本文整理汇总了Python中crits.emails.email.Email.from_cybox方法的典型用法代码示例。如果您正苦于以下问题:Python Email.from_cybox方法的具体用法?Python Email.from_cybox怎么用?Python Email.from_cybox使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类crits.emails.email.Email的用法示例。
在下文中一共展示了Email.from_cybox方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __parse_object
# 需要导入模块: from crits.emails.email import Email [as 别名]
# 或者: from crits.emails.email.Email import from_cybox [as 别名]
def __parse_object(self, obs_obj):
"""
Parse an observable object.
:param obs_obj: The observable object to parse.
:type obs_obj: CybOX object type.
"""
properties = obs_obj.properties
type_ = properties._XSI_TYPE
#would isinstance be preferable?
#elif isinstance(defined_obj,
# cybox.objects.email_message_object.EmailMessage):
#XXX: Need to check the database for an existing Sample or Indicator
# and handle accordingly, or risk blowing it away!!!!
if type_ == 'FileObjectType':
sample = Sample.from_cybox(properties, [self.source])
md5_ = sample.md5
# do we already have this sample?
db_sample = Sample.objects(md5=md5_).first()
if db_sample:
# flat out replacing cybox sample object with one from db.
# we add the source to track we got a copy from TAXII.
# if we have a metadata only doc, the add_file_data below
# will generate metadata for us.
sample = db_sample
sample.add_source(self.source)
if md5_ in self.saved_artifacts:
(saved_obj, data) = self.saved_artifacts[md5_]
if saved_obj._XSI_TYPE == 'FileObjectType':
#print "Only File found in SA"
return
elif saved_obj._XSI_TYPE == 'ArtifactObjectType':
#print "Found matching Artifact in SA"
sample.add_file_data(data)
sample.save(username=self.source_instance.analyst)
self.samples.append(('Sample', sample.md5))
del self.saved_artifacts[md5_]
else:
#print "Saving File to SA"
self.saved_artifacts[md5_] = (properties, None)
elif type_ == 'EmailMessageObjectType':
# we assume all emails coming in from TAXII are new emails.
# there is no way to guarantee we found a dupe in the db.
email = Email.from_cybox(properties, [self.source])
email.save(username=self.source_instance.analyst)
self.emails.append(('Email', str(email.id)))
elif type_ in ['URIObjectType', 'AddressObjectType']:
indicator = Indicator.from_cybox(properties, [self.source])
ind_type = indicator.ind_type
value = indicator.value
db_indicator = Indicator.objects(Q(ind_type=ind_type) & Q(value=value)).first()
if db_indicator:
# flat out replacing cybox indicator object with one from db.
# we add the source to track we got a copy from TAXII.
indicator = db_indicator
indicator.add_source(self.source)
indicator.save(username=self.source_instance.analyst)
self.indicators.append(('Indicator', str(indicator.id)))
elif type_ == 'ArtifactObjectType':
# XXX: Check properties.type_ to see if it is TYPE_FILE,
# TYPE_MEMORY, from CybOX definitions. This isn't implemented
# yet in Greg's code. Just parse the file blindly for now.
#if properties.type_ == 'File':
# sample = Sample.from_cybox(properties, [self.source])
#else:
# print "XXX: got unknown artifact type %s" % properties.type_
data = base64.b64decode(properties.data)
md5_ = md5(data).hexdigest()
#print "Found Artifact"
if md5_ in self.saved_artifacts:
(saved_obj, data) = self.saved_artifacts[md5_]
if saved_obj._XSI_TYPE == 'ArtifactObjectType':
#print "Only Artifact found in SA"
return
elif saved_obj._XSI_TYPE == 'FileObjectType':
#print "Found matching File in SA"
sample = Sample.from_cybox(saved_obj, [self.source])
db_sample = Sample.objects(md5=md5_).first()
if db_sample:
# flat out replacing cybox sample object with one from db.
# we add the source to track we got a copy from TAXII.
# if we have a metadata only doc, the add_file_data below
# will generate metadata for us.
sample = db_sample
sample.add_source(self.source)
sample.add_file_data(data)
sample.save(username=self.source_instance.analyst)
self.samples.append(('Sample', sample.md5))
del self.saved_artifacts[md5_]
else:
#print "Saving Artifact to SA"
self.saved_artifacts[md5_] = (properties, data)