本文整理汇总了Python中stix.core.STIXPackage类的典型用法代码示例。如果您正苦于以下问题:Python STIXPackage类的具体用法?Python STIXPackage怎么用?Python STIXPackage使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了STIXPackage类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: main
def main():
# Create our CybOX Simple Hash Value
shv = Hash()
shv.simple_hash_value = "4EC0027BEF4D7E1786A04D021FA8A67F"
# Create a CybOX File Object and add the Hash we created above.
f = File()
h = Hash(shv, Hash.TYPE_MD5)
f.add_hash(h)
# Create the STIX Package
stix_package = STIXPackage()
# Create the STIX Header and add a description.
stix_header = STIXHeader()
stix_header.description = "Simple File Hash Observable Example"
stix_package.stix_header = stix_header
# Add the File Hash Observable to the STIX Package. The add() method will
# inspect the input and add it to the top-level stix_package.observables
# collection.
stix_package.add(f)
# Print the XML!
print(stix_package.to_xml())
开发者ID:ExodusIntelligence,项目名称:python-stix,代码行数:25,代码来源:indicator-simplehash.py
示例2: main
def main():
# Create a CyboX File Object
f = File()
# This automatically detects that it's an MD5 hash based on the length
f.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F")
# Create an Indicator with the File Hash Object created above.
indicator = Indicator()
indicator.title = "File Hash Example"
indicator.description = (
"An indicator containing a File observable with an associated hash"
)
indicator.set_producer_identity("The MITRE Corporation")
indicator.set_produced_time(utils.dates.now())
# Add The File Object to the Indicator. This will promote the CybOX Object
# to a CybOX Observable internally.
indicator.add_object(f)
# Create a STIX Package
stix_package = STIXPackage()
# Create the STIX Header and add a description.
stix_header = STIXHeader()
stix_header.description = "File Hash Indicator Example"
stix_package.stix_header = stix_header
# Add our Indicator object. The add() method will inspect the input and
# append it to the `stix_package.indicators` collection.
stix_package.add(indicator)
# Print the XML!
print(stix_package.to_xml())
开发者ID:STIXProject,项目名称:python-stix,代码行数:34,代码来源:indicator-hash.py
示例3: generateMainPackage
def generateMainPackage(events):
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = "Export from " + namespace[1] + " MISP"
stix_header.package_intents = "Threat Report"
stix_package.stix_header = stix_header
return stix_package
开发者ID:KorayAgaya,项目名称:MISP,代码行数:7,代码来源:misp2stix.py
示例4: test_user_provided_ns
def test_user_provided_ns(self):
"""Test that user-provided namespaces are serialized.
"""
p = STIXPackage()
nsinfo = nsparser.NamespaceInfo()
# Collect classes
nsinfo.collect(p)
TEST_PREFIX = 'test'
TEST_NS = 'a:unit:test'
NEW_STIX_PREFIX = 'newstix'
NEW_STIX_NS = "http://stix.mitre.org/stix-1"
test_dict = {
TEST_NS: TEST_PREFIX,
NEW_STIX_NS: NEW_STIX_PREFIX
}
finalized = nsinfo._finalize_namespaces(ns_dict=test_dict)
nsinfo.finalized_namespaces
self.assertEqual(finalized.get(TEST_PREFIX), TEST_NS)
self.assertEqual(finalized.get(NEW_STIX_PREFIX), NEW_STIX_NS)
# Parse the exported document and make sure that the namespaces
# made it through the serialization process.
xml = p.to_xml(ns_dict=test_dict)
e = lxml.etree.XML(xml)
self.assertEqual(e.nsmap.get(TEST_PREFIX), TEST_NS)
self.assertEqual(e.nsmap.get(NEW_STIX_PREFIX), NEW_STIX_NS)
开发者ID:shinsec,项目名称:python-stix,代码行数:32,代码来源:nsparser_test.py
示例5: main
def main():
from stix.coa import CourseOfAction, Objective
from stix.common import Confidence
from stix.core import STIXPackage
from cybox.core import Observables
from cybox.objects.address_object import Address
pkg = STIXPackage()
coa = CourseOfAction()
coa.title = "Block traffic to PIVY C2 Server (10.10.10.10)"
coa.stage = "Response"
coa.type_ = "Perimeter Blocking"
obj = Objective()
obj.description = "Block communication between the PIVY agents and the C2 Server"
obj.applicability_confidence = Confidence("High")
coa.objective = obj
coa.impact = "Low"
coa.impact.description = "This IP address is not used for legitimate hosting so there should be no operational impact."
