├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── README.rst ├── input-file-error-notes ├── setup.py ├── stix2patterns_translator ├── __init__.py ├── data_models │ ├── __init__.py │ ├── base.py │ ├── car.py │ └── cim.py ├── errors.py ├── grammar │ ├── STIXPattern.g4 │ ├── STIXPattern.tokens │ ├── STIXPatternLexer.py │ ├── STIXPatternLexer.tokens │ ├── STIXPatternListener.py │ ├── STIXPatternParser.py │ ├── STIXPatternVisitor.py │ └── __init__.py ├── parser.py ├── pattern_objects.py ├── search_platforms │ ├── __init__.py │ ├── elastic_query_string.py │ ├── splunk │ │ ├── __init__.py │ │ ├── encoders.py │ │ └── object_scopers.py │ └── splunk_search.py ├── translator.py └── web_api.py ├── test.docker-compose.yml ├── tests ├── __init__.py ├── generate_test_case.py ├── helpers │ ├── connectors.py │ └── input_file_helpers.py ├── input_files │ ├── and_not_in_set.json │ ├── and_not_like.json │ ├── anded_obs_expression.json │ ├── anded_one_regex.json │ ├── anded_two_regex.json │ ├── car_2013_03_001.json │ ├── car_2013_05_002.json │ ├── car_2014_11_004.json │ ├── followedby_obs_expression.json │ ├── gt.json │ ├── gt_and.json │ ├── gt_and_gte.json │ ├── gt_and_is_equal.json │ ├── gte.json │ ├── in_set.json │ ├── like.json │ ├── like_single_char.json │ ├── lt.json │ ├── lte.json │ ├── md5_hash.json │ ├── negated_comparison.json │ ├── neq.json │ ├── not_in_set.json │ ├── not_like.json │ ├── ored_obs_expression.json │ ├── regex.json │ ├── regex_anchors.json │ ├── regex_back_anchor.json │ ├── regex_front_anchor.json │ ├── regex_no_anchors.json │ └── timestamp.json ├── integration_tests.py ├── test_analytic_translator.py ├── test_miscellaneous_tests.py └── test_web_api.py └── tox.ini /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/.gitignore -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/LICENSE -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/NOTICE -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/README.rst -------------------------------------------------------------------------------- /input-file-error-notes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/input-file-error-notes -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/setup.py -------------------------------------------------------------------------------- /stix2patterns_translator/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/__init__.py -------------------------------------------------------------------------------- /stix2patterns_translator/data_models/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/data_models/__init__.py -------------------------------------------------------------------------------- /stix2patterns_translator/data_models/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/data_models/base.py -------------------------------------------------------------------------------- /stix2patterns_translator/data_models/car.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/data_models/car.py -------------------------------------------------------------------------------- /stix2patterns_translator/data_models/cim.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/data_models/cim.py -------------------------------------------------------------------------------- /stix2patterns_translator/errors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/errors.py -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPattern.g4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPattern.g4 -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPattern.tokens: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPattern.tokens -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPatternLexer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPatternLexer.py -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPatternLexer.tokens: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPatternLexer.tokens -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPatternListener.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPatternListener.py -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPatternParser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPatternParser.py -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/STIXPatternVisitor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/STIXPatternVisitor.py -------------------------------------------------------------------------------- /stix2patterns_translator/grammar/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/grammar/__init__.py -------------------------------------------------------------------------------- /stix2patterns_translator/parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/parser.py -------------------------------------------------------------------------------- /stix2patterns_translator/pattern_objects.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/pattern_objects.py -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/search_platforms/__init__.py -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/elastic_query_string.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/search_platforms/elastic_query_string.py -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/splunk/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/splunk/encoders.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/search_platforms/splunk/encoders.py -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/splunk/object_scopers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/search_platforms/splunk/object_scopers.py -------------------------------------------------------------------------------- /stix2patterns_translator/search_platforms/splunk_search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/search_platforms/splunk_search.py -------------------------------------------------------------------------------- /stix2patterns_translator/translator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/translator.py -------------------------------------------------------------------------------- /stix2patterns_translator/web_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/stix2patterns_translator/web_api.py -------------------------------------------------------------------------------- /test.docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/test.docker-compose.yml -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/generate_test_case.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/generate_test_case.py -------------------------------------------------------------------------------- /tests/helpers/connectors.