本文整理汇总了Python中cybox.core.Object.properties方法的典型用法代码示例。如果您正苦于以下问题:Python Object.properties方法的具体用法?Python Object.properties怎么用?Python Object.properties使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cybox.core.Object的用法示例。
在下文中一共展示了Object.properties方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: buildObservable
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
def buildObservable(input_dict):
# add incident and confidence
observable = Observable()
observable.description = input_dict['description']
observable.title = input_dict['title']
source = MeasureSource()
source.name = input_dict['source']
observable.observable_source = [source] # figure out why this is necessary
if input_dict['keyword']:
observable.add_keyword(input_dict['keyword'])
"""
event = Event()
event.description = input_dict['event']
observable.event = event
"""
if input_dict['objectType'] and input_dict['object']:
cybObj = Object()
if input_dict['objectType'] == 'Address':
cybObj.properties = Address(input_dict['object'])
elif input_dict['objectType'] == 'File':
cybObj.properties = File()
cybObj.properties.file_path = FilePath(input_dict['object'])
elif input_dict['objectType'] == 'URI':
cybObj.properties = URI(input_dict['object'])
if cybObj:
observable.object_ = cybObj
print observable.to_xml()
return observable示例2: test_round_trip
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
def test_round_trip(self):
o = Object()
o.idref = "example:a1"
o.properties = Address("1.2.3.4", Address.CAT_IPV4)
o2 = cybox.test.round_trip(o)
self.assertEqual(o.to_dict(), o2.to_dict())示例3: prune_objects
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
def prune_objects(self, candidate_indicator_objects):
"""Perform contraindicator and required property checking and prune un-wanted
properties from the input list of candidate Indicator CybOX Objects.
Args:
candidate_indicator_objects: a list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the initial list of CybOX Objects that may be used in the STIX Indicators.
Returns:
A list of ``maec.bundle.object_history.ObjectHistoryEntry`` objects representing
the final list of checked and pruned CybOX Objects that will be used for the STIX Indicators.
"""
final_indicator_objects = []
# Prune any unwanted properties from Objects
for entry in candidate_indicator_objects:
object = entry.object
xsi_type = object.properties._XSI_TYPE
# Do the contraindicator check
if xsi_type in self.config.supported_objects and not self._contraindicator_check(entry):
object_type_conf = self.config.supported_objects[xsi_type]
# Prune the properties of the Object to correspond to the input config file
# First, test for the presence of only the required properties
if self._required_property_check(object, self.config.supported_objects[xsi_type]):
# If the required properties are found, prune based on the full set (optional + required)
full_properties = {}
full_properties.update(object_type_conf["required"])
full_properties.update(object_type_conf["optional"])
full_properties.update(object_type_conf["mutually_exclusive"])
full_pruned_properties = self._prune_object_properties(object.properties.to_dict(), full_properties)
full_pruned_properties["xsi:type"] = xsi_type
# Create a new Object with the pruned ObjectProperties
pruned_object = Object()
pruned_object.properties = ObjectProperties.from_dict(full_pruned_properties)
entry.object = pruned_object
# Add the updated Object History entry to the final list of Indicators
final_indicator_objects.append(entry)
return final_indicator_objects示例4: class
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
from maec.bundle import Bundle, Collections, MalwareAction, Capability
from maec.package import Analysis, MalwareSubject, Package
from cybox.utils import Namespace
import maec.utils
# Instantiate the ID generator class (for automatic ID generation) with our example namespace
NS = Namespace("http://example.com/", "example")
maec.utils.set_id_namespace(NS)
# Instantiate the Bundle, Package, MalwareSubject, and Analysis classes
bundle = Bundle(defined_subject=False)
package = Package()
subject = MalwareSubject()
analysis = Analysis()
# Create the Object for use in the Malware Instance Object Attributes
subject_object = Object()
subject_object.properties = File()
subject_object.properties.name = 'foobar.exe'
subject_object.properties.size_in_bytes = '35532'
subject_object.properties.hashes = HashList()
subject_object.properties.hashes.append(Hash("8743b52063cd84097a65d1633f5c74f5"))
# Set the Malware Instance Object Attributes with an Object constructed from the dictionary
subject.set_malware_instance_object_attributes(subject_object)
# Create the Associated Object Dictionary for use in the Action
associated_object = AssociatedObject()
associated_object.properties = File()
associated_object.properties.file_name = 'abcd.dll'
associated_object.properties.size_in_bytes = '123456'
associated_object.association_type = VocabString()
associated_object.association_type.value = 'output'
associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0'
# Create the Action from another dictionary示例5: MalwareSubject
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
subject = MalwareSubject()
analysis = Analysis()
# Populate the Analysis with the metadata relating to the Analysis that was performed
analysis.method = "dynamic"
analysis.type_ = "triage"
analysis.set_findings_bundle(bundle.id_)
t = ToolInformation()
t.name = "APIMonitor"
t.vendor = "APIMonitor"
analysis.add_tool(t)
# Malware Instance Object Attribures内で使うためのオブジェクトを作成(マルウェアを含んだファイル?)
subject_object = Object() #オブジェクト
subject_object.properties = File() #ファイルオブジェクト
subject_object.properties.file_name = 'seminor.doc' # ファイル名(マルウェアを含んだファイル)
subject_object.properties.size_in_bytes = '154173' #ファイルサイズ
subject_object.properties.add_hash("54CC941747FA99A3521314B9969D4964")
# 辞書から構築されたオブジェクトとマルウェアインスタンスオブジェクト属性を設定
subject.set_malware_instance_object_attributes(subject_object)
# Actionで使うための関連オブジェクトのディクショナリーを作成
def associated(name,path,byte,value="output"):
associated_object = AssociatedObject()
associated_object.properties = File()
associated_object.properties.file_name = name
associated_object.properties.file_path = path
associated_object.properties.size_in_bytes = byte
associated_object.association_type = VocabString() #これはなんだ?示例6: Source
# 需要导入模块: from cybox.core import Object [as 别名]
# 或者: from cybox.core.Object import properties [as 别名]
a.type_ = "triage"
a.summary = "A basic static triage of the subject binary using PEiD."
a.set_findings_bundle(b.id_)
a.source = Source()
a.source.name = "Frankie Li"
a.source.url = "http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814"
t = ToolInformation()
t.name = "PEiD"
t.version = "0.94"
a.add_tool(t)
# Set the requisite attributes on the Bundle and populate it with the Static Analysis findings
b.defined_subject = False
b.content_type = "static analysis tool output"
o = Object()
o.properties = WinExecutableFile()
o.properties.headers = PEHeaders()
o.properties.headers.optional_header = PEOptionalHeader()
o.properties.headers.optional_header.major_linker_version = "06"
o.properties.headers.optional_header.minor_linker_version = "00"
o.properties.headers.optional_header.address_of_entry_point = "036418"
o.properties.headers.optional_header.subsystem = "Windows_GUI"
# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_object(o)
ms.add_analysis(a)
ms.add_findings_bundle(b)
# Output the built up Package to XML
print p.to_xml()