本文整理汇总了Python中crits.indicators.indicator.Indicator类的典型用法代码示例。如果您正苦于以下问题:Python Indicator类的具体用法?Python Indicator怎么用?Python Indicator使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Indicator类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: set_indicator_attack_type
def set_indicator_attack_type(id_, attack_type, user, **kwargs):
"""
Set the Indicator attack type.
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:param attack_type: The new indicator attack type.
:type attack_type: str
:param user: The user updating the indicator.
:type user: str
:returns: dict with key "success" (boolean)
"""
# check to ensure we're not duping an existing indicator
indicator = Indicator.objects(id=id_).first()
value = indicator.value
ind_check = Indicator.objects(attack_type=attack_type, value=value).first()
if ind_check:
# we found a dupe
return {"success": False, "message": "Duplicate would exist making this change."}
elif attack_type not in IndicatorAttackTypes.values():
return {"success": False, "message": "Not a valid Attack Type."}
else:
try:
indicator.attack_type = attack_type
indicator.save(username=user)
return {"success": True}
except ValidationError:
return {"success": False}示例2: set_indicator_type
def set_indicator_type(indicator_id, itype, username):
"""
Set the Indicator type.
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:param itype: The new indicator type.
:type itype: str
:param username: The user updating the indicator.
:type username: str
:returns: dict with key "success" (boolean)
"""
# check to ensure we're not duping an existing indicator
indicator = Indicator.objects(id=indicator_id).first()
value = indicator.value
ind_check = Indicator.objects(ind_type=itype, value=value).first()
if ind_check:
# we found a dupe
return {'success': False}
else:
try:
indicator.ind_type = itype
indicator.save(username=username)
return {'success': True}
except ValidationError:
return {'success': False}示例3: run
def run(self, obj, config):
if isinstance(obj, RawData):
data = obj.data
elif isinstance(obj, Sample):
samp_data = obj.filedata.read()
data = make_ascii_strings(data=samp_data)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': "IP Address"}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': "Domain"}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': "Email"}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)示例4: run
def run(self, obj, config):
if isinstance(obj, Event):
data = obj.description
elif isinstance(obj, RawData):
data = obj.data
elif isinstance(obj, Sample):
samp_data = obj.filedata.read()
data = make_ascii_strings(data=samp_data)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {'Type': IndicatorTypes.IPV4_ADDRESS}
id_ = Indicator.objects(value=ip).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential IP Address', ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {'Type': IndicatorTypes.DOMAIN}
id_ = Indicator.objects(value=domain).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Domains', domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {'Type': IndicatorTypes.EMAIL_ADDRESS}
id_ = Indicator.objects(value=email).only('id').first()
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Emails', email, tdict)
hashes = extract_hashes(data)
for hash_ in hashes:
type_ = hash_[0]
val = hash_[1]
tdict = {'Type': type_}
if type_ == IndicatorTypes.MD5:
id_ = Sample.objects(md5=val).only('id').first()
elif type_ == IndicatorTypes.SHA1:
id_ = Sample.objects(sha1=val).only('id').first()
elif type_ == IndicatorTypes.SHA256:
id_ = Sample.objects(sha256=val).only('id').first()
elif type_ == IndicatorTypes.SSDEEP:
id_ = Sample.objects(ssdeep=val).only('id').first()
else:
id_ = None
if id_:
tdict['exists'] = str(id_.id)
self._add_result('Potential Samples', val, tdict)示例5: activity_update
def activity_update(indicator_id, activity):
"""
Update activity for an Indicator.
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:param activity: The activity information.
:type activity: dict
:returns: dict with keys:
"success" (boolean),
"message" (str) if failed,
"object" (dict) if successful.
"""
sources = user_sources(activity['analyst'])
indicator = Indicator.objects(id=indicator_id,
source__name__in=sources).first()
if not indicator:
return {'success': False,
'message': 'Could not find Indicator'}
try:
indicator.edit_activity(activity['analyst'],
activity['start_date'],
activity['end_date'],
activity['description'],
activity['date'])
indicator.save(username=activity['analyst'])
return {'success': True, 'object': activity}
except ValidationError, e:
return {'success': False, 'message': e}示例6: ci_update
def ci_update(indicator_id, ci_type, value, analyst):
"""
Update confidence or impact for an indicator.
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:param ci_type: What we are updating.
:type ci_type: str ("confidence" or "impact")
:param value: The value to set.
:type value: str ("unknown", "benign", "low", "medium", "high")
:param analyst: The user updating this indicator.
