本文整理汇总了Python中cybox.objects.address_object.Address类的典型用法代码示例。如果您正苦于以下问题:Python Address类的具体用法?Python Address怎么用?Python Address使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Address类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: dict_from_object
def dict_from_object(cls, defined_object):
"""Parse and return a dictionary for a Network Connection Object object"""
defined_object_dict = {}
if defined_object.get_tls_used() is not None:
defined_object_dict["tls_used"] = {"value": defined_object.get_tls_used()}
if defined_object.get_Layer3_Protocol() is not None:
defined_object_dict["layer3_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer3_Protocol()
)
if defined_object.get_Layer4_Protocol() is not None:
defined_object_dict["layer4_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer4_Protocol()
)
if defined_object.get_Layer7_Protocol() is not None:
defined_object_dict["layer7_protocol"] = Base_Object_Attribute.dict_from_object(
defined_object.get_Layer7_Protocol()
)
if defined_object.get_Local_IP_Address() is not None:
defined_object_dict["local_ip_address"] = Address.dict_from_object(defined_object.get_Local_IP_Address())
if defined_object.get_Local_Port() is not None:
defined_object_dict["local_port"] = Port.dict_from_object(defined_object.get_Local_Port())
if defined_object.get_Remote_IP_Address() is not None:
defined_object_dict["remote_ip_address"] = Address.dict_from_object(defined_object.get_Remote_IP_Address())
if defined_object.get_Remote_Port() is not None:
defined_object_dict["remote_port"] = Port.dict_from_object(defined_object.get_Remote_Port())
if defined_object.get_Layer7_Connections() is not None:
layer7_conn = defined_object.get_Layer7_Connections()
layer7_conn_dict = {}
if layer7_conn.get_HTTP_Session() is not None:
layer7_conn_dict["http_session"] = HTTP_Session.dict_from_object(layer7_conn.get_HTTP_Session())
defined_object_dict["layer7_connections"] = layer7_conn_dict
return defined_object_dict示例2: dns_queries
def dns_queries(dnsqueries):
a = MalwareAction()
ao = AssociatedObject()
a.name = "Query DNS"
a.type_ = "Query"
# hostnameの解決
quri = URI()
quri.value = dnsqueries["hostname"]
dns_question = DNSQuestion()
dns_question.qname = quri
ao.properties = DNSQuery()
ao.properties.question = dns_question
# resultの解決
if dnsqueries.has_key("results"):
records = []
for result in dnsqueries["results"]:
dnsrecord = DNSRecord()
dnsrecord.domain_name = quri.value
address = Address()
address.CAT_IPV4
address.address_value = result
dnsrecord.ip_address = address
records.append(dnsrecord)
ao.properties.answer_resource_records = DNSResourceRecords(records)
#print ao.properties.path # print for debug
a.associated_objects = AssociatedObjects()
a.associated_objects.append(ao)
#print a.associated_objects.to # debug print
return a示例3: url
def url(ip,provider,reporttime):
vuln = Vulnerability()
vuln.cve_id = "IPV4-" + str(ip)
vuln.description = "maliciousURL"
et = ExploitTarget(title=provider + " observable")
et.add_vulnerability(vuln)
addr = Address(address_value=str(ip), category=Address.CAT_IPV4)
addr.condition = "Equals"
# Create an Indicator with the File Hash Object created above.
indicator = Indicator()
indicator.title = "URL-" + str(ip)
indicator.description = ("Malicious URL " + str(ip) + " reported from " + provider)
indicator.set_producer_identity(provider)
indicator.set_produced_time(reporttime)
indicator.add_observable(addr)
# Create a STIX Package
stix_package = STIXPackage()
stix_package.add(et)
stix_package.add(indicator)
# Print the XML!
#print(stix_package.to_xml())
f = open('/opt/TARDIS/Observables/URL/' + str(ip) + '.xml','w')
f.write(stix_package.to_xml())
f.close()示例4: test_roundtrip2
def test_roundtrip2(self):
addr_dict = {'address_value': "1.2.3.4",
'category': Address.CAT_IPV4,
'is_destination': True,
'is_source': False}
addr_obj = Address.object_from_dict(addr_dict)
addr_dict2 = Address.dict_from_object(addr_obj)
self.assertEqual(addr_dict, addr_dict2)示例5: create_ip_indicator
def create_ip_indicator(self, ip_indicator):
indicator = Indicator()
indicator.title = 'IP address of site hosting malware'
indicator.add_indicator_type('IP Watchlist')
addr = Address(address_value=ip_indicator, category=Address.CAT_IPV4)
addr.condition = 'Equals'
indicator.add_observable(addr)
return indicator示例6: iplist_indicator
def iplist_indicator(ips=[]):
iplist = Indicator()
iplist.add_indicator_type("IP Watchlist")
for i in ips:
address = Address()
address.address_value = i
#address.category="ipv4-addr"
iplist.add_observable(address)
return iplist示例7: test_round_trip
def test_round_trip(self):
v = String("[email protected]")
c = Address.CAT_EMAIL
a = Address()
a.address_value = v
a.category = c
addr2 = round_trip(a, Address, output=False)
self.assertEqual(addr2.address_value, v)
self.assertEqual(addr2.category, c)示例8: stix
def stix(self):
"""Output data as STIX.
