当前位置: 首页>>代码示例>>Python>>正文

Python Indicator.objects方法代码示例

本文整理汇总了Python中crits.indicators.indicator.Indicator.objects方法的典型用法代码示例。如果您正苦于以下问题:Python Indicator.objects方法的具体用法?Python Indicator.objects怎么用?Python Indicator.objects使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在crits.indicators.indicator.Indicator的用法示例。


在下文中一共展示了Indicator.objects方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: set_indicator_type

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def set_indicator_type(indicator_id, itype, username):
    """
    Set the Indicator type.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param itype: The new indicator type.
    :type itype: str
    :param username: The user updating the indicator.
    :type username: str
    :returns: dict with key "success" (boolean)
    """

    # check to ensure we're not duping an existing indicator
    indicator = Indicator.objects(id=indicator_id).first()
    value = indicator.value
    ind_check = Indicator.objects(ind_type=itype, value=value).first()
    if ind_check:
        # we found a dupe
        return {'success': False}
    else:
        try:
            indicator.ind_type = itype
            indicator.save(username=username)
            return {'success': True}
        except ValidationError:
            return {'success': False}
开发者ID:gbartz,项目名称:crits,代码行数:29,代码来源:handlers.py

示例2: set_indicator_attack_type

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def set_indicator_attack_type(id_, attack_type, user, **kwargs):
    """
    Set the Indicator attack type.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param attack_type: The new indicator attack type.
    :type attack_type: str
    :param user: The user updating the indicator.
    :type user: str
    :returns: dict with key "success" (boolean)
    """

    # check to ensure we're not duping an existing indicator
    indicator = Indicator.objects(id=id_).first()
    value = indicator.value
    ind_check = Indicator.objects(attack_type=attack_type, value=value).first()
    if ind_check:
        # we found a dupe
        return {"success": False, "message": "Duplicate would exist making this change."}
    elif attack_type not in IndicatorAttackTypes.values():
        return {"success": False, "message": "Not a valid Attack Type."}
    else:
        try:
            indicator.attack_type = attack_type
            indicator.save(username=user)
            return {"success": True}
        except ValidationError:
            return {"success": False}
开发者ID:lukw00,项目名称:crits,代码行数:31,代码来源:handlers.py

示例3: run

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
    def run(self, obj, config):
        if isinstance(obj, RawData):
            data = obj.data
        elif isinstance(obj, Sample):
            samp_data = obj.filedata.read()
            data = make_ascii_strings(data=samp_data)
            if not data:
                self._debug("Could not find sample data to parse.")
                return
        else:
            self._debug("This type is not supported by this service.")
            return

        ips = extract_ips(data)
        for ip in ips:
            tdict = {'Type': "IP Address"}
            id_ = Indicator.objects(value=ip).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential IP Address', ip, tdict)
        domains = extract_domains(data)
        for domain in domains:
            tdict = {'Type': "Domain"}
            id_ =  Indicator.objects(value=domain).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential Domains', domain, tdict)
        emails = extract_emails(data)
        for email in emails:
            tdict = {'Type': "Email"}
            id_ = Indicator.objects(value=email).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential Emails', email, tdict)
开发者ID:optionstvm,项目名称:crits_services,代码行数:36,代码来源:__init__.py

示例4: run

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
    def run(self, obj, config):
        if isinstance(obj, Event):
            data = obj.description
        elif isinstance(obj, RawData):
            data = obj.data
        elif isinstance(obj, Sample):
            samp_data = obj.filedata.read()
            data = make_ascii_strings(data=samp_data)
            if not data:
                self._debug("Could not find sample data to parse.")
                return
        else:
            self._debug("This type is not supported by this service.")
            return

