description": "This pack provides TAXII Services for system indicators (Outbound feed).", "support": "xsoar", - "currentVersion": "2.0.36", + "currentVersion": "2.0.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From e07ffea8ee41d900e15676ff06b2df83790a1926 Mon Sep 17 00:00:00 2001 From: YuvHayun Date: Sun, 11 Jun 2023 15:27:29 +0300 Subject: [PATCH 3/3] test fixes --- .../TAXII2Server/TAXII2Server.yml | 2 +- .../TAXII2Server/test_data/objects20.json | 24 +- .../test_data/objects21_domain.json | 52 +-- .../test_data/objects21_file.json | 300 +++++++++--------- .../test_data/objects21_malware.json | 76 ++--- .../test_data/objects21_spec_fields_file.json | 258 +++++++-------- Packs/TAXIIServer/ReleaseNotes/2_0_37.md | 1 + 7 files changed, 356 insertions(+), 357 deletions(-) diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.yml b/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.yml index 4a95ed6ba926..e50f106dcd88 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.yml +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/TAXII2Server.yml @@ -147,7 +147,7 @@ script: - contextPath: TAXIIServer.ServerInfo.description description: The server description type: String - dockerimage: demisto/flask-nginx:1.0.0.61723 + dockerimage: demisto/flask-nginx:1.0.0.62970 feed: false isfetch: false longRunning: true diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects20.json b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects20.json index bffd4bb358ea..9579c1834bdc 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects20.json +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects20.json @@ -112,14 +112,14 @@ "service": "Daily Threat Feed" }, "aggregatedReliability": "A - Completely reliable", - "calculatedTime": "2021-12-08T09:32:24.104143+02:00", + "calculatedTime": "2021-12-08T09:32:24.102219+02:00", "comments": [ { "category": "Sighting", "content": "Sighted", - "created": "2021-12-08T12:05:28.570995+02:00", + "created": "2021-12-08T12:05:28.566272+02:00", "entryId": "", - "id": "f814296f-6dca-4c88-86ad-68fd3871ecfa", + "id": "ed12a2bf-8aea-4492-8181-975f456d303f", "modified": "0001-01-01T00:00:00Z", "sortValues": null, "source": "Some Feed.Some Feed_instance_1", @@ -135,7 +135,7 @@ "expirationPolicy": "indicatorType", "instance": "Some Feed_instance_1", "moduleId": "fd8269e7-5ffa-4888-8ca8-bfe5eae78e15", - "setTime": "2021-12-08T12:05:28.570985+02:00", + "setTime": "2021-12-08T12:05:28.566261+02:00", "source": "indicatorType", "user": "" }, @@ -143,11 +143,11 @@ "extension_type": "property_extension", "firstSeen": "0001-01-01T00:00:00Z", "firstSeenEntryID": "API", - "id": "5188347", + "id": "5188266", "indicator_type": "IP", "lastSeen": "0001-01-01T00:00:00Z", "lastSeenEntryID": "API", - "modified": "2021-12-08T12:05:28.617414+02:00", + "modified": "2021-12-08T12:05:28.615431+02:00", "modifiedTime": "2021-12-08T12:05:11+02:00", "moduleToFeedMap": { "fd8269e7-5ffa-4888-8ca8-bfe5eae78e15": { @@ -157,7 +157,7 @@ "expirationPolicy": "indicatorType", "instance": "Some Feed_instance_1", "moduleId": "fd8269e7-5ffa-4888-8ca8-bfe5eae78e15", - "setTime": "2021-12-08T12:05:28.570985+02:00", + "setTime": "2021-12-08T12:05:28.566261+02:00", "source": "indicatorType", "user": "" }, @@ -182,13 +182,13 @@ "sourceInstance": "Some Feed_instance_1", "timestamp": "0001-01-01T00:00:00Z", "type": "IP", - "value": "8.8.8.8" + "value": "1.1.1.1" } }, "score": 3, "sortValues": [ - " \u0001\u0016_-f0\u000b\u0019Q\u0018", - "5188347" + " \u0001\u0016_-f0\n$\u0019x", + "5188266" ], "sourceBrands": [ "Some Feed" @@ -196,8 +196,8 @@ "sourceInstances": [ "Some Feed_instance_1" ], - "timestamp": "2021-12-08T09:32:24.104143+02:00", - "value": "8.8.8.8", + "timestamp": "2021-12-08T09:32:24.102219+02:00", + "value": "1.1.1.1", "version": 15 } }, diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_domain.json b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_domain.json index 551c26e353c6..8c076e6cdf30 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_domain.json +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_domain.json @@ -7,14 +7,14 @@ "description": "", "extensions": { "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "calculatedTime": "2021-12-19T16:11:15.523598+02:00", + "calculatedTime": "2021-12-19T16:11:15.523761+02:00", "comments": [ { "category": "Sighting", "content": "Created", - "created": "2021-12-19T16:11:15.41092+02:00", + "created": "2021-12-19T16:11:15.375887+02:00", "entryId": "", - "id": "644e8ef8-de0a-45bd-8f48-41a88200982a", + "id": "c44a5b3b-e508-4ac6-8881-c5dd7d118946", "modified": "0001-01-01T00:00:00Z", "sortValues": null, "source": "@DBot", @@ -29,31 +29,31 @@ "expirationPolicy": "never", "instance": "", "moduleId": "", - "setTime": "2021-12-19T16:11:15.410878+02:00", + "setTime": "2021-12-19T16:11:15.375855+02:00", "source": "indicatorType", "user": "" }, "expirationStatus": "active", "extension_type": "property_extension", - "firstSeen": "2021-12-19T16:11:15.523598+02:00", + "firstSeen": "2021-12-19T16:11:15.523762+02:00", "firstSeenEntryID": "8072@e99f97d1-7225-4c75-896c-3c960febbe8c", - "id": "5212677", + "id": "5212669", "indicator_type": "Attack Pattern", "investigationIDs": [ "e99f97d1-7225-4c75-896c-3c960febbe8c" ], - "lastReputationRun": "2021-12-19T16:11:15.410938+02:00", - "lastSeen": "2021-12-19T16:11:15.523598+02:00", + "lastReputationRun": "2021-12-19T16:11:15.375909+02:00", + "lastSeen": "2021-12-19T16:11:15.523761+02:00", "lastSeenEntryID": "8072@e99f97d1-7225-4c75-896c-3c960febbe8c", - "modified": "2021-12-19T16:11:15.53072+02:00", + "modified": "2021-12-19T16:11:15.530455+02:00", "score": 0, "sortValues": [ - " \u0001\u0016a\u000b+\u0013<3-0", - "5212677" + " \u0001\u0016a\u000b+\u0013<=&h", + "5212669" ], "source": "DBot", - "timestamp": "2021-12-19T16:11:15.530719+02:00", - "value": "T1195", + "timestamp": "2021-12-19T16:11:15.530454+02:00", + "value": "T1071.004", "version": 1 } }, @@ -68,14 +68,14 @@ "description": "", "extensions": { "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "calculatedTime": "2021-12-19T16:11:15.523598+02:00", + "calculatedTime": "2021-12-19T16:11:15.523545+02:00", "comments": [ { "category": "Sighting", "content": "Created", - "created": "2021-12-19T16:11:15.41092+02:00", + "created": "2021-12-19T16:11:15.382832+02:00", "entryId": "", - "id": "644e8ef8-de0a-45bd-8f48-41a88200982a", + "id": "fcb648ae-cc62-4a62-8850-c41ef862d2d8", "modified": "0001-01-01T00:00:00Z", "sortValues": null, "source": "@DBot", @@ -90,31 +90,31 @@ "expirationPolicy": "never", "instance": "", "moduleId": "", - "setTime": "2021-12-19T16:11:15.410878+02:00", + "setTime": "2021-12-19T16:11:15.382816+02:00", "source": "indicatorType", "user": "" }, "expirationStatus": "active", "extension_type": "property_extension", - "firstSeen": "2021-12-19T16:11:15.523598+02:00", + "firstSeen": "2021-12-19T16:11:15.523545+02:00", "firstSeenEntryID": "8072@e99f97d1-7225-4c75-896c-3c960febbe8c", - "id": "5212677", + "id": "5212676", "indicator_type": "Attack Pattern", "investigationIDs": [ "e99f97d1-7225-4c75-896c-3c960febbe8c" ], - "lastReputationRun": "2021-12-19T16:11:15.410938+02:00", - "lastSeen": "2021-12-19T16:11:15.523598+02:00", + "lastReputationRun": "2021-12-19T16:11:15.382836+02:00", + "lastSeen": "2021-12-19T16:11:15.523545+02:00", "lastSeenEntryID": "8072@e99f97d1-7225-4c75-896c-3c960febbe8c", - "modified": "2021-12-19T16:11:15.53072+02:00", + "modified": "2021-12-19T16:11:15.530696+02:00", "score": 0, "sortValues": [ - " \u0001\u0016a\u000b+\u0013<3-0", - "5212677" + " \u0001\u0016a\u000b+\u0013<0\u000f(", + "5212676" ], "source": "DBot", - "timestamp": "2021-12-19T16:11:15.530719+02:00", - "value": "T1195", + "timestamp": "2021-12-19T16:11:15.530695+02:00", + "value": "T1105", "version": 1 } }, diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_file.json b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_file.json index 6a5b6a6db454..5e933a8a7189 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_file.json +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_file.json @@ -1,153 +1,151 @@ { - "more": true, - "next": "3", - "objects": [ - { - "created": "2021-12-28T14:58:19.712448Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "CustomFields": { - "sha1": "2222222222222222222222222222222222222222" - }, - "calculatedTime": "2021-12-28T14:58:19.704369+02:00", - "comments": [ - { - "category": "Sighting", - "content": "Created", - "created": "2021-12-28T14:58:19.627304+02:00", - "entryId": "", - "id": "c49a6bf4-8eb2-4a53-816a-a7b6b3fc1fc4", - "modified": "0001-01-01T00:00:00Z", - "sortValues": null, - "source": "@DBot", - "type": "IndicatorCommentTimeLine", - "user": "@DBot", - "version": 0 - } - ], - "expirationSource": { - "brand": "", - "expirationInterval": 0, - "expirationPolicy": "never", - "instance": "", - "moduleId": "", - "setTime": "2021-12-28T14:58:19.627296+02:00", - "source": "indicatorType", - "user": "" - }, - "expirationStatus": "active", - "extension_type": "property_extension", - "firstSeen": "2021-12-28T14:58:19.70437+02:00", - "firstSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", - "id": "5214274", - "indicator_type": "File", - "investigationIDs": [ - "e99f97d1-7225-4c75-896c-3c960febbe8c" - ], - "lastReputationRun": "2021-12-28T14:58:19.002986+02:00", - "lastSeen": "2021-12-28T14:58:19.704369+02:00", - "lastSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", - "modified": "2021-12-28T14:58:19.711497+02:00", - "score": 0, - "sortValues": [ - " \u0001\u0016b;\u0012x\u00014~h", - "5214274" - ], - "source": "DBot", - "timestamp": "2021-12-28T14:58:19.711496+02:00", - "value": "2222222222222222222222222222222222222222", - "version": 1 - } - }, - "hashes": { - "SHA-1": "1111111111111111111111111111111111111111" - }, - "id": "file--a8b26730-1daf-57e7-9c48-02c6481f82a0", - "modified": "2021-12-28T14:58:19.712449Z", - "spec_version": "2.1", - "type": "file" - - }, - { - "created": "2021-12-28T14:58:19.711459Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "CustomFields": { - "sha1": "2222222222222222222222222222222222222222" - }, - "calculatedTime": "2021-12-28T14:58:19.704369+02:00", - "comments": [ - { - "category": "Sighting", - "content": "Created", - "created": "2021-12-28T14:58:19.627304+02:00", - "entryId": "", - "id": "c49a6bf4-8eb2-4a53-816a-a7b6b3fc1fc4", - "modified": "0001-01-01T00:00:00Z", - "sortValues": null, - "source": "@DBot", - "type": "IndicatorCommentTimeLine", - "user": "@DBot", - "version": 0 - } - ], - "expirationSource": { - "brand": "", - "expirationInterval": 0, - "expirationPolicy": "never", - "instance": "", - "moduleId": "", - "setTime": "2021-12-28T14:58:19.627296+02:00", - "source": "indicatorType", - "user": "" - }, - "expirationStatus": "active", - "extension_type": "property_extension", - "firstSeen": "2021-12-28T14:58:19.70437+02:00", - "firstSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", - "id": "5214274", - "indicator_type": "File", - "investigationIDs": [ - "e99f97d1-7225-4c75-896c-3c960febbe8c" - ], - "lastReputationRun": "2021-12-28T14:58:19.002986+02:00", - "lastSeen": "2021-12-28T14:58:19.704369+02:00", - "lastSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", - "modified": "2021-12-28T14:58:19.711497+02:00", - "score": 0, - "sortValues": [ - " \u0001\u0016b;\u0012x\u00014~h", - "5214274" - ], - "source": "DBot", - "timestamp": "2021-12-28T14:58:19.711496+02:00", - "value": "2222222222222222222222222222222222222222", - "version": 1 - } - }, - "hashes": { - "SHA-1": "3333333333333333333333333333333333333333" - }, - "id": "file--427204f1-558f-5703-b72a-a769445c4281", - "modified": "2021-12-28T14:58:19.711461Z", - "spec_version": "2.1", - "type": "file" - - }, - { - "created": "2021-12-28T14:58:19.711496Z", - "created_by_ref": "identity--749249c0-f7c7-5428-a4ad-ea5e1627a221", - "description": "This schema adds TIM data to the object", - "extension_types": [ - "property-extension" - ], - "id": "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777", - "modified": "2021-12-28T14:58:19.711497Z", - "name": "Cortex