coa.cost = "Low"
coa.efficacy = "High"
addr = Address(address_value="10.10.10.10", category=Address.CAT_IPV4)
coa.parameter_observables = Observables(addr)
pkg.add_course_of_action(coa)
print(pkg.to_xml(encoding=None))
开发者ID:STIXProject,项目名称:stixproject.github.io,代码行数:29,代码来源:block-network-traffic_producer.py
示例6: pre_import_stix
def pre_import_stix(file, cluster=None):
from stix.core import STIXPackage
pkg = STIXPackage()
pkg = pkg.from_xml(file)
reports = pkg.reports
header = None
timestamp = ""
try:
header = reports[0].header
timestamp = reports[0].timestamp
except:
header = pkg.header
# sc = header_to_subcluster(header)
sc = {"name": header.title, "description": header.description, "firstseen": timestamp}
"""
campaigns= pkg.campaigns
for campaign in campaigns:
s = campaign_to_subcluster(campaign)
if not s in sc:
sc.append(s)
"""
# ttp = pkg.ttps
obs = pkg.observables
if sc:
sc["node"] = []
sc = obs_to_node(obs, sc)
sc["cluster"] = cluster
return sc
开发者ID:S03D4-164,项目名称:Hiryu,代码行数:32,代码来源:stix_import.py
示例7: to_stix
def to_stix(infile):
"""Converts the `infile` OpenIOC xml document into a STIX Package.
Args:
infile: OpenIOC xml filename to translate
Returns:
stix.core.STIXPackage object
"""
observables = to_cybox(infile)
# Build Indicators from the Observable objects
indicators = [_observable_to_indicator_stix(o) for o in observables]
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
# Set the Indicators collection
stix_package.indicators = indicators
# Create and write the STIX Header. Warning: these fields have been
# deprecated in STIX v1.2!
stix_header = STIXHeader()
stix_header.package_intent = PackageIntent.TERM_INDICATORS_MALWARE_ARTIFACTS
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
return stix_package
开发者ID:dandye,项目名称:openioc-to-stix,代码行数:28,代码来源:translate.py
示例8: main
def main():
pkg = STIXPackage()
affected_asset = AffectedAsset()
affected_asset.description = "Database server at hr-data1.example.com"
affected_asset.type_ = "Database"
affected_asset.type_.count_affected = 1
affected_asset.business_function_or_role = "Hosts the database for example.com"
affected_asset.ownership_class = "Internally-Owned"
affected_asset.management_class = "Internally-Managed"
affected_asset.location_class = "Internally-Located"
property_affected = PropertyAffected()
property_affected.property_ = "Confidentiality"
property_affected.description_of_effect = "Data was exfiltrated, has not been determined which data or how."
property_affected.non_public_data_compromised = "Yes"
property_affected.non_public_data_compromised.data_encrypted = False
security_effect_nature = NatureOfSecurityEffect()
security_effect_nature.append(property_affected)
affected_asset.nature_of_security_effect = security_effect_nature
affected_assets = AffectedAssets()
affected_assets.append(affected_asset)
incident = Incident(title="Exfiltration from hr-data1.example.com")
incident.affected_assets = affected_assets
pkg.add_incident(incident)
print(pkg.to_xml(encoding=None))
开发者ID:STIXProject,项目名称:stixproject.github.io,代码行数:29,代码来源:incident-with-affected-asset_producer.py
示例9: main
def main():
f = File()
f.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F")
indicator = Indicator()
indicator.title = "File Hash Example"
indicator.description = "An indicator containing a File observable with an associated hash"
indicator.set_producer_identity("The MITRE Corporation")
indicator.set_produced_time(datetime.now(tzutc()))
indicator.add_object(f)
party_name = PartyName(name_lines=["Foo", "Bar"], person_names=["John Smith", "Jill Smith"], organisation_names=["Foo Inc.", "Bar Corp."])
ident_spec = STIXCIQIdentity3_0(party_name=party_name)
ident_spec.add_electronic_address_identifier("[email protected]")
ident_spec.add_free_text_line("Demonstrating Free Text!")