        ips = extract_ips(data)
        for ip in ips:
            tdict = {'Type': IndicatorTypes.IPV4_ADDRESS}
            id_ = Indicator.objects(value=ip).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential IP Address', ip, tdict)
        domains = extract_domains(data)
        for domain in domains:
            tdict = {'Type': IndicatorTypes.DOMAIN}
            id_ =  Indicator.objects(value=domain).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential Domains', domain, tdict)
        emails = extract_emails(data)
        for email in emails:
            tdict = {'Type': IndicatorTypes.EMAIL_ADDRESS}
            id_ = Indicator.objects(value=email).only('id').first()
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential Emails', email, tdict)
        hashes = extract_hashes(data)
        for hash_ in hashes:
            type_ = hash_[0]
            val = hash_[1]
            tdict = {'Type': type_}
            if type_ == IndicatorTypes.MD5:
                id_ = Sample.objects(md5=val).only('id').first()
            elif type_ == IndicatorTypes.SHA1:
                id_ = Sample.objects(sha1=val).only('id').first()
            elif type_ == IndicatorTypes.SHA256:
                id_ = Sample.objects(sha256=val).only('id').first()
            elif type_ == IndicatorTypes.SSDEEP:
                id_ = Sample.objects(ssdeep=val).only('id').first()
            else:
                id_ = None
            if id_:
                tdict['exists'] = str(id_.id)
            self._add_result('Potential Samples', val, tdict)
开发者ID:bushalo,项目名称:crits_services,代码行数:56,代码来源:__init__.py

示例5: activity_update

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def activity_update(id_, activity, user=None, **kwargs):
    """
    Update activity for an Indicator.

    :param id_: The ObjectId of the indicator to update.
    :type id_: str
    :param activity: The activity information.
    :type activity: dict
    :param user: The user updating the activity.
    :type user: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str) if failed,
              "object" (dict) if successful.
    """

    sources = user_sources(user)
    indicator = Indicator.objects(id=id_, source__name__in=sources).first()
    if not indicator:
        return {"success": False, "message": "Could not find Indicator"}
    try:
        activity = datetime_parser(activity)
        activity["analyst"] = user
        indicator.edit_activity(
            activity["analyst"], activity["start_date"], activity["end_date"], activity["description"], activity["date"]
        )
        indicator.save(username=user)
        return {"success": True, "object": activity}
    except ValidationError, e:
        return {"success": False, "message": e}
开发者ID:lukw00,项目名称:crits,代码行数:32,代码来源:handlers.py

示例6: ci_update

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def ci_update(indicator_id, ci_type, value, analyst):
    """
    Update confidence or impact for an indicator.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param ci_type: What we are updating.
    :type ci_type: str ("confidence" or "impact")
    :param value: The value to set.
    :type value: str ("unknown", "benign", "low", "medium", "high")
    :param analyst: The user updating this indicator.
    :type analyst: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    indicator = Indicator.objects(id=indicator_id).first()
    if not indicator:
        return {'success': False,
                'message': 'Could not find Indicator'}
    if ci_type == "confidence" or ci_type == "impact":
        try:
            if ci_type == "confidence":
                indicator.set_confidence(analyst, value)
            else:
                indicator.set_impact(analyst, value)
            indicator.save(username=analyst)
            return {'success': True}
        except ValidationError, e:
            return {'success': False, "message": e}
开发者ID:gbartz,项目名称:crits,代码行数:31,代码来源:handlers.py

示例7: activity_update

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def activity_update(indicator_id, activity):
    """
    Update activity for an Indicator.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param activity: The activity information.
    :type activity: dict
    :returns: dict with keys:
              "success" (boolean),
              "message" (str) if failed,
              "object" (dict) if successful.
    """

    sources = user_sources(activity['analyst'])
    indicator = Indicator.objects(id=indicator_id,
                                  source__name__in=sources).first()
    if not indicator:
        return {'success': False,
                'message': 'Could not find Indicator'}
    try:
        indicator.edit_activity(activity['analyst'],
                                activity['start_date'],
                                activity['end_date'],
                                activity['description'],
                                activity['date'])
        indicator.save(username=activity['analyst'])
        return {'success': True, 'object': activity}
    except ValidationError, e:
        return {'success': False, 'message': e}
开发者ID:gbartz,项目名称:crits,代码行数:32,代码来源:handlers.py

