本文整理汇总了Python中cybox.core.Observable.id_方法的典型用法代码示例。如果您正苦于以下问题:Python Observable.id_方法的具体用法?Python Observable.id_怎么用?Python Observable.id_使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cybox.core.Observable的用法示例。
在下文中一共展示了Observable.id_方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def main():
stix_package = STIXPackage()
addr1 = Observable(Address(address_value="198.51.100.2", category=Address.CAT_IPV4))
addr2 = Observable(Address(address_value="198.51.100.17", category=Address.CAT_IPV4))
addr3 = Observable(Address(address_value="203.0.113.19", category=Address.CAT_IPV4))
stix_package.add_observable(addr1)
stix_package.add_observable(addr2)
stix_package.add_observable(addr3)
obs_addr1 = Observable()
obs_addr2 = Observable()
obs_addr3 = Observable()
obs_addr1.id_ = None
obs_addr2.id_ = None
obs_addr3.id_ = None
obs_addr1.idref = addr1.id_
obs_addr2.idref = addr2.id_
obs_addr3.idref = addr3.id_
infrastructure = Infrastructure()
infrastructure.observable_characterization = Observables([obs_addr1, obs_addr2, obs_addr3])
resource = Resource()
resource.infrastructure = infrastructure
ttp = TTP(title="Malware C2 Channel")
ttp.resources = resource
stix_package.add_ttp(ttp)
print stix_package.to_xml()示例2: test_round_trip
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def test_round_trip(self):
o = Observable()
o.title = "An observable"
o.description = "some text"
o.description.structuring_format = "plain"
o.id_ = "abc123"
o.object_ = Object()
o2 = cybox.test.round_trip(o)
self.assertEqual(o.to_dict(), o2.to_dict())示例3: returnAttachmentComposition
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def returnAttachmentComposition(attribute):
file_object = File()
file_object.file_name = attribute["value"]
file_object.parent.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":file-" + attribute["uuid"]
observable = Observable()
if "data" in attribute:
artifact = Artifact(data = attribute["data"])
artifact.parent.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":artifact-" + attribute["uuid"]
observable_artifact = Observable(artifact)
observable_artifact.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-artifact-" + attribute["uuid"]
observable_file = Observable(file_object)
observable_file.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-file-" + attribute["uuid"]
composition = ObservableComposition(observables = [observable_artifact, observable_file])
observable.observable_composition = composition
else:
observable = Observable(file_object)
observable.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-" + attribute["uuid"]
if attribute["comment"] != "":
observable.description = attribute["comment"]
return observable示例4: generateEmailAttachmentObject
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def generateEmailAttachmentObject(indicator, attribute):
file_object = File()
file_object.file_name = attribute["value"]
email = EmailMessage()
email.attachments = Attachments()
email.add_related(file_object, "Contains", inline=True)
file_object.parent.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":file-" + attribute["uuid"]
email.attachments.append(file_object.parent.id_)
email.parent.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":EmailMessage-" + attribute["uuid"]
observable = Observable(email)
observable.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-" + attribute["uuid"]
indicator.observable = observable示例5: generateObservable
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def generateObservable(indicator, attribute):
if (attribute["type"] in ("snort", "yara")):
generateTM(indicator, attribute)
else:
observable = None;
if (attribute["type"] in simple_type_to_method.keys()):
action = getattr(this_module, simple_type_to_method[attribute["type"]], None)
if (action != None):
property = action(attribute)
object = Object(property)
object.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":" + property.__class__.__name__ + "-" + attribute["uuid"]
observable = Observable(object)
observable.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-" + attribute["uuid"]
indicator.add_observable(observable)示例6: test_round_trip
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def test_round_trip(self):
o = Observable()
o.title = "An observable"
o.description = "some text"
o.description.structuring_format = "plain"
o.id_ = "abc123"
o.object_ = Object()
pf = PatternFidelity()
ot = ObfuscationTechnique()
ot.description = "X0Rz"
pf.evasion_techniques = ObfuscationTechniques()
pf.evasion_techniques.append(ot)
o.pattern_fidelity = pf
o2 = round_trip(o)
self.assertEqual(o.to_dict(), o2.to_dict())示例7: index2stix
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def index2stix(local_index, orig_stix):
#=============
# Build package metadata
#=============
new_stix = STIXPackage()
new_stix.stix_header = STIXHeader()
new_stix.stix_header.title = "TG3390 - Enrichment"
