本文整理汇总了Python中cybox.objects.address_object.Address.address_value方法的典型用法代码示例。如果您正苦于以下问题:Python Address.address_value方法的具体用法?Python Address.address_value怎么用?Python Address.address_value使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cybox.objects.address_object.Address的用法示例。
在下文中一共展示了Address.address_value方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: to_cybox_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def to_cybox_observable(self):
"""
Convert an IP to a CybOX Observables.
Returns a tuple of (CybOX object, releasability list).
To get the cybox object as xml or json, call to_xml() or
to