.. _warning_messages: Warning Messages ===================== When the elevator makes an assumption during the conversion of some content, or is unable to convert the content, a warning message is output. General --------------- ======================================================================= ==== ===== Message Code Level ======================================================================= ==== ===== Results produced by the stix2-elevator are not for production purposes. 201 warn Observable Expressions should not contain placeholders 202 error Placeholder *[id]* should be resolved 203 error Found definition for *[id]* 204 info At least one PLACEHOLDER idref was not resolved in *[id]* 205 warn At least one observable could not be converted in *[id]* 206 warn Options not initialized 207 error EMPTY BUNDLE -- No objects created from 1.x input document! 208 warn Both console and output log have disabled messages. 209 warn OSError *[message]* 210 error silent option is not compatible with a policy 211 warn ======================================================================= ==== ===== Adding Content not supported in STIX 2.x to Description ---------------------------------------------------------------- ============================================================================================================================== ==== ===== Message Code Level ============================================================================================================================== ==== ===== The ``Short_Description`` property is no longer supported in STIX. The text was appended to the description property of *[id]* 301 warn Appended *[property_name]* to description of *[id]* 302 warn Title *[title]* used for ``name``, appending ``exploit_target`` *[id]* title in description property 303 info Appended ``confidence`` property content to description of *[id]* 304 warn Appended ``Statement`` type content to description of *[id]* 305 warn Appended ``Tool`` type content to description of *[id]* 306 warn ============================================================================================================================== ==== ===== Dropping Content not supported in STIX 2.x --------------------------------------------------- ============================================================================================================================================== ==== ===== Message Code Level ============================================================================================================================================== ==== ===== ``Information Source`` on *[id]* is not representable in STIX 2.0 401 warn ``Related_Packages`` type in *[id]* not supported in STIX 2.x 402 warn ``Campaign/Activity`` type in *[id]* not supported in STIX 2.x 403 warn Structured COAs type in *[id]* are not supported in STIX 2.x 404 warn ``ExploitTarget/Weaknesses`` type in *[id]* not supported in STIX 2.x 405 warn ``ExploitTarget/Configurations`` type in *[id]* not supported in STIX 2.x 406 warn Indicator *[id]* has an observable or indicator composite expression which may not supported correctly in STIX 2.x - please check this pattern 407 warn ``TTP/Behavior/Exploits/Exploit`` in *[id]* not supported in STIX 2.x 408 warn ``Infrastructure`` in *[id]* not part of STIX 2.x 409 warn Targeted systems on *[id]* are not a victim target in STIX 2.x 410 warn Targeted information on *[id]* is not a victim target in STIX 2.x 411 warn Targeted technical details on *[id]* are not a victim target in STIX 2.x 412 warn Kill Chains type in *[id]* not supported in STIX 2.x 413 warn Victim Target in *[id]* did not yield any STIX 2.x object 414 warn TTP *[id]* did not generate any STIX 2.x object 415 warn No STIX 2.x object generated from embedded object *[id]* 416 warn [object type] did not yield any STIX 2.x object 417 warn The *[property]* property of *[STIX 1.x object type]* is not part of STIX 2.x 418 warn ``NO MESSAGE ASSIGNED`` 419 Windows Handles are not a part of STIX 2.x 420 warn The address type [address] is not part of STIX 2.0 421 warn No pattern term was created from *[id]* 422 warn *[id]* is used as a pattern, therefore it is not included as an observed_data instance 423 warn *[xxx]* content is not supported in STIX 2.x 424 warn Could not resolve Marking Structure *[id]* 425 warn MAEC content in *[id]* cannot be represented in STIX 2.x 426 warn The *[relationship name]* relationship involving *[id]* is not supported in STIX 2.x 427 warn ``roles`` is not a property of a 2.x identity (*[id]*). Perhaps the roles are associated with a related Threat Actor 428 warn ``HTTPServerResponse`` type is not supported in STIX 2.x 429 warn The confidence value *[value]* is not found on one of the confidence scales from the specification. No confidence can be inferred 430 warn The confidence value *[value]* is not between 0 and 100, which is required for STIX 2.1. No confidence can be inferred 431 warn The confidence value *[value]* cannot be converted 432 warn Location with free text address in *[id]* not handled yet" 433 warn ============================================================================================================================================== ==== ===== Multiple values are not supported in STIX 2.x ---------------------------------------------------- =========================================================================================================================================== ==== ===== Message Code Level =========================================================================================================================================== ==== ===== ``NO MESSAGE ASSIGNED`` 501 Only one person name allowed for *[id]* in STIX 2.x, used first one 502 warn Only one organization name allowed for *[id]* in STIX 2.x, used first one 503 warn YARA/SNORT patterns on *[id]* not supported in STIX 2.x 504 warn ``NO MESSAGE ASSIGNED`` 505 Only one alternative test mechanism allowed for *[id]* in STIX 2.x - used first one, which was *[pattern_lang]* 506 warn Only one valid time window allowed for *[id]* in STIX 2.x - used first one 507 warn Only one name for malware is allowed for *[id]* in STIX 2.x - used first one 508 warn No STIX 1.x vocab value given for *[property]*, using 'unknown' 509 warn Only one *[property]* allowed in STIX 2.x - used first one 510 warn File size 'window' not allowed in top level observable, using first value 511 warn Only one ``HTTP_Request_Response`` used for ``http-request-ext``, using first value 512 warn =========================================================================================================================================== ==== ===== Possible issue in original STIX 1.x content -------------------------------------------------- =========================================================================================================================================== ==== ===== Message Code Level =========================================================================================================================================== ==== ===== Dangling source reference *[source]* in *[id]* 601 warn Dangling target reference *[target]* in *[id]* 602 warn 1.X ID: *[id]* was not mapped to STIX 2.x ID 603 warn Unable to determine the STIX 2.x type for *[id]* 604 error Malformed id *[id]*. Generated a new uuid 605 warn Identity *[id]* has organization and person names 606 error Dangling kill chain phase id in indicator *[id]* 607 error ``windows-registry-key`` is required to have a ``key`` property 608 error *[condition]* was used, but two values were not provided. 