ident_spec.add_contact_number("555-555-5555")
ident_spec.add_contact_number("555-555-5556")
identity = CIQIdentity3_0Instance(specification=ident_spec)
indicator.set_producer_identity(identity)
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Example"
stix_package.stix_header = stix_header
stix_package.add_indicator(indicator)
xml = stix_package.to_xml()
print(xml)
开发者ID:Seevil,项目名称:python-stix,代码行数:28,代码来源:ciq_identity.py
示例10: main
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.incident import Incident
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
attrib = Attribution()
attrib.append(actor)
c = Campaign()
c.attribution = []
c.attribution.append(attrib)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
c.related_incidents.append(Incident(idref="example:incident-229ab6ba-0eb2-415b-bdf2-079e6b42f51e"))
c.related_incidents.append(Incident(idref="example:incident-517cf274-038d-4ed4-a3ec-3ac18ad9db8a"))
c.related_incidents.append(Incident(idref="example:incident-7d8cf96f-91cb-42d0-a1e0-bfa38ea08621"))
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()
开发者ID:clever-crow-consulting,项目名称:stixproject.github.io,代码行数:31,代码来源:campaign-v-actors_producer.py
示例11: main
def main():
stix_package = STIXPackage()
ta = ThreatActor()
ta.title = "Disco Team Threat Actor Group"
ta.identity = CIQIdentity3_0Instance()
identity_spec = STIXCIQIdentity3_0()
identity_spec.party_name = PartyName()
identity_spec.party_name.add_organisation_name(OrganisationName("Disco Tean", type_="CommonUse"))
identity_spec.party_name.add_organisation_name(OrganisationName("Equipo del Discoteca", type_="UnofficialName"))
identity_spec.add_language("Spanish")
address = Address()
address.country = Country()
address.country.add_name_element("United States")
address.administrative_area = AdministrativeArea()
address.administrative_area.add_name_element("California")
identity_spec.add_address(address)
identity_spec.add_electronic_address_identifier("[email protected]")
ta.identity.specification = identity_spec
stix_package.add_threat_actor(ta)
print stix_package.to_xml()
开发者ID:andreisirghi,项目名称:stixproject.github.io,代码行数:26,代码来源:identifying-a-threat-actor-group_producer.py
示例12: main
def main():
rule = """
rule silent_banker : banker
{
meta:
description = "This is just an example"
thread_level = 3
in_the_wild = true
strings:
$a = {6A 40 68 00 30 00 00 6A 14 8D 91}
$b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
$c = "UVODFRYSIHLNWPEJXQZAKCBGMT"
condition:
$a or $b or $c
}
"""
stix_package = STIXPackage()
indicator = Indicator(title="silent_banker", description="This is just an example")
tm = YaraTestMechanism()
tm.rule = rule
tm.producer = InformationSource(identity=Identity(name="Yara"))
tm.producer.references = ["http://plusvic.github.io/yara/"]
indicator.test_mechanisms = [tm]
stix_package.add_indicator(indicator)
print stix_package.to_xml()
开发者ID:andreisirghi,项目名称:stixproject.github.io,代码行数:33,代码来源:yara-test-mechanism-producer.py
示例13: buildSTIX
def buildSTIX(ident,confid,restconfid, effect, resteffect,typeIncident,resttype,asset,restasset,hashPkg):
# IMPLEMENTATION WORKAROUND -
# restConfid --> header.description
# resteffect --> breach.description
# resttype --> reporter.description
# restasset --> reporter.identity.name
# setup stix document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = restconfid # "Example description"
stix_package.stix_header = stix_header
# add incident and confidence
breach = Incident(id_=ident)
breach.description = resteffect # "Intrusion into enterprise network"
breach.confidence = Confidence()
breach.confidence.value=confid
breach._binding_class.xml_type = typeIncident
# stamp with reporter
breach.reporter = InformationSource()
breach.reporter.description = resttype #"The person who reported it"
breach.reporter.time = Time()
breach.reporter.time.produced_time = datetime.strptime("2014-03-11","%Y-%m-%d") # when they submitted it
breach.reporter.identity = Identity()
breach.reporter.identity.name = restasset # "Sample Investigations, LLC"
# set incident-specific timestamps
breach.time = incidentTime()
breach.title = "Breach of CyberTech Dynamics"
breach.time.initial_compromise = datetime.strptime("2012-01-30", "%Y-%m-%d")
breach.time.incident_discovery = datetime.strptime("2012-05-10", "%Y-%m-%d")
breach.time.restoration_achieved = datetime.strptime("2012-08-10", "%Y-%m-%d")
breach.time.incident_reported = datetime.strptime("2012-12-10", "%Y-%m-%d")
# add the impact
#impact = ImpactAssessment()
#impact.add_effect("Unintended Access")
#breach.impact_assessment = impact
affected_asset = AffectedAsset()
affected_asset.description = "Database server at hr-data1.example.com"
affected_asset.type_ = asset
breach.affected_assets = affected_asset
#print("asset type: %s"%(breach.affected_assets[0].type_))
# add the victim
breach.add_victim (hashPkg)
# add the impact
impact = ImpactAssessment()
impact.add_effect(effect)
breach.impact_assessment = impact
stix_package.add_incident(breach)
#print("hey, I've got an incident! list size=%s"%(len(stix_package._incidents)))
