Command Line Interface

The elevator comes with a bundled script which you can use to elevate STIX 1.x content to STIX 2.x content:

usage: stix2_elevator [-h]
          [--missing-policy {use-extensions,use-custom-properties,add-to-description,ignore}]
          [--header-object-type {report,grouping}]
          [--custom-property-prefix CUSTOM_PROPERTY_PREFIX]
          [--infrastructure]
          [--acs]
          [--incidents]
          [--package-created-by-id PACKAGE_CREATED_BY_ID]
          [--default-timestamp DEFAULT_TIMESTAMP]
          [--validator-args VALIDATOR_ARGS]
          [-e ENABLED]
          [-d DISABLED]
          [-s]
          [--message-log-directory MESSAGE_LOG_DIRECTORY]
          [--log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}]
          [-m MARKINGS_ALLOWED]
          [-p {no_policy,strict_policy}]
          [-v {2.0,2.1}]
          [-r]
          file

stix2-elevator v4.1.7

positional arguments:

file          The input STIX 1.x document to be elevated.

optional arguments:

-h, --help
              Show this help message and exit

--missing-policy {use-extensions,use-custom-properties,add-to-description,ignore}
              Policy for including STIX 1.x content that cannot be
              represented directly in STIX 2.x. The default is 'add-
              to-description'.

--header-object-type {report,grouping}
              What STIX 2 type to use to store extra information
              from the STIX 1 package header.The default is
              'report'.

--custom-property-prefix CUSTOM_PROPERTY_PREFIX
              Prefix to use for custom property names when missing
              policy is 'use-custom-properties'. The default is
              'elevator'.

--infrastructure
              Infrastructure will be included in the conversion.
              Default for version 2.1 is true.

--incidents
              Incidents will be included in the conversion.
              Default for version 2.1 is true.

--acs
              Process ACS data markings
              Default is false.

--package-created-by-id PACKAGE_CREATED_BY_ID
              Use provided identifier for "created_by_ref"
              properties.

              Example: --package-created-by-id "identity--1234abcd-1a12-42a3-0ab4-1234abcd5678"

--default-timestamp DEFAULT_TIMESTAMP
              Use provided timestamp for properties that require a
              timestamp.

              Example: --default-timestamp "2016-11-15T13:10:35.053000Z"

--validator-args VALIDATOR_ARGS
              Arguments to pass to stix2-validator.
              See https://stix2-validator.readthedocs.io/en/latest/options.html.

              Example: --validator-args="-v --strict-types -d 212"

-e ENABLED, --enable ENABLED
              A comma-separated list of the stix2-elevator messages
              to enable. Not to be used with --disable.

              Example: --enable 250

-d DISABLED, --disable DISABLED
              A comma-separated list of the stix2-elevator messages
              to disable. Not to be used with --enable.

              Example: --disable 212,220

-s, --silent
              If this flag is set, all stix2-elevator messages will
              be disabled.

--message-log-directory MESSAGE_LOG_DIRECTORY
              If this flag is set, all stix2-elevator messages will
              be saved to a file. The name of the file will be the
              input file with extension .log in the specified
              directory.

              Note, make sure the directory already exists.

              Example: --message-log-directory "../logs".

--log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}
              The logging output level.

-m MARKINGS_ALLOWED, --markings-allowed MARKINGS_ALLOWED
              Avoid error exit, if these markings types
              (as specified via their python class names) are in the
              content, but not supported by the elevator. Specify as
              a comma-separated list.

              Example: --markings-allowed "ISAMarkingsAssertion,ISAMarkings"

-p {no_policy,strict_policy},
--error-policy {no_policy,strict_policy},
--policy {no_policy,strict_policy}   #deprecated
             The policy to deal with errors. The default is 'no_policy'.

-v {2.0,2.1}, --version {2.0,2.1}
             The version of stix 2 to be produced. The default is 2.1

-r, --ignore-required-properties
                      Do not provide missing required properties

Refer to the Warning Messages section for all stix2-elevator messages. Use the associated code number to --enable or --disable a message. By default, the stix2-elevator displays all messages.

The –enable and –disable arguments cannot be used at the same time. When a message code is not specified in the –enable option it will not be displayed. When a message code is not specified in the –disable option it will be displayed. If the number of messages codes to be both enabled and disabled are both large, it is sufficient to just specify the shorter one.

Note: disabling the message does not disable any functionality.