示例8: action_add

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def action_add(indicator_id, action):
    """
    Add an action to an indicator.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param action: The information about the action.
    :type action: dict
    :returns: dict with keys:
              "success" (boolean),
              "message" (str) if failed,
              "object" (dict) if successful.
    """

    sources = user_sources(action['analyst'])
    indicator = Indicator.objects(id=indicator_id,
                                  source__name__in=sources).first()
    if not indicator:
        return {'success': False,
                'message': 'Could not find Indicator'}
    try:
        indicator.add_action(action['action_type'],
                             action['active'],
                             action['analyst'],
                             action['begin_date'],
                             action['end_date'],
                             action['performed_date'],
                             action['reason'],
                             action['date'])
        indicator.save(username=action['analyst'])
        return {'success': True, 'object': action}
    except ValidationError, e:
        return {'success': False, 'message': e}
开发者ID:gbartz,项目名称:crits,代码行数:35,代码来源:handlers.py

示例9: ci_search

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def ci_search(itype, confidence, impact, actions):
    """
    Find indicators based on type, confidence, impact, and/or actions.

    :param itype: The indicator type to search for.
    :type itype: str
    :param confidence: The confidence level(s) to search for.
    :type confidence: str
    :param impact: The impact level(s) to search for.
    :type impact: str
    :param actions: The action(s) to search for.
    :type actions: str
    :returns: :class:`crits.core.crits_mongoengine.CritsQuerySet`
    """

    query = {}
    if confidence:
        item_list = confidence.replace(' ', '').split(',')
        query["confidence.rating"] = {"$in": item_list}
    if impact:
        item_list = impact.replace(' ', '').split(',')
        query["impact.rating"] = {"$in": item_list}
    if actions:
        item_list = actions.split(',')
        query["actions.action_type"] = {"$in": item_list}
    query["type"] = "%s" % itype.strip()
    result_filter = ('type', 'value', 'confidence', 'impact', 'actions')
    results = Indicator.objects(__raw__=query).only(*result_filter)
    return results
开发者ID:gbartz,项目名称:crits,代码行数:31,代码来源:handlers.py

示例10: create_indicator_from_obj

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def create_indicator_from_obj(ind_type, obj_type, id_, value, analyst):
    """
    Add indicators from CRITs object.

    :param ind_type: The indicator type to add.
    :type ind_type: str
    :param obj_type: The CRITs type of the parent object.
    :type obj_type: str
    :param id_: The ObjectId of the parent object.
    :type id_: str
    :param value: The value of the indicator to add.
    :type value: str
    :param analyst: The user adding this indicator.
    :type analyst: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
              "value" (str)
    """

    obj = class_from_id(obj_type, id_)
    if not obj:
        return {'success': False, 'message': 'Could not find object.'}
    source = obj.source
    bucket_list = obj.bucket_list
    campaign = None
    campaign_confidence = None
    if len(obj.campaign) > 0:
        campaign = obj.campaign[0].name
        campaign_confidence = obj.campaign[0].confidence
    result = handle_indicator_ind(value, source, reference=None, ctype=ind_type,
                                  analyst=analyst,
                                  add_domain=True,
                                  add_relationship=True,
                                  campaign=campaign,
                                  campaign_confidence=campaign_confidence,
                                  bucket_list=bucket_list)
    if result['success']:
        ind = Indicator.objects(id=result['objectid']).first()
        if ind:
            obj.add_relationship(rel_item=ind,
                                 rel_type="Related_To",
                                 analyst=analyst)
            obj.save(username=analyst)
            for rel in obj.relationships:
                if rel.rel_type == "Event":
                    ind.add_relationship(rel_id=rel.object_id,
                                         type_=rel.rel_type,
                                         rel_type="Related_To",
                                         analyst=analyst)
            ind.save(username=analyst)
        obj.reload()
        rels = obj.sort_relationships("%s" % analyst, meta=True)
        return {'success': True, 'message': rels, 'value': id_}
    else:
        return {'success': False, 'message': result['message']}
开发者ID:gbartz,项目名称:crits,代码行数:58,代码来源:handlers.py