XSOAR TIM File", - "schema": "https://github.com/demisto/content/blob/4265bd5c71913cd9d9ed47d9c37d0d4d3141c3eb/Packs/TAXIIServer/doc_files/XSOAR_indicator_schema.json", - "spec_version": "2.1", - "type": "extension-definition", - "version": "1.0" - } - ] + "more": true, + "next": "3", + "objects": [ + { + "created": "2021-12-28T14:58:19.712448Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "CustomFields": { + "sha1": "1111111111111111111111111111111111111111" + }, + "calculatedTime": "2021-12-28T14:58:19.704886+02:00", + "comments": [ + { + "category": "Sighting", + "content": "Created", + "created": "2021-12-28T14:58:19.625554+02:00", + "entryId": "", + "id": "df0430b7-42ed-4900-8a3c-776752d6baf5", + "modified": "0001-01-01T00:00:00Z", + "sortValues": null, + "source": "@DBot", + "type": "IndicatorCommentTimeLine", + "user": "@DBot", + "version": 0 + } + ], + "expirationSource": { + "brand": "", + "expirationInterval": 0, + "expirationPolicy": "never", + "instance": "", + "moduleId": "", + "setTime": "2021-12-28T14:58:19.625546+02:00", + "source": "indicatorType", + "user": "" + }, + "expirationStatus": "active", + "extension_type": "property_extension", + "firstSeen": "2021-12-28T14:58:19.704886+02:00", + "firstSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", + "id": "5214325", + "indicator_type": "File", + "investigationIDs": [ + "e99f97d1-7225-4c75-896c-3c960febbe8c" + ], + "lastReputationRun": "2021-12-28T14:58:18.991562+02:00", + "lastSeen": "2021-12-28T14:58:19.704886+02:00", + "lastSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", + "modified": "2021-12-28T14:58:19.712449+02:00", + "score": 0, + "sortValues": [ + " \u0001\u0016b;\u0012x\u0001TEp", + "5214325" + ], + "source": "DBot", + "timestamp": "2021-12-28T14:58:19.712448+02:00", + "value": "1111111111111111111111111111111111111111", + "version": 1 + } + }, + "hashes": { + "SHA-1": "1111111111111111111111111111111111111111" + }, + "id": "file--a8b26730-1daf-57e7-9c48-02c6481f82a0", + "modified": "2021-12-28T14:58:19.712449Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.711459Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "CustomFields": { + "sha1": "3333333333333333333333333333333333333333" + }, + "calculatedTime": "2021-12-28T14:58:19.703576+02:00", + "comments": [ + { + "category": "Sighting", + "content": "Created", + "created": "2021-12-28T14:58:19.622504+02:00", + "entryId": "", + "id": "aa194f38-baa6-4818-8ad1-619570a1399b", + "modified": "0001-01-01T00:00:00Z", + "sortValues": null, + "source": "@DBot", + "type": "IndicatorCommentTimeLine", + "user": "@DBot", + "version": 0 + } + ], + "expirationSource": { + "brand": "", + "expirationInterval": 0, + "expirationPolicy": "never", + "instance": "", + "moduleId": "", + "setTime": "2021-12-28T14:58:19.622495+02:00", + "source": "indicatorType", + "user": "" + }, + "expirationStatus": "active", + "extension_type": "property_extension", + "firstSeen": "2021-12-28T14:58:19.703576+02:00", + "firstSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", + "id": "5214272", + "indicator_type": "File", + "investigationIDs": [ + "e99f97d1-7225-4c75-896c-3c960febbe8c" + ], + "lastReputationRun": "2021-12-28T14:58:18.991725+02:00", + "lastSeen": "2021-12-28T14:58:19.703576+02:00", + "lastSeenEntryID": "8204@e99f97d1-7225-4c75-896c-3c960febbe8c", + "modified": "2021-12-28T14:58:19.711461+02:00", + "score": 0, + "sortValues": [ + " \u0001\u0016b;\u0012x\u0001\u0004K@", + "5214272" + ], + "source": "DBot", + "timestamp": "2021-12-28T14:58:19.711459+02:00", + "value": "3333333333333333333333333333333333333333", + "version": 1 + } + }, + "hashes": { + "SHA-1": "3333333333333333333333333333333333333333" + }, + "id": "file--427204f1-558f-5703-b72a-a769445c4281", + "modified": "2021-12-28T14:58:19.711461Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.711496Z", + "created_by_ref": "identity--749249c0-f7c7-5428-a4ad-ea5e1627a221", + "description": "This schema adds TIM data to the object", + "extension_types": [ + "property-extension" + ], + "id": "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777", + "modified": "2021-12-28T14:58:19.711497Z", + "name": "Cortex XSOAR TIM File", + "schema": "https://github.com/demisto/content/blob/4265bd5c71913cd9d9ed47d9c37d0d4d3141c3eb/Packs/TAXIIServer/doc_files/XSOAR_indicator_schema.json", + "spec_version": "2.1", + "type": "extension-definition", + "version": "1.0" + } + ] } \ No newline at end of file diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_malware.json b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_malware.json index 87d395422690..7365c7c8cfaf 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_malware.json +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_malware.json @@ -8,24 +8,24 @@ "extensions": { "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { "CustomFields": { - "description": "Malware2 ransomware was first observed in February 2021 and is a variant of a known strain called Thanos. Thanos ransomware was advertised for sale on underground forums, where it had a builder that allowed actors to customize a sample with a wide variety of available settings. This suggests that different threat actors may have leveraged this builder to create their own variants and brands.", - "firstseenbysource": "2021-06-03T20:33:37.893+03:00", + "description": "Ursnif is commonly considered to be a banking trojan but has evolved to become a multifunction trojan.", + "firstseenbysource": "2020-11-11T16:56:57.312+02:00", "killchainphases": null, "malwaretypes": null, - "stixid": "malware--9d8c0621-31ce-4dc5-891a-70d62d274f18", + "stixid": "malware--a8021bb7-b635-4960-ac3b-b99442e98f99", "tags": [ - "ransomware" + "remote-access-trojan" ] }, "aggregatedReliability": "F - Reliability cannot be judged", - "calculatedTime": "2021-12-15T16:37:46.397765+02:00", + "calculatedTime": "2021-12-15T16:37:46.39856+02:00", "comments": [ { "category": "Sighting", "content": "Created", - "created": "2021-12-15T16:37:46.373+02:00", + "created": "2021-12-15T16:37:46.374438+02:00", "entryId": "", - "id": "5c599efe-4f74-48c2-8e52-f14ead6b7332", + "id": "7cbe9776-41d7-4216-8d5d-0ddc83f57cdd", "modified": "0001-01-01T00:00:00Z", "sortValues": null, "source": "Some Feed.Some Feed_instance_1", @@ -40,7 +40,7 @@ "expirationPolicy": "never", "instance": "Some Feed_instance_1", "moduleId": "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6", - "setTime": "2021-12-16T17:41:14.668497+02:00", + "setTime": "2021-12-16T17:41:14.673816+02:00", "source": "indicatorType", "user": "" }, @@ -48,11 +48,11 @@ "extension_type": "property_extension", "firstSeen": "0001-01-01T00:00:00Z", "firstSeenEntryID": "API", - "id": "5203666", + "id": "5203698", "indicator_type": "Malware", "lastSeen": "0001-01-01T00:00:00Z", "lastSeenEntryID": "API", - "modified": "2021-12-16T17:41:14.749012+02:00", + "modified": "2021-12-16T17:41:14.75805+02:00", "modifiedTime": "2021-12-16T17:40:45+02:00", "moduleToFeedMap": { "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6": { @@ -62,7 +62,7 @@ "expirationPolicy": "never", "instance": "Some Feed_instance_1", "moduleId": "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6", - "setTime": "2021-12-16T17:41:14.668497+02:00", + "setTime": "2021-12-16T17:41:14.673816+02:00", "source": "indicatorType", "user": "" }, @@ -73,13 +73,13 @@ "expirationPolicy": "indicatorType", "fetchTime": "2021-12-16T17:40:45+02:00", "fields": { - "description": "Malware2 ransomware was first observed in February 2021 and is a variant of a known strain called Thanos. Thanos ransomware was advertised for sale on underground forums, where it had a builder that allowed actors to customize a sample with a wide variety of available settings. This suggests that different threat actors may have leveraged this builder to create their own variants and brands.", - "firstseenbysource": "2021-06-03T20:33:37.893+03:00", + "description": "Ursnif is commonly considered to be a banking trojan but has evolved to become a multifunction