colander_data_converter.converters.misp.converter

class colander_data_converter.converters.misp.converter.ColanderToMISPMapper

Bases: MISPMapper

Mapper class for converting Colander objects to MISP format.

Handles the conversion of various Colander entity types (threats, actors, events, artifacts, etc.) to their corresponding MISP object representations using predefined mapping configurations.

static get_element_from_event(event, uuid, types)

Return type:

Tuple[MISPObject | MISPAttribute | None, str | None]

convert_case(case, feed)

Return type:

Tuple[MISPEvent | None, List[Annotated[Actor | Artifact | DataFragment | Observable | DetectionRule | Device | Event | Threat, FieldInfo(annotation=NoneType, required=True, discriminator=’colander_internal_type’)]]]

convert_colander_object(colander_object)

Convert a Colander object to its corresponding MISP representation.

This method performs the core conversion logic by: 1. Looking up the appropriate mapping for the Colander object type 2. Creating the corresponding MISP object (Attribute or Object) 3. Mapping fields, literals, and attributes from Colander to MISP format

Parameters:

colander_object (EntityTypes) – The Colander object to convert

Returns:

The converted MISP object, or None if no mapping exists

Return type:

Optional[Union[AbstractMISP, TagStub]]

convert_immutable_relations(event, colander_object)

convert_relations(event, colander_relations)

class colander_data_converter.converters.misp.converter.MISPMapper

Bases: object

Base mapper class for MISP conversions.

Provides common functionality for mapping Colander data structures to MISP objects.

static tlp_level_to_tag(tlp_level)

Convert a Colander TLP (Traffic Light Protocol) level to a MISP tag.

Parameters:

tlp_level (TlpPapLevel) – The TLP level to convert

Returns:

A MISP tag object with the TLP level name

Return type:

MISPTag