STIX is highly subjective and difficult to format without getting more
data from the user. Passive DNS results are formtted into a STIX
watchlist with descriptions and other details about the record.
:return: STIX formatted watchlist
"""
if python3:
raise RuntimeError("STIX is not supported when using Python 3 due to dependency libraries.")
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Passive DNS resolutions associated" \
" with %s during the time periods of " \
" %s - %s" % (self.queryValue,
self.firstSeen,
self.lastSeen)
stix_package.stix_header = stix_header
for record in self._records:
indicator = Indicator(
title="Observed from %s - %s" % (
record.firstSeen,
record.lastSeen
),
short_description="Resolution observed by %s." % (
','.join(record.source)
),
description="Passive DNS data collected and aggregated from" \
" PassiveTotal services."
)
if is_ip(record.resolve):
indicator.add_indicator_type('IP Watchlist')
ioc = Address(
address_value=record.resolve,
category=Address.CAT_IPV4
)
else:
indicator.add_indicator_type('Domain Watchlist')
ioc = DomainName(value=record.resolve)
ioc.condition = "Equals"
indicator.add_observable(ioc)
stix_package.add_indicator(indicator)
output = stix_package.to_xml()
return output示例9: test_round_trip
def test_round_trip(self):
email = "[email protected]"
category = Address.CAT_EMAIL
addr = Address()
addr.address_value = email
addr.category = category
addr2 = cybox.test.round_trip(addr)
self.assertEqual(addr.to_dict(), addr2.to_dict())
# Explicitly check these fields
self.assertEqual(category, addr2.category)
self.assertEqual(email, str(addr2))示例10: main
def main():
stix_package = STIXPackage()
ttp = TTP(title="C2 Behavior")
indicator = Indicator(title="IP Address for known C2 Channel")
indicator.add_indicator_type("IP Watchlist")
addr = Address(address_value="10.0.0.0", category=Address.CAT_IPV4)
addr.condition = "Equals"
indicator.add_observable(addr)
indicator.add_indicated_ttp(TTP(idref=ttp.id_))
stix_package.add_indicator(indicator)
stix_package.add_ttp(ttp)
print(stix_package.to_xml(encoding=None))示例11: create_ipv4_observable
def create_ipv4_observable(ipv4_address):
ipv4_object = Address.from_dict({"address_value": ipv4_address, "category": Address.CAT_IPV4})
ipv4_observable = Observable(ipv4_object)
ipv4_observable.title = "Malware Artifact - IP"
ipv4_observable.description = "IP derived from sandboxed malware sample."
ipv4_observable.short_description = "IP from malware."
return ipv4_observable示例12: from_obj
def from_obj(header_obj):
header = EmailHeader()
header.to = EmailRecipients.from_obj(header_obj.get_To())
header.cc = EmailRecipients.from_obj(header_obj.get_CC())
header.bcc = EmailRecipients.from_obj(header_obj.get_BCC())
header.from_ = Address.from_obj(header_obj.get_From())
header.subject = String.from_obj(header_obj.get_Subject())
header.in_reply_to = String.from_obj(header_obj.get_In_Reply_To())
header.date = DateTime.from_obj(header_obj.get_Date())
header.message_id = String.from_obj(header_obj.get_Message_ID())
header.sender = Address.from_obj(header_obj.get_Sender())
header.reply_to = Address.from_obj(header_obj.get_Reply_To())
header.errors_to = String.from_obj(header_obj.get_Errors_To())
return header示例13: from_dict
def from_dict(header_dict):
header = EmailHeader()
header.to = EmailRecipients.from_dict(header_dict.get('to'))
header.cc = EmailRecipients.from_dict(header_dict.get('cc'))
header.bcc = EmailRecipients.from_dict(header_dict.get('bcc'))
header.from_ = Address.from_dict(header_dict.get('from'), Address.CAT_EMAIL)
header.subject = String.from_dict(header_dict.get('subject'))
header.in_reply_to = String.from_dict(header_dict.get('in_reply_to'))
header.date = DateTime.from_dict(header_dict.get('date'))
header.message_id = String.from_dict(header_dict.get('message_id'))
header.sender = Address.from_dict(header_dict.get('sender'), Address.CAT_EMAIL)
header.reply_to = Address.from_dict(header_dict.get('reply_to'), Address.CAT_EMAIL)
header.errors_to = String.from_dict(header_dict.get('errors_to'))
return header示例14: generateIPObservable
def generateIPObservable(attribute):
address_object = Address()
cidr = False
if ("/" in attribute["value"]):
ip = attribute["value"].split('/')[0]
cidr = True
else:
ip = attribute["value"]
try:
socket.inet_aton(ip)
ipv4 = True
except socket.error:
ipv4 = False
if (cidr == True):
address_object.category = "cidr"
elif (ipv4 == True):
address_object.category = "ipv4-addr"
else:
address_object.category = "ipv6-addr"
if (attribute["type"] == "ip-src"):
address_object.is_source = True
else:
address_object.is_source = False
address_object.address_value = attribute["value"]
return address_object示例15: from_obj
def from_obj(socket_address_obj):
if not socket_address_obj:
return None
socket_address_ = SocketAddress()
socket_address_.ip_address = Address.from_obj(socket_address_obj.get_IP_Address())
socket_address_.port = Port.from_obj(socket_address_obj.get_Port())
return socket_address_