trojan.", + "firstseenbysource": "2020-11-11T16:56:57.312+02:00", "killchainphases": [], "malwaretypes": [], - "stixid": "malware--9d8c0621-31ce-4dc5-891a-70d62d274f18", + "stixid": "malware--a8021bb7-b635-4960-ac3b-b99442e98f99", "tags": [ - "ransomware" + "remote-access-trojan" ] }, "isEnrichment": false, @@ -94,13 +94,13 @@ "sourceInstance": "Some Feed_instance_1", "timestamp": "0001-01-01T00:00:00Z", "type": "Malware", - "value": "Malware2" + "value": "Malware1" } }, "score": 3, "sortValues": [ - " \u0001\u0016`=\u000f\u0015N8[\b", - "5203666" + " \u0001\u0016`=\u000f\u0015Ni\u001e\u0000", + "5203698" ], "sourceBrands": [ "Some Feed" @@ -108,8 +108,8 @@ "sourceInstances": [ "Some Feed_instance_1" ], - "timestamp": "2021-12-15T16:37:46.397765+02:00", - "value": "Malware2", + "timestamp": "2021-12-15T16:37:46.39856+02:00", + "value": "Malware1", "version": 3 } }, @@ -125,24 +125,24 @@ "extensions": { "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { "CustomFields": { - "description": "Malware2 ransomware was first observed in February 2021 and is a variant of a known strain called Thanos. Thanos ransomware was advertised for sale on underground forums, where it had a builder that allowed actors to customize a sample with a wide variety of available settings. This suggests that different threat actors may have leveraged this builder to create their own variants and brands.", - "firstseenbysource": "2021-06-03T20:33:37.893+03:00", + "description": "HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting Windows systems. The malware family got its name due to its use of a Mutex with the same name: HelloKittyMutex. The ransomware samples seem to evolve quickly and frequently, with different versions making use of the .crypted or .kitty file extensions for encrypted files.", + "firstseenbysource": "2021-08-23T21:53:59.743+03:00", "killchainphases": null, "malwaretypes": null, - "stixid": "malware--9d8c0621-31ce-4dc5-891a-70d62d274f18", + "stixid": "malware--ed25c578-1450-4ca7-98f9-3418a13e2692", "tags": [ "ransomware" ] }, "aggregatedReliability": "F - Reliability cannot be judged", - "calculatedTime": "2021-12-15T16:37:46.397765+02:00", + "calculatedTime": "2021-12-15T16:37:46.397313+02:00", "comments": [ { "category": "Sighting", "content": "Created", - "created": "2021-12-15T16:37:46.373+02:00", + "created": "2021-12-15T16:37:46.370342+02:00", "entryId": "", - "id": "5c599efe-4f74-48c2-8e52-f14ead6b7332", + "id": "206ea928-29c3-4bc4-8fc9-063ee26e1afc", "modified": "0001-01-01T00:00:00Z", "sortValues": null, "source": "Some Feed.Some Feed_instance_1", @@ -157,7 +157,7 @@ "expirationPolicy": "never", "instance": "Some Feed_instance_1", "moduleId": "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6", - "setTime": "2021-12-16T17:41:14.668497+02:00", + "setTime": "2021-12-16T17:41:14.672628+02:00", "source": "indicatorType", "user": "" }, @@ -165,11 +165,11 @@ "extension_type": "property_extension", "firstSeen": "0001-01-01T00:00:00Z", "firstSeenEntryID": "API", - "id": "5203666", + "id": "5203647", "indicator_type": "Malware", "lastSeen": "0001-01-01T00:00:00Z", "lastSeenEntryID": "API", - "modified": "2021-12-16T17:41:14.749012+02:00", + "modified": "2021-12-16T17:41:14.747256+02:00", "modifiedTime": "2021-12-16T17:40:45+02:00", "moduleToFeedMap": { "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6": { @@ -179,7 +179,7 @@ "expirationPolicy": "never", "instance": "Some Feed_instance_1", "moduleId": "eaa0fba8-6e33-40f7-8147-f3e8e4d861f6", - "setTime": "2021-12-16T17:41:14.668497+02:00", + "setTime": "2021-12-16T17:41:14.672628+02:00", "source": "indicatorType", "user": "" }, @@ -190,11 +190,11 @@ "expirationPolicy": "indicatorType", "fetchTime": "2021-12-16T17:40:45+02:00", "fields": { - "description": "Malware2 ransomware was first observed in February 2021 and is a variant of a known strain called Thanos. Thanos ransomware was advertised for sale on underground forums, where it had a builder that allowed actors to customize a sample with