:type analyst: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
indicator = Indicator.objects(id=indicator_id).first()
if not indicator:
return {'success': False,
'message': 'Could not find Indicator'}
if ci_type == "confidence" or ci_type == "impact":
try:
if ci_type == "confidence":
indicator.set_confidence(analyst, value)
else:
indicator.set_impact(analyst, value)
indicator.save(username=analyst)
return {'success': True}
except ValidationError, e:
return {'success': False, "message": e}示例7: ci_search
def ci_search(itype, confidence, impact, actions):
"""
Find indicators based on type, confidence, impact, and/or actions.
:param itype: The indicator type to search for.
:type itype: str
:param confidence: The confidence level(s) to search for.
:type confidence: str
:param impact: The impact level(s) to search for.
:type impact: str
:param actions: The action(s) to search for.
:type actions: str
:returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
"""
query = {}
if confidence:
item_list = confidence.replace(' ', '').split(',')
query["confidence.rating"] = {"$in": item_list}
if impact:
item_list = impact.replace(' ', '').split(',')
query["impact.rating"] = {"$in": item_list}
if actions:
item_list = actions.split(',')
query["actions.action_type"] = {"$in": item_list}
query["type"] = "%s" % itype.strip()
result_filter = ('type', 'value', 'confidence', 'impact', 'actions')
results = Indicator.objects(__raw__=query).only(*result_filter)
return results示例8: activity_update
def activity_update(id_, activity, user=None, **kwargs):
"""
Update activity for an Indicator.
:param id_: The ObjectId of the indicator to update.
:type id_: str
:param activity: The activity information.
:type activity: dict
:param user: The user updating the activity.
:type user: str
:returns: dict with keys:
"success" (boolean),
"message" (str) if failed,
"object" (dict) if successful.
"""
sources = user_sources(user)
indicator = Indicator.objects(id=id_, source__name__in=sources).first()
if not indicator:
return {"success": False, "message": "Could not find Indicator"}
try:
activity = datetime_parser(activity)
activity["analyst"] = user
indicator.edit_activity(
activity["analyst"], activity["start_date"], activity["end_date"], activity["description"], activity["date"]
)
indicator.save(username=user)
return {"success": True, "object": activity}
except ValidationError, e:
return {"success": False, "message": e}示例9: action_add
def action_add(indicator_id, action):
"""
Add an action to an indicator.
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:param action: The information about the action.
:type action: dict
:returns: dict with keys:
"success" (boolean),
"message" (str) if failed,
"object" (dict) if successful.
"""
sources = user_sources(action['analyst'])
indicator = Indicator.objects(id=indicator_id,
source__name__in=sources).first()
if not indicator:
return {'success': False,
'message': 'Could not find Indicator'}
try:
indicator.add_action(action['action_type'],
action['active'],
action['analyst'],
action['begin_date'],
action['end_date'],
action['performed_date'],
action['reason'],
action['date'])
indicator.save(username=action['analyst'])
return {'success': True, 'object': action}
except ValidationError, e:
return {'success': False, 'message': e}示例10: create_indicator_from_obj
def create_indicator_from_obj(ind_type, obj_type, id_, value, analyst):
"""
Add indicators from CRITs object.
:param ind_type: The indicator type to add.
:type ind_type: str
:param obj_type: The CRITs type of the parent object.
:type obj_type: str
:param id_: The ObjectId of the parent object.
:type id_: str
:param value: The value of the indicator to add.
:type value: str
:param analyst: The user adding this indicator.
:type analyst: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"value" (str)
"""
obj = class_from_id(obj_type, id_)
if not obj:
return {'success': False, 'message': 'Could not find object.'}
source = obj.source
bucket_list = obj.bucket_list
campaign = None
campaign_confidence = None
if len(obj.campaign) > 0:
campaign = obj.campaign[0].name
campaign_confidence = obj.campaign[0].confidence
result = handle_indicator_ind(value, source, reference=None, ctype=ind_type,
analyst=analyst,
add_domain=True,
add_relationship=True,
campaign=campaign,
campaign_confidence=campaign_confidence,
bucket_list=bucket_list)
if result['success']:
ind = Indicator.objects(id=result['objectid']).first()
if ind:
obj.add_relationship(rel_item=ind,
rel_type="Related_To",
analyst=analyst)
obj.save(username=analyst)
for rel in obj.relationships:
if rel.rel_type == "Event":
ind.add_relationship(rel_id=rel.object_id,
type_=rel.rel_type,
rel_type="Related_To",
analyst=analyst)
ind.save(username=analyst)
obj.reload()
rels = obj.sort_relationships("%s" % analyst, meta=True)
return {'success': True, 'message': rels, 'value': id_}
else:
return {'success': False, 'message': result['message']}示例11: create_indicator_from_raw
def create_indicator_from_raw(type_, id_, value, analyst):
"""
Add indicators from raw data.
:param type_: The indicator type to add.