示例11: class_from_value

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def class_from_value(type_, value):
    """
    Return an instantiated class object.

    :param type_: The CRITs top-level object type.
    :type type_: str
    :param value: The value to search for.
    :type value: str
    :returns: class which inherits from
              :class:`crits.core.crits_mongoengine.CritsBaseAttributes`
    """

    # doing this to avoid circular imports
    from crits.campaigns.campaign import Campaign
    from crits.certificates.certificate import Certificate
    from crits.comments.comment import Comment
    from crits.domains.domain import Domain
    from crits.emails.email import Email
    from crits.events.event import Event
    from crits.indicators.indicator import Indicator
    from crits.ips.ip import IP
    from crits.pcaps.pcap import PCAP
    from crits.raw_data.raw_data import RawData
    from crits.samples.sample import Sample
    from crits.screenshots.screenshot import Screenshot
    from crits.targets.target import Target

    if type_ == 'Campaign':
        return Campaign.objects(name=value).first()
    elif type_ == 'Certificate':
        return Certificate.objects(md5=value).first()
    elif type_ == 'Comment':
        return Comment.objects(id=value).first()
    elif type_ == 'Domain':
        return Domain.objects(domain=value).first()
    elif type_ == 'Email':
        return Email.objects(id=value).first()
    elif type_ == 'Event':
        return Event.objects(id=value).first()
    elif type_ == 'Indicator':
        return Indicator.objects(id=value).first()
    elif type_ == 'IP':
        return IP.objects(ip=value).first()
    elif type_ == 'PCAP':
        return PCAP.objects(md5=value).first()
    elif type_ == 'RawData':
        return RawData.objects(md5=value).first()
    elif type_ == 'Sample':
        return Sample.objects(md5=value).first()
    elif type_ == 'Screenshot':
        return Screenshot.objects(id=value).first()
    elif type_ == 'Target':
        return Target.objects(email_address=value).first()
    else:
        return None
开发者ID:dmbuchta,项目名称:crits,代码行数:57,代码来源:class_mapper.py

示例12: create_indicator_from_raw

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def create_indicator_from_raw(type_, id_, value, analyst):
    """
    Add indicators from raw data.

    :param type_: The indicator type to add.
    :type type_: str
    :param id_: The ObjectId of the RawData object.
    :type id_: str
    :param value: The value of the indicator to add.
    :type value: str
    :param analyst: The user adding this indicator.
    :type analyst: str
    :returns: dict with keys:
              "success" (boolean),
              "message" (str),
              "value" (str)
    """

    raw_data = RawData.objects(id=id_).first()
    if not raw_data:
        return {'success': False,
                'message': 'Could not find raw data'}
    source = raw_data.source
    bucket_list = raw_data.bucket_list
    campaign = None
    campaign_confidence = None
    if len(raw_data.campaign) > 0:
        campaign = raw_data.campaign[0].name
        campaign_confidence = raw_data.campaign[0].confidence
    result = handle_indicator_ind(value, source, reference=None, ctype=type_,
                                  analyst=analyst,
                                  add_domain=True,
                                  add_relationship=True,
                                  campaign=campaign,
                                  campaign_confidence=campaign_confidence,
                                  bucket_list=bucket_list)
    if result['success']:
        ind = Indicator.objects(id=result['objectid']).first()
        if ind:
            raw_data.add_relationship(rel_item=ind,
                                      rel_type="Related_To",
                                      analyst=analyst)
            raw_data.save(username=analyst)
            for rel in raw_data.relationships:
                if rel.rel_type == "Event":
                    ind.add_relationship(rel_id=rel.object_id,
                                        type_=rel.rel_type,
                                        rel_type="Related_To",
                                        analyst=analyst)
            ind.save(username=analyst)
        raw_data.reload()
        rels = raw_data.sort_relationships("%s" % analyst, meta=True)
        return {'success': True, 'message': rels, 'value': id_}
    else:
        return {'success': False, 'message': result['message']}
开发者ID:icedstitch,项目名称:crits,代码行数:57,代码来源:handlers.py