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/helpers/connectors.py -------------------------------------------------------------------------------- /tests/helpers/input_file_helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/helpers/input_file_helpers.py -------------------------------------------------------------------------------- /tests/input_files/and_not_in_set.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/and_not_in_set.json -------------------------------------------------------------------------------- /tests/input_files/and_not_like.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/and_not_like.json -------------------------------------------------------------------------------- /tests/input_files/anded_obs_expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/anded_obs_expression.json -------------------------------------------------------------------------------- /tests/input_files/anded_one_regex.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/anded_one_regex.json -------------------------------------------------------------------------------- /tests/input_files/anded_two_regex.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/anded_two_regex.json -------------------------------------------------------------------------------- /tests/input_files/car_2013_03_001.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/car_2013_03_001.json -------------------------------------------------------------------------------- /tests/input_files/car_2013_05_002.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/car_2013_05_002.json -------------------------------------------------------------------------------- /tests/input_files/car_2014_11_004.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/car_2014_11_004.json -------------------------------------------------------------------------------- /tests/input_files/followedby_obs_expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/followedby_obs_expression.json -------------------------------------------------------------------------------- /tests/input_files/gt.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/gt.json -------------------------------------------------------------------------------- /tests/input_files/gt_and.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/gt_and.json -------------------------------------------------------------------------------- /tests/input_files/gt_and_gte.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/gt_and_gte.json -------------------------------------------------------------------------------- /tests/input_files/gt_and_is_equal.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/gt_and_is_equal.json -------------------------------------------------------------------------------- /tests/input_files/gte.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/gte.json -------------------------------------------------------------------------------- /tests/input_files/in_set.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/in_set.json -------------------------------------------------------------------------------- /tests/input_files/like.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/like.json -------------------------------------------------------------------------------- /tests/input_files/like_single_char.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/like_single_char.json -------------------------------------------------------------------------------- /tests/input_files/lt.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/lt.json -------------------------------------------------------------------------------- /tests/input_files/lte.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/lte.json -------------------------------------------------------------------------------- /tests/input_files/md5_hash.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/md5_hash.json -------------------------------------------------------------------------------- /tests/input_files/negated_comparison.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/negated_comparison.json -------------------------------------------------------------------------------- /tests/input_files/neq.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/neq.json -------------------------------------------------------------------------------- /tests/input_files/not_in_set.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/not_in_set.json -------------------------------------------------------------------------------- /tests/input_files/not_like.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/not_like.json -------------------------------------------------------------------------------- /tests/input_files/ored_obs_expression.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/ored_obs_expression.json -------------------------------------------------------------------------------- /tests/input_files/regex.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/regex.json -------------------------------------------------------------------------------- /tests/input_files/regex_anchors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/regex_anchors.json -------------------------------------------------------------------------------- /tests/input_files/regex_back_anchor.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/regex_back_anchor.json -------------------------------------------------------------------------------- /tests/input_files/regex_front_anchor.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/regex_front_anchor.json -------------------------------------------------------------------------------- /tests/input_files/regex_no_anchors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/regex_no_anchors.json -------------------------------------------------------------------------------- /tests/input_files/timestamp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/input_files/timestamp.json -------------------------------------------------------------------------------- /tests/integration_tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/integration_tests.py -------------------------------------------------------------------------------- /tests/test_analytic_translator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/test_analytic_translator.py -------------------------------------------------------------------------------- /tests/test_miscellaneous_tests.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/test_miscellaneous_tests.py -------------------------------------------------------------------------------- /tests/test_web_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tests/test_web_api.py -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitre/stix2patterns_translator/HEAD/tox.ini --------------------------------------------------------------------------------