# Print the XML!
#print(stix_package.to_xml())
return stix_package
开发者ID:jmdefuentes,项目名称:SPCIS,代码行数:59,代码来源:PRACIS_AggregationTest.py
示例14: init_stix
def init_stix(self):
stix_package = STIXPackage()
stix_header = STIXHeader()
info_source = InformationSource()
info_source.description = 'HAR file analysis of visit to malicious URL'
stix_header.information_source = info_source
stix_package.stix_header = stix_header
return stix_package
开发者ID:CyberIntelMafia,项目名称:malcrawler,代码行数:8,代码来源:har2stix.py
示例15: file_to_stix
def file_to_stix(file_):
'''transform files into stix packages'''
try:
stix_package = STIXPackage.from_xml(file_)
except UnsupportedVersionError as ex:
updated = ramrod.update(file_)
updated_xml = updated.document.as_stringio()
stix_package = STIXPackage.from_xml(updated_xml)
return stix_package
开发者ID:Soltra,项目名称:cti-stats,代码行数:9,代码来源:cti.py
示例16: __repr__
def __repr__(self):
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_package.stix_header = stix_header
for d in self.data:
i = self._create_indicator(d)
stix_package.add_indicator(i)
return stix_package.to_xml()
开发者ID:csirtgadgets,项目名称:cif-sdk-py,代码行数:9,代码来源:cif_stix.py
示例17: main
def main():
fn = 'ex_01.xml'
stix_package = STIXPackage.from_xml(fn)
stix_dict = stix_package.to_dict() # parse to dictionary
pprint(stix_dict)
stix_package_two = STIXPackage.from_dict(stix_dict) # create python-stix object from dictionary
xml = stix_package_two.to_xml() # generate xml from python-stix object
print(xml)
开发者ID:SYNchroACK,项目名称:crits_dependencies,代码行数:9,代码来源:ex_01.py
示例18: pkg_builder
def pkg_builder(mailbox_cfg, mailitem):
pkg = STIXPackage(
id_="%s:Package-%s" % (constants.DEFAULT_STIX_ALIAS, uuid.uuid4()),
indicators=data_to_indicator(mailbox_cfg, mailitem),
stix_header=stix_header(
title=mailitem.email_subject),
)
data = pkg.to_xml(ns_dict={mailbox_cfg.stix_prefix: constants.DEFAULT_STIX_ALIAS}, include_idgen=False, include_schemalocs=False)
#return StringIO(data)
return data
开发者ID:soltra-adapters,项目名称:adapter-email-extract,代码行数:10,代码来源:utils.py
示例19: main
def main():
stix_package = STIXPackage()
ttp_phishing = TTP(title="Phishing")
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-98"
attack_pattern.description = ("Phishing")
ttp_phishing.behavior = Behavior()
ttp_phishing.behavior.add_attack_pattern(attack_pattern)
ttp_pivy = TTP(title="Poison Ivy Variant d1c6")
malware_instance = MalwareInstance()
malware_instance.add_name("Poison Ivy Variant d1c6")
malware_instance.add_type("Remote Access Trojan")
ttp_pivy.behavior = Behavior()
ttp_pivy.behavior.add_malware_instance(malware_instance)
ta_bravo = ThreatActor(title="Adversary Bravo")
ta_bravo.identity = Identity(name="Adversary Bravo")
related_ttp_phishing = RelatedTTP(TTP(idref=ttp_phishing.id_), relationship="Leverages Attack Pattern")
ta_bravo.observed_ttps.append(related_ttp_phishing)
related_ttp_pivy = RelatedTTP(TTP(idref=ttp_pivy.id_), relationship="Leverages Malware")
ta_bravo.observed_ttps.append(related_ttp_pivy)
stix_package.add_ttp(ttp_phishing)
stix_package.add_ttp(ttp_pivy)
stix_package.add_threat_actor(ta_bravo)
print stix_package.to_xml()
开发者ID:andreisirghi,项目名称:stixproject.github.io,代码行数:33,代码来源:threat-actor-leveraging-attack-patterns-and-malware_producer.py
示例20: main
def main():
data = json.load(open("data.json"))
stix_package = STIXPackage(stix_header=STIXHeader(title=data['title'], package_intents='Incident'))
ttps = {}
for info in data['ips']:
if info['bot'] not in ttps:
ttps[info['bot']] = TTP(title=info['bot'])
stix_package.add_ttp(ttps[info['bot']])
incident = Incident(title=info['ip'])
incident.time = Time()
incident.time.first_malicious_action = info['first_seen']
addr = Address(address_value=info['ip'], category=Address.CAT_IPV4)
observable = Observable(item=addr)
stix_package.add_observable(observable)
related_ttp = RelatedTTP(TTP(idref=ttps[info['bot']].id_), relationship="Used Malware")
incident.leveraged_ttps.append(related_ttp)
related_observable = RelatedObservable(Observable(idref=observable.id_))
incident.related_observables.append(related_observable)
stix_package.add_incident(incident)
print stix_package.to_xml()
开发者ID:andreisirghi,项目名称:stixproject.github.io,代码行数:30,代码来源:incident-producer.py
注:本文中的stix.core.STIXPackage类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论