update stix generator for OpenCTI compatability

CODE/DISARM-STIX2/objects/identity.py

@@ -13,4 +13,4 @@ def make_disarm_identity():
         identity_class="organization",
         description="DISARM is a framework designed for describing and understanding disinformation incidents.",
     )
-    return identity
+    return [identity]

CODE/DISARM-STIX2/objects/marking_definition.py

@@ -2,10 +2,11 @@ from stix2 import MarkingDefinition, StatementMarking
 from objects import identity
 
 
-def make_disarm_marking_definition():
+def make_disarm_marking_definition(identity_id):
     marking_definition = MarkingDefinition(
         definition_type="statement",
-        created_by_ref=identity.make_disarm_identity(),
+        created_by_ref=identity_id,
+        name="DISARM Foundation",
         definition=StatementMarking(statement="CC-BY-SA-4.0 DISARM Foundation")
     )
-    return marking_definition
+    return [marking_definition]

CODE/DISARM-STIX2/objects/relationship.py

@@ -1,7 +1,7 @@
 from stix2 import Relationship, properties, ExternalReference
 
 
-def make_disarm_subtechnique_relationship(source, target):
+def make_disarm_subtechnique_relationship(source, target, marking_id):
     """Creates a relationship between the parent technique and sub-technique.
 
     Args:
@@ -15,13 +15,15 @@ def make_disarm_subtechnique_relationship(source, target):
     relationship = Relationship(
         source_ref=source,
         target_ref=target,
-        relationship_type="subtechnique-of"
+        description="",
+        relationship_type="subtechnique-of",
+        object_marking_refs=marking_id
     )
 
     return relationship
 
 
-def make_disarm_subtechnique_relationships(techniques):
+def make_disarm_subtechnique_relationships(techniques, marking_id):
     """Creates a map of technique and sub-technique.
 
     Args:
@@ -39,7 +41,7 @@ def make_disarm_subtechnique_relationships(techniques):
     for technique in techniques:
         if technique["x_mitre_is_subtechnique"]:
             technique_id = technique_ids[technique["external_references"][0]["external_id"].split(".")[0]]
-            relationship = make_disarm_subtechnique_relationship(technique["id"], technique_id)
+            relationship = make_disarm_subtechnique_relationship(technique["id"], technique_id, marking_id)
             relationships.append(relationship)
 
     return relationships

CODE/DISARM-STIX2/objects/tactic.py

@@ -21,7 +21,7 @@ class Tactic(object):
             raise ValueError("'%s' is not a recognized DISARM Tactic." % x_mitre_shortname)
 
 
-def make_disarm_tactics(data):
+def make_disarm_tactics(data, identity_id, marking_id):
     """Create all DISARM tactic objects.
 
     Args:
@@ -46,10 +46,11 @@ def make_disarm_tactics(data):
             description=f"{t[5]}",
             x_mitre_shortname=f'{t[1].lower().replace(" ", "-")}',
             external_references=external_references,
-            object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
-            created_by_ref=objects.identity.make_disarm_identity()
+            object_marking_refs=marking_id,
+            created_by_ref=identity_id
         )
 
         tactics.append(tactic)
 
     return tactics
+

CODE/DISARM-STIX2/objects/technique.py

@@ -4,7 +4,7 @@ import pandas as pd
 from objects import identity, marking_definition
 
 
-def make_disarm_techniques(data):
+def make_disarm_techniques(data, identity_id, marking_id):
     """Create all DISARM Techniques objects.
 
     Args:
@@ -20,7 +20,7 @@ def make_disarm_techniques(data):
         external_references = [
             {
                 'external_id': f'{t[0]}'.strip(),
-                'source_name': 'DISARM',
+                'source_name': 'mitre-attack',
                 'url': f'https://github.com/DISARMFoundation/DISARM_framework/blob/master/techniques/{t[0]}.md'
             }
         ]
@@ -45,12 +45,12 @@ def make_disarm_techniques(data):
             name=f"{t[1]}",
             description=f"{t[4]}",
             external_references=external_references,
-            object_marking_refs=objects.marking_definition.make_disarm_marking_definition(),
-            created_by_ref=objects.identity.make_disarm_identity(),
+            object_marking_refs=marking_id,
+            created_by_ref=identity_id,
             kill_chain_phases=kill_chain_phases,
             custom_properties={
                 'x_mitre_platforms': x_mitre_platforms,
-                'x_mitre_version': "1.0",
+                'x_mitre_version': "2.1",
                 'x_mitre_is_subtechnique': x_mitre_is_subtechnique
             }
         )