:type type_: str
:param id_: The ObjectId of the RawData object.
:type id_: str
:param value: The value of the indicator to add.
:type value: str
:param analyst: The user adding this indicator.
:type analyst: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"value" (str)
"""
raw_data = RawData.objects(id=id_).first()
if not raw_data:
return {'success': False,
'message': 'Could not find raw data'}
source = raw_data.source
bucket_list = raw_data.bucket_list
campaign = None
campaign_confidence = None
if len(raw_data.campaign) > 0:
campaign = raw_data.campaign[0].name
campaign_confidence = raw_data.campaign[0].confidence
result = handle_indicator_ind(value, source, reference=None, ctype=type_,
analyst=analyst,
add_domain=True,
add_relationship=True,
campaign=campaign,
campaign_confidence=campaign_confidence,
bucket_list=bucket_list)
if result['success']:
ind = Indicator.objects(id=result['objectid']).first()
if ind:
raw_data.add_relationship(rel_item=ind,
rel_type="Related_To",
analyst=analyst)
raw_data.save(username=analyst)
for rel in raw_data.relationships:
if rel.rel_type == "Event":
ind.add_relationship(rel_id=rel.object_id,
type_=rel.rel_type,
rel_type="Related_To",
analyst=analyst)
ind.save(username=analyst)
raw_data.reload()
rels = raw_data.sort_relationships("%s" % analyst, meta=True)
return {'success': True, 'message': rels, 'value': id_}
else:
return {'success': False, 'message': result['message']}示例12: class_from_value
def class_from_value(type_, value):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param value: The value to search for.
:type value: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event
from crits.indicators.indicator import Indicator
from crits.ips.ip import IP
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.targets.target import Target
if type_ == 'Campaign':
return Campaign.objects(name=value).first()
elif type_ == 'Certificate':
return Certificate.objects(md5=value).first()
elif type_ == 'Comment':
return Comment.objects(id=value).first()
elif type_ == 'Domain':
return Domain.objects(domain=value).first()
elif type_ == 'Email':
return Email.objects(id=value).first()
elif type_ == 'Event':
return Event.objects(id=value).first()
elif type_ == 'Indicator':
return Indicator.objects(id=value).first()
elif type_ == 'IP':
return IP.objects(ip=value).first()
elif type_ == 'PCAP':
return PCAP.objects(md5=value).first()
elif type_ == 'RawData':
return RawData.objects(md5=value).first()
elif type_ == 'Sample':
return Sample.objects(md5=value).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=value).first()
elif type_ == 'Target':
return Target.objects(email_address=value).first()
else:
return None示例13: _scan
def _scan(self, context):
if isinstance(context, RawDataContext):
raw_data = RawData.objects(id=context.identifier).first()
if not raw_data:
self._debug("Could not find raw data to parse.")
return
data = raw_data.data
elif isinstance(context, SampleContext):
data = make_ascii_strings(md5=context.identifier)
if not data:
self._debug("Could not find sample data to parse.")
return
else:
self._debug("This type is not supported by this service.")
return
ips = extract_ips(data)
for ip in ips:
tdict = {"Type": "IP Address"}
id_ = Indicator.objects(value=ip).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential IP Address", ip, tdict)
domains = extract_domains(data)
for domain in domains:
tdict = {"Type": "Domain"}
id_ = Indicator.objects(value=domain).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential Domains", domain, tdict)
emails = extract_emails(data)
for email in emails:
tdict = {"Type": "Email"}
id_ = Indicator.objects(value=email).only("id").first()
if id_:
tdict["exists"] = str(id_.id)
self._add_result("Potential Emails", email, tdict)示例14: parse_indicators
def parse_indicators(self, indicators):
"""
Parse list of indicators.
:param indicators: List of STIX indicators.
:type indicators: List of STIX indicators.
"""
for indicator in indicators: # for each STIX indicator
for observable in indicator.observables: # get each observable from indicator (expecting only 1)
try: # create CRITs Indicator from observable
item = observable.object_.properties
obj = Indicator.from_cybox(item, [self.source])
obj.save(username=self.source_instance.analyst)
self.imported.append((Indicator._meta['crits_type'], obj))
except Exception, e: # probably caused by cybox object we don't handle
self.failed.append((e.message, type(item).__name__, item.parent.id_)) # note for display in UI示例15: indicator_remove
def indicator_remove(_id, username):
"""
Remove an Indicator from CRITs.
:param _id: The ObjectId of the indicator to remove.
:type _id: str
:param username: The user removing the indicator.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (list) if failed.
"""
if is_admin(username):
indicator = Indicator.objects(id=_id).first()
if indicator:
indicator.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': ['Cannot find Indicator']}
else:
return {'success': False, 'message': ['Must be an admin to delete']}