a wide variety of available settings. This suggests that different threat actors may have leveraged this builder to create their own variants and brands.", - "firstseenbysource": "2021-06-03T20:33:37.893+03:00", + "description": "HelloKitty is a ransomware family that first surfaced at the end of 2020, primarily targeting Windows systems. The malware family got its name due to its use of a Mutex with the same name: HelloKittyMutex. The ransomware samples seem to evolve quickly and frequently, with different versions making use of the .crypted or .kitty file extensions for encrypted files.", + "firstseenbysource": "2021-08-23T21:53:59.743+03:00", "killchainphases": [], "malwaretypes": [], - "stixid": "malware--9d8c0621-31ce-4dc5-891a-70d62d274f18", + "stixid": "malware--ed25c578-1450-4ca7-98f9-3418a13e2692", "tags": [ "ransomware" ] @@ -211,13 +211,13 @@ "sourceInstance": "Some Feed_instance_1", "timestamp": "0001-01-01T00:00:00Z", "type": "Malware", - "value": "Malware2" + "value": "Hello Kitty" } }, "score": 3, "sortValues": [ - " \u0001\u0016`=\u000f\u0015N8[\b", - "5203666" + " \u0001\u0016`=\u000f\u0015N\u001d\u000fh", + "5203647" ], "sourceBrands": [ "Some Feed" @@ -225,8 +225,8 @@ "sourceInstances": [ "Some Feed_instance_1" ], - "timestamp": "2021-12-15T16:37:46.397765+02:00", - "value": "Malware2", + "timestamp": "2021-12-15T16:37:46.397313+02:00", + "value": "Hello Kitty", "version": 3 } }, diff --git a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_spec_fields_file.json b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_spec_fields_file.json index f9bc3994f18e..eddc1fee02a4 100644 --- a/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_spec_fields_file.json +++ b/Packs/TAXIIServer/Integrations/TAXII2Server/test_data/objects21_spec_fields_file.json @@ -1,131 +1,131 @@ { - "objects": [ - { - "created": "2021-12-28T14:58:19.712448Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "1111111111111111111111111111111111111111" - }, - "id": "file--a8b26730-1daf-57e7-9c48-02c6481f82a0", - "modified": "2021-12-28T14:58:19.712449Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-28T14:58:19.711496Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "2222222222222222222222222222222222222222" - }, - "id": "file--e285df9f-115e-502e-b443-58942d11c74b", - "modified": "2021-12-28T14:58:19.711497Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-28T14:58:19.711459Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "3333333333333333333333333333333333333333" - }, - "id": "file--427204f1-558f-5703-b72a-a769445c4281", - "modified": "2021-12-28T14:58:19.711461Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-28T14:58:19.711239Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "4444444444444444444444444444444444444444" - }, - "id": "file--1862af80-9e6f-5bf0-a0d5-6b064bb7c64a", - "modified": "2021-12-28T14:58:19.711240Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-14T17:45:38.402950Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "5555555555555555555555555555555555555555" - }, - "id": "file--225c65f1-5912-567f-ab8d-fc81ee3267ba", - "modified": "2021-12-27T16:11:40.513923Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-14T17:45:34.792287Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "6666666666666666666666666666666666666666" - }, - "id": "file--9413764e-8054-56d5-8d9e-89facc4fecdb", - "modified": "2021-12-27T16:11:35.339540Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-14T17:45:38.397583Z", - "extensions": { - "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { - "extension_type": "property_extension", - "sha1": "1111111111111111111111111111111111111111" - } - }, - "hashes": { - "SHA-1": "7777777777777777777777777777777777777777" - }, - "id": "file--756c3d21-72f7-5c9f-ae21-069f81994c4b", - "modified": "2021-12-27T16:11:40.503074Z", - "spec_version": "2.1", - "type": "file" - }, - { - "created": "2021-12-28T14:58:19.712448Z", - "created_by_ref": "identity--749249c0-f7c7-5428-a4ad-ea5e1627a221", - "description": "This