本文整理汇总了Python中cybox.core.Observable类的典型用法代码示例。如果您正苦于以下问题:Python Observable类的具体用法?Python Observable怎么用?Python Observable使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Observable类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: to_cybox_observable
def to_cybox_observable(self):
"""
Convert a Certificate to a CybOX Observables.
Returns a tuple of (CybOX object, releasability list).
To get the cybox object as xml or json, call to_xml() or
to_json(), respectively, on the resulting CybOX object.
"""
custom_prop = Property() # make a custom property so CRITs import can identify Certificate exports
custom_prop.name = "crits_type"
custom_prop.description = "Indicates the CRITs type of the object this CybOX object represents"
custom_prop._value = "Certificate"
obj = File() # represent cert information as file
obj.md5 = self.md5
obj.file_name = self.filename
obj.file_format = self.filetype
obj.size_in_bytes = self.size
obj.custom_properties = CustomProperties()
obj.custom_properties.append(custom_prop)
obs = Observable(obj)
obs.description = self.description
data = self.filedata.read()
if data: # if cert data available
a = Artifact(data, Artifact.TYPE_FILE) # create artifact w/data
a.packaging.append(Base64Encoding())
obj.add_related(a, "Child_Of") # relate artifact to file
return ([obs], self.releasability)示例2: create_domain_name_observable
def create_domain_name_observable(domain_name):
domain_name_object = URI.from_dict({"value": domain_name, "type": URI.TYPE_DOMAIN})
domain_name_observable = Observable(domain_name_object)
domain_name_observable.title = "Malware Artifact - Domain"
domain_name_observable.description = "Domain derived from sandboxed malware sample."
domain_name_observable.short_description = "Domain from malware."
return domain_name_observable示例3: test_is_empty_observable
def test_is_empty_observable(self):
# Check to see if the cybox.core.Observable object is empty by calling `is_empty_observable`
# Empty Observable
test = Observable()
self.assertTrue(utils.is_empty_observable(test))
# Observable is None
test = None
self.assertTrue(utils.is_empty_observable(test))
# Non empty Observable with Object
test = Observable(MockObject())
self.assertFalse(utils.is_empty_observable(test))
# Non empty Observable with Event
test = Observable(Event())
self.assertFalse(utils.is_empty_observable(test))
# Checks non empty observable_composition and observable_composition.observables
test = Observable()
obs = ObservableComposition()
test.observable_composition = obs
test.observable_composition.observables = obs
self.assertFalse(utils.is_empty_observable(test))示例4: create_ipv4_observable
def create_ipv4_observable(ipv4_address):
ipv4_object = Address.from_dict({"address_value": ipv4_address, "category": Address.CAT_IPV4})
ipv4_observable = Observable(ipv4_object)
ipv4_observable.title = "Malware Artifact - IP"
ipv4_observable.description = "IP derived from sandboxed malware sample."
ipv4_observable.short_description = "IP from malware."
return ipv4_observable示例5: create_url_observable
def create_url_observable(url):
url_object = URI.from_dict({"value": url, "type": URI.TYPE_URL})
url_observable = Observable(url_object)
url_observable.title = "Malware Artifact - URL"
url_observable.description = "URL derived from sandboxed malware sample."
url_observable.short_description = "URL from malware."
return url_observable示例6: test_id_idref_exclusive
def test_id_idref_exclusive(self):
o = Observable()
self.assertTrue(o.id_ is not None)
self.assertTrue(o.idref is None)
o.idref = "foo"
self.assertTrue(o.idref is not None)
self.assertTrue(o.id_ is None)示例7: create_file_hash_observable
def create_file_hash_observable(filename, hash_value):
hash_ = Hash(hash_value)
file_ = File()
file_.file_name = filename
file_.add_hash(hash_)
file_observable = Observable(file_)
file_observable.title = "Malware Artifact - File Hash"
file_observable.description = "File hash derived from sandboxed malware sample."
