tests/test_event2_stix20.json

{
    "type": "bundle",
    "id": "bundle--71356f2b-eefe-48db-a93a-4aa2233e3a59",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "identity",
            "id": "identity--a0c22599-9e58-4da4-96ac-7051603fa951",
            "created": "2020-10-25T16:22:00.000Z",
            "modified": "2020-10-25T16:22:00.000Z",
            "name": "MISP-Project",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "id": "report--50bf87fc-d134-499f-9e26-806cbe89ed37",
            "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951",
            "created": "2020-10-25T16:22:00.000Z",
            "modified": "2020-10-25T16:22:00.000Z",
            "name": "MISP-STIX-Converter test event with domain|ip attribute",
            "published": "2020-10-25T16:22:00Z",
            "object_refs": [
                "indicator--726f90e2-2ad6-44a2-b345-c05e55e850e5"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\""
            ]
        },
        {
            "type": "indicator",
            "id": "indicator--726f90e2-2ad6-44a2-b345-c05e55e850e5",
            "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951",
            "created": "2020-10-25T16:22:00.000Z",
            "modified": "2020-10-25T16:22:00.000Z",
            "description": "Domain|ip test attribute",
            "pattern": "[domain-name:value = 'circl.lu' AND domain-name:resolves_to_refs[*].value = '149.13.33.14']",
            "valid_from": "2020-10-25T16:22:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain|ip\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "report",
            "id": "report--71356f2b-eefe-48db-a93a-4aa2233e3a59",
            "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951",
            "created": "2020-10-25T16:22:00.000Z",
            "modified": "2020-10-25T16:22:00.000Z",
            "name": "MISP-STIX-Converter test event with filename attribute",
            "published": "2020-10-25T16:22:00Z",
            "object_refs": [
                "indicator--02de0847-dccf-481a-a96a-6a7654328658"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\""
            ]
        },
        {
            "type": "indicator",
            "id": "indicator--02de0847-dccf-481a-a96a-6a7654328658",
            "created_by_ref": "identity--a0c22599-9e58-4da4-96ac-7051603fa951",
            "created": "2020-10-25T16:22:00.000Z",
            "modified": "2020-10-25T16:22:00.000Z",
            "description": "Filename test attribute",
            "pattern": "[file:name = 'test_file_name']",
            "valid_from": "2020-10-25T16:22:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        }
    ]
}