schema adds TIM data to the object", - "extension_types": [ - "property-extension" - ], - "id": "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777", - "modified": "2021-12-28T14:58:19.712449Z", - "name": "Cortex XSOAR TIM File", - "schema": "https://github.com/demisto/content/blob/4265bd5c71913cd9d9ed47d9c37d0d4d3141c3eb/Packs/TAXIIServer/doc_files/XSOAR_indicator_schema.json", - "spec_version": "2.1", - "type": "extension-definition", - "version": "1.0" - } - ] + "objects": [ + { + "created": "2021-12-28T14:58:19.712448Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "1111111111111111111111111111111111111111" + } + }, + "hashes": { + "SHA-1": "1111111111111111111111111111111111111111" + }, + "id": "file--a8b26730-1daf-57e7-9c48-02c6481f82a0", + "modified": "2021-12-28T14:58:19.712449Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.711496Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "2222222222222222222222222222222222222222" + } + }, + "hashes": { + "SHA-1": "2222222222222222222222222222222222222222" + }, + "id": "file--e285df9f-115e-502e-b443-58942d11c74b", + "modified": "2021-12-28T14:58:19.711497Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.711459Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "3333333333333333333333333333333333333333" + } + }, + "hashes": { + "SHA-1": "3333333333333333333333333333333333333333" + }, + "id": "file--427204f1-558f-5703-b72a-a769445c4281", + "modified": "2021-12-28T14:58:19.711461Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.711239Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "4444444444444444444444444444444444444444" + } + }, + "hashes": { + "SHA-1": "4444444444444444444444444444444444444444" + }, + "id": "file--1862af80-9e6f-5bf0-a0d5-6b064bb7c64a", + "modified": "2021-12-28T14:58:19.711240Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-14T17:45:38.402950Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "5555555555555555555555555555555555555555" + } + }, + "hashes": { + "SHA-1": "5555555555555555555555555555555555555555" + }, + "id": "file--225c65f1-5912-567f-ab8d-fc81ee3267ba", + "modified": "2021-12-27T16:11:40.513923Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-14T17:45:34.792287Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "6666666666666666666666666666666666666666" + } + }, + "hashes": { + "SHA-1": "6666666666666666666666666666666666666666" + }, + "id": "file--9413764e-8054-56d5-8d9e-89facc4fecdb", + "modified": "2021-12-27T16:11:35.339540Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-14T17:45:38.397583Z", + "extensions": { + "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777": { + "extension_type": "property_extension", + "sha1": "7777777777777777777777777777777777777777" + } + }, + "hashes": { + "SHA-1": "7777777777777777777777777777777777777777" + }, + "id": "file--756c3d21-72f7-5c9f-ae21-069f81994c4b", + "modified": "2021-12-27T16:11:40.503074Z", + "spec_version": "2.1", + "type": "file" + }, + { + "created": "2021-12-28T14:58:19.712448Z", + "created_by_ref": "identity--749249c0-f7c7-5428-a4ad-ea5e1627a221", + "description": "This schema adds TIM data to the object", + "extension_types": [ + "property-extension" + ], + "id": "extension-definition--1ffe4bee-95e7-4e36-9a17-f56dbab3c777", + "modified": "2021-12-28T14:58:19.712449Z", + "name": "Cortex XSOAR TIM File", + "schema": "https://github.com/demisto/content/blob/4265bd5c71913cd9d9ed47d9c37d0d4d3141c3eb/Packs/TAXIIServer/doc_files/XSOAR_indicator_schema.json", + "spec_version": "2.1", + "type": "extension-definition", + "version": "1.0" + } + ] } \ No newline at end of file diff --git a/Packs/TAXIIServer/ReleaseNotes/2_0_37.md b/Packs/TAXIIServer/ReleaseNotes/2_0_37.md index e173de794f3f..dccf85ae3321 100644 --- a/Packs/TAXIIServer/ReleaseNotes/2_0_37.md +++ b/Packs/TAXIIServer/ReleaseNotes/2_0_37.md @@ -4,3 +4,4 @@ ##### TAXII2 Server - Fixed an issue where the same extension was shown to all objects. +- Updated the Docker image to: *demisto/flask-nginx:1.0.0.62970*.