file_observable.short_description = "File hash from malware."
return file_observable示例8: add_ipv4_observable
def add_ipv4_observable(self, ipv4_address):
if ipv4_address in self.__ipv4:
return
self.__ipv4.add(ipv4_address)
ipv4_object = Address.from_dict({'address_value': ipv4_address, 'category': Address.CAT_IPV4})
ipv4_observable = Observable(ipv4_object)
ipv4_observable.title = "Malware Artifact - IP"
ipv4_observable.description = "IP derived from sandboxed malware sample."
ipv4_observable.short_description = "IP from malware."
self.ip_indicator.add_observable(ipv4_observable)示例9: add_domain_name_observable
def add_domain_name_observable(self, domain_name):
if domain_name in self.__domains:
return
self.__domains.add(domain_name)
domain_name_object = URI.from_dict({'value': domain_name, 'type': URI.TYPE_DOMAIN})
domain_name_observable = Observable(domain_name_object)
domain_name_observable.title = "Malware Artifact - Domain"
domain_name_observable.description = "Domain derived from sandboxed malware sample."
domain_name_observable.short_description = "Domain from malware."
self.domain_indicator.add_observable(domain_name_observable)示例10: add_url_observable
def add_url_observable(self, url):
if url in self.__urls:
return
self.__urls.add(url)
url_object = URI.from_dict({'value': url, 'type': URI.TYPE_URL})
url_observable = Observable(url_object)
url_observable.title = "Malware Artifact - URL"
url_observable.description = "URL derived from sandboxed malware sample."
url_observable.short_description = "URL from malware."
self.url_indicator.add_observable(url_observable)示例11: main
def main():
stix_package = STIXPackage()
addr1 = Observable(Address(address_value="198.51.100.2", category=Address.CAT_IPV4))
addr2 = Observable(Address(address_value="198.51.100.17", category=Address.CAT_IPV4))
addr3 = Observable(Address(address_value="203.0.113.19", category=Address.CAT_IPV4))
stix_package.add_observable(addr1)
stix_package.add_observable(addr2)
stix_package.add_observable(addr3)
obs_addr1 = Observable()
obs_addr2 = Observable()
obs_addr3 = Observable()
obs_addr1.id_ = None
obs_addr2.id_ = None
obs_addr3.id_ = None
obs_addr1.idref = addr1.id_
obs_addr2.idref = addr2.id_
obs_addr3.idref = addr3.id_
infrastructure = Infrastructure()
infrastructure.observable_characterization = Observables([obs_addr1, obs_addr2, obs_addr3])
resource = Resource()
resource.infrastructure = infrastructure
ttp = TTP(title="Malware C2 Channel")
ttp.resources = resource
stix_package.add_ttp(ttp)
print stix_package.to_xml()示例12: test_observables_property_standard
def test_observables_property_standard(self):
f = File()
f.file_name = "README.txt"
obs = Observable(f)
ind = Indicator()
ind.observable = obs
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([obs.to_dict()],
[x.to_dict() for x in ind2.observables])示例13: returnAttachmentComposition
def returnAttachmentComposition(attribute):
file_object = File()
file_object.file_name = attribute["value"]
observable = Observable()
if "data" in attribute:
artifact = Artifact(data = attribute["data"])
composition = ObservableComposition(observables = [artifact, file_object])
observable.observable_composition = composition
else:
observable = Observable(file_object)
return observable示例14: _merge_observables
def _merge_observables(self, observables):
observable_composition = ObservableComposition()
observable_composition.operator = self.observable_composition_operator
for observable in observables:
observable_composition.add(observable)
root_observable = Observable()
root_observable.observable_composition = observable_composition
return root_observable示例15: _merge_observables
def _merge_observables(self, observables, operator='AND'):
observable_composition = ObservableComposition()
observable_composition.operator = operator
for observable_ in observables:
observable_composition.add(observable_)
root_observable = Observable()
root_observable.observable_composition = observable_composition
return root_observable