## Lettura file json

In [None]:
import json

def read_stix_json(file_path):
    try:
        with open(file_path, 'r') as file:
            data = json.load(file)
            return data
    except Exception as e:
        print(f"Errore nella lettura del file: {e}")
        return None

def print_stix_data(stix_data):
    if stix_data is not None:
        # Stampa il contenuto del file JSON in modo leggibile
        print(json.dumps(stix_data, indent=4))
    else:
        print("Nessun dato da mostrare.")

if __name__ == "__main__":
    file_path = '/content/IranianDisinformation.json'  #percorso del file JSON STIX
    stix_data = read_stix_json(file_path)
    print_stix_data(stix_data)


{
    "type": "bundle",
    "id": "bundle--508e8488-2c6d-4631-a13b-4b1f4d298e7f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--7ca79a22-44da-4b49-8cd8-850887b2e389",
            "created": "2024-06-07T16:26:51.000Z",
            "modified": "2024-06-07T16:26:51.000Z",
            "name": "Leonardo Sole",
            "identity_class": "organization"
        },
        {
            "type": "grouping",
            "spec_version": "2.1",
            "id": "grouping--2c814348-0d1a-48a2-847a-1504248def9d",
            "created_by_ref": "identity--7ca79a22-44da-4b49-8cd8-850887b2e389",
            "created": "2024-06-07T16:26:51.000Z",
            "modified": "2024-06-07T16:26:51.000Z",
            "name": "Global-Iranian-Disinformation-Operation",
            "context": "suspicious-activity",
            "object_refs": [
                "x-misp-galaxy-cluster--a2355290-e41e-5210-b03c-6ef88d4b61c2",
               

## Modifica dello stix

In [31]:
import re
def extract_name_from_labels(labels):
    for label in labels:
        match = re.match(r'misp:name="([^"]+)"', label)
        if match:
            return match.group(1)
    return None

def modify_stix_data(stix_data):
    if stix_data is not None:
        for obj in stix_data.get('objects', []):
            # Modifica oggetti di tipo "x-misp-galaxy-cluster"
            if obj.get('type') == 'x-misp-galaxy-cluster':
                obj['type'] = 'attack-pattern'
                obj['name'] = f"DISARM TTP - {obj.get('x_misp_value', '')}"

            # Modifica oggetti di tipo "observed-data"
            elif obj.get('type') == 'observed-data':
                obj['name'] = extract_name_from_labels(obj.get('labels', []))

            # Modifica oggetti di tipo "user-account"
            elif obj.get('type') == 'user-account':
                obj['name'] = obj.get('account_login', '')

            # Modifica oggetti di tipo "x-misp-object" con "x_misp_name: whois"
            elif obj.get('type') == 'x-misp-object' and obj.get('x_misp_name') == 'whois':
                obj['type'] = 'threat-actor'

            # Modifica oggetti di tipo "indicator" con "misp:name: ip-port"
            elif obj.get('type') == 'indicator':
                labels = obj.get('labels', [])
                if 'misp:name="ip-port"' or 'misp:type="domain"' in labels:
                    obj['name'] = 'Domain'
    else:
        print("Nessun dato da modificare.")
    return stix_data


def write_stix_json(file_path, data):
    try:
        with open(file_path, 'w') as file:
            json.dump(data, file, indent=4)
    except Exception as e:
        print(f"Errore nella scrittura del file: {e}")

## Esecuzione delle funzioni

In [33]:
input_file_path = '/content/IranianDisinformation.json'  # Sostituisci con il percorso del tuo file JSON STIX
output_file_path = '/content/IranianDisinformationClear.json'  # Sostituisci con il percorso dove salvare il file modificato

stix_data = read_stix_json(input_file_path)
modified_stix_data = modify_stix_data(stix_data)
write_stix_json(output_file_path, modified_stix_data)
print(f"File modificato salvato in: {output_file_path}")

File modificato salvato in: /content/IranianDisinformationClear.json