示例13: _scan

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
 def _scan(self, context):
     if isinstance(context, RawDataContext):
         raw_data = RawData.objects(id=context.identifier).first()
         if not raw_data:
             self._debug("Could not find raw data to parse.")
             return
         data = raw_data.data
     elif isinstance(context, SampleContext):
         data = make_ascii_strings(md5=context.identifier)
         if not data:
             self._debug("Could not find sample data to parse.")
             return
     else:
         self._debug("This type is not supported by this service.")
         return
     ips = extract_ips(data)
     for ip in ips:
         tdict = {"Type": "IP Address"}
         id_ = Indicator.objects(value=ip).only("id").first()
         if id_:
             tdict["exists"] = str(id_.id)
         self._add_result("Potential IP Address", ip, tdict)
     domains = extract_domains(data)
     for domain in domains:
         tdict = {"Type": "Domain"}
         id_ = Indicator.objects(value=domain).only("id").first()
         if id_:
             tdict["exists"] = str(id_.id)
         self._add_result("Potential Domains", domain, tdict)
     emails = extract_emails(data)
     for email in emails:
         tdict = {"Type": "Email"}
         id_ = Indicator.objects(value=email).only("id").first()
         if id_:
             tdict["exists"] = str(id_.id)
         self._add_result("Potential Emails", email, tdict)
开发者ID:9b,项目名称:crits_services,代码行数:38,代码来源:__init__.py

示例14: indicator_remove

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def indicator_remove(_id, username):
    """
    Remove an Indicator from CRITs.

    :param _id: The ObjectId of the indicator to remove.
    :type _id: str
    :param username: The user removing the indicator.
    :type username: str
    :returns: dict with keys "success" (boolean) and "message" (list) if failed.
    """

    if is_admin(username):
        indicator = Indicator.objects(id=_id).first()
        if indicator:
            indicator.delete(username=username)
            return {'success': True}
        else:
            return {'success': False, 'message': ['Cannot find Indicator']}
    else:
        return {'success': False, 'message': ['Must be an admin to delete']}
开发者ID:gbartz,项目名称:crits,代码行数:22,代码来源:handlers.py

示例15: action_remove

# 需要导入模块: from crits.indicators.indicator import Indicator [as 别名]
# 或者: from crits.indicators.indicator.Indicator import objects [as 别名]
def action_remove(indicator_id, date, analyst):
    """
    Remove an action from an indicator.

    :param indicator_id: The ObjectId of the indicator to update.
    :type indicator_id: str
    :param date: The date of the action to remove.
    :type date: datetime.datetime
    :param analyst: The user removing the action.
    :type analyst: str
    :returns: dict with keys "success" (boolean) and "message" (str) if failed.
    """

    indicator = Indicator.objects(id=indicator_id).first()
    if not indicator:
        return {'success': False,
                'message': 'Could not find Indicator'}
    try:
        indicator.delete_action(date)
        indicator.save(username=analyst)
        return {'success': True}
    except ValidationError, e:
        return {'success': False, 'message': e}
开发者ID:gbartz,项目名称:crits,代码行数:25,代码来源:handlers.py


注:本文中的crits.indicators.indicator.Indicator.objects方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。