new_stix.stix_header.description = "Enrichment stix file to the Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers investigated activities associated with Threat Group-3390[1] (TG-3390) - http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/"
marking_specification = MarkingSpecification()
marking_specification.controlled_structure = "../../../../descendant-or-self::node()"
tlp = TLPMarkingStructure()
tlp.color = "WHITE"
marking_specification.marking_structures.append(tlp)
handling = Marking()
handling.add_marking(marking_specification)
new_stix.stix_header.handling = handling
enrich_IPs = Indicator(title="Suspected TG3390 IP Addresses obtained through automated enrichment")
enrich_IPs.add_indicator_type("IP Watchlist")
enrich_IPs.confidence = "Low"
related_IPs = Indicator(title="Related indicator wrapper for source of enrichment")
related_IPs.add_indicator_type("IP Watchlist")
related_IPs.confidence = "Medium"
enrich_Domains = Indicator(title="Suspected TG3390 Domains obtained through automated enrichment")
enrich_Domains.add_indicator_type("Domain Watchlist")
enrich_Domains.confidence = "Low"
related_Domains = Indicator(title="Related indicator wrapper for source of enrichment")
related_Domains.add_indicator_type("Domain Watchlist")
related_Domains.confidence = "Medium"
# START with the ones that already have ids:
#if verbose:
#print_chain(local_index)
new_ref_created = True
while new_ref_created:
new_ref_created = False
for ind_type in local_index:
for obs in local_index[ind_type]:
id_tobe_referenced = local_index[ind_type][obs][0]
#print id_tobe_referenced[:10]
if id_tobe_referenced[:10] != '{{no_ref}}':
ref_obs = Observable()
ref_obs.id_ = id_tobe_referenced.replace("{{no_ref}}","")
ref_obs.description = 'Source of enrichment for: '
create_ref_obs = False
for entry in local_index[ind_type][obs]:
if type(entry) is list:
if len(entry)>0:
for item in entry:
ref, child_ind_type = get_ref_from_obs(item, local_index)
#print item
if ref == '{{no_ref}}' or ref == '':
create_ref_obs = True
new_ref_created = True
#print 'Create new, complete, observable for ' + item
#print child_ind_type
#Create the new observable for item and add as object to appropriate Indicator
if child_ind_type == 'DomainName':
append_ind = enrich_Domains
related_ind = related_Domains
new_obj = DomainName()
new_obj.value = item
#enrich_Domains.add_object(domain_obj)
elif child_ind_type == 'Address':
append_ind = enrich_IPs
related_ind = related_IPs
new_obj = Address()
new_obj.category = "ipv4-addr"
new_obj.address_value = item
#enrich_IPs.add_object(ipv4_obj)
else:
print 'Unsupported indicator type: ' + child_ind_type
new_obs = Observable(new_obj)
new_obs_ref = new_obs.id_
append_ind.add_observable(new_obs)
ref = new_obs_ref
#local_index[item][0] = ref
set_obs_ref(item, new_obs_ref, local_index)
#print 'Adding ref to: ' + ref_obs.id_ + ' of ' + ref
ref_obs.description = str(ref_obs.description) + ref.replace("{{no_ref}}","") + ', '
if create_ref_obs:
#Add the new ref obs to Related Indicators
related_ind.add_observable(ref_obs)
#print related_ind.to_xml()
create_ref_obs = False
related_ind1 = RelatedIndicator(related_IPs, relationship='Source of enrichment for IPs')
related_ind2 = RelatedIndicator(related_Domains, relationship='Source of enrichment for Domains')
enrich_IPs.related_indicators.append(related_ind1)
enrich_Domains.related_indicators.append(related_ind2)
#.........这里部分代码省略.........
示例8: createArtifactObject
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
def createArtifactObject(indicator, attribute):
artifact = Artifact(data = attribute["data"])
artifact.parent.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":artifact-" + attribute["uuid"]
observable = Observable(artifact)
observable.id_ = cybox.utils.idgen.__generator.namespace.prefix + ":observable-artifact-" + attribute["uuid"]
indicator.add_observable(observable)示例9: Observable
# 需要导入模块: from cybox.core import Observable [as 别名]
# 或者: from cybox.core.Observable import id_ [as 别名]
observables_doc.add(obs1)
file = File.from_dict({"file_name": "blah", "file_extension": "bat"})
file.file_name.condition = "Contains"
file.file_extension.condition = "Equals"
obs2 = Observable(file)
observables_doc.add(obs2)
mutex = Mutex.from_dict({"name": "Some_OTHER_MUTEX!!!"})
obs3 = Observable(mutex)
observables_doc.add(obs3)
# to add logic:
# normally you'd probably have logic for all items, but this is just a demo, not reality
oproc_ref = Observable()
oproc_ref.id_ = None
oproc_ref.idref = obs1.id_
ofile_ref = Observable()
ofile_ref.id_ = None
ofile_ref.idref = obs2.id_
omutex_ref = Observable()
omutex_ref.id_ = None
omutex_ref.idref = obs3.id_
o_comp = Observable(ObservableComposition(operator = "OR"))
o_comp.observable_composition.add(oproc_ref)
o_comp.observable_composition.add(ofile_ref)
o_comp2 = Observable(ObservableComposition(operator = "AND"))