609 error Trying to associate *[old_key]* with None 610 warn Could not associate *[old_id]* with None 611 error Identity *[id]* must have a name, using 'None' 612 error No ``WinExecutableFile`` properties found in *[WinExeFile]* 613 warn No ``ArchiveFile`` properties found in *[ArchiveFile]* 614 warn No ``WinProcess`` properties found in *[WinProcess]* 615 warn No ``WinService`` properties found in *[WinService]* 616 warn The custom property name *[property name]* does not adhere to the specification rules 617 warn No ISO code for *[value]* in *[identifying info]* 618 warn No *[start/end]* time for the first valid time interval is available in *[id]*, other time intervals might be more appropriate 619 warn Unable to create a pattern from a File object 620 warn *[stix 1.x property]* contains no value 621 warn No term was yielded for *[id]* 622 warn Hive property, *[hive property name]*, is already a prefix of the key property, *[key property name]* 623 warn The custom property name *[id]* contains whitespace, replacing it with underscores 624 warn Found duplicate marking structure *[id]* 625 info *[hash_string]* is not a valid *[hash_type]* hash 626 warn *[enum_value]* in *[id]* is not a member of the *[enum_type]* enumeration 627 warn Unknown condition given in *[id]* - marked as 'INVALID_CONDITION' 628 warn Unable to determine the STIX 2.x type for *[id]*, which is malformed 629 error 'equals' allowed in *[id]* - should be 'Equals' 630 warn Multiple administrative areas with multiple countries in *[id]* is not handled" 631 warn =========================================================================================================================================== ==== ===== STIX Elevator conversion based on assumptions ---------------------------------------------------- =========================================================================================================================================== ==== ===== Message Code Level =========================================================================================================================================== ==== ===== Threat Actor identity *[id]* being used as basis of attributed-to relationship 701 info Found STIX 1.X ID: *[old_id]* replaced by *[new_id]* 702 info *[old_id]* is already associated other ids: *[tuple_of_new_ids]* 703 info Including *id of relationship* in *id of report* and added the target_ref *target_ref* to the report 704 warn Including *id of relationship* in *id of report* and added the source_ref *source_ref* to the report 705 warn Including *id of relationship* in *id of report* although the target_ref is unknown 706 warn Including *id of relationship* in *id of report* although the source_ref is unknown 707 warn Not including *id of relationship* in *id of report* because there is no corresponding SDO for *target_ref* 708 warn Not including *id of relationship* in *id of report* because there is no corresponding SDO for *source_ref* 709 warn All associated *[xxx]* relationships of *[id]* are assumed to not represent STIX 1.2 versioning 710 warn ciq name found in *[id]*, possibly overriding other name 711 warn Only one type pattern can be specified in *[id]* - using cybox 712 warn *[id]* generated an identity associated with a victim 713 warn No condition given for *[current_observable]* - assume '=' 714 warn Used MATCHES operator for *[condition]* 715 warn Based on CIQ information, *[id]* is assumed to be an organization 716 warn Threat actor *[id]* title is used for name property 717 info Using related-to for the *[property]* of *[id]* 718 warn Using first Threat Actor motivation as ``primary_motivation`` value. If more, use ``secondary_motivation`` 719 info The ``published property`` is required for STIX 2.x Report *[id]*, using the created property 720 info ``apply_condition`` assumed to be 'ANY' in *[id]* 721 warn ``content_type`` for ``body_multipart`` of *[id]* is assumed to be 'text/plain' 722 info The confidence value in *[value]* assumed to be a value on a scale between 0 and 100 723 warn The confidence value in *[value]* has been converted to an integer so it is valid in STIX 2.1 724 warn =========================================================================================================================================== ==== ===== STIX elevator currently doesn't process this content ----------------------------------------------------------- =========================================================================================================================================== ==== ===== Message Code Level =========================================================================================================================================== ==== ===== Could not resolve Marking Structure *[id]* 801 warn 1.x full file paths are not processed, yet 802 warn ``NO MESSAGE ASSIGNED`` 803 ``NO MESSAGE ASSIGNED`` 804 CybOX object *[object]* not handled yet 805 warn Email *[property]* not handled yet 806 warn ``file:extended_properties:windows_pebinary_ext:optional_header`` is not implemented yet 807 warn *[object]* found in *[id]* cannot be converted to a pattern, yet. 808 warn Related Objects of cyber observables for *[id]* are not handled yet 809 warn Negation of *[id]* is not handled yet 810 warn ``NO MESSAGE ASSIGNED`` 811 Condition on a hive property not handled. 812 warn Cannot convert CybOX 2.x class name *[name]* to an object_path_root_name 813 error Parameter Observables in *[id]* are not handled, yet. 814 warn *[property]* in *[id]* are not handled, yet. 815 info Ambiguous file path *[path]* was not processed 816 warn =========================================================================================================================================== ==== ===== Missing Required Timestamp --------------------------------- =========================================================================================================================================== ==== ===== Message Code Level =========================================================================================================================================== ==== ===== ``first_observed`` and ``last_observed`` properties not available directly on *[id]* - using timestamp 901 info Using parent object timestamp on *[identifying info]* 902 info No valid time position information available in *[id]*, using parent timestamp 903 warn No ``first_seen`` property on *[id]* - using timestamp 904 info Timestamp not available for *[entity]*, using current time 905 warn =========================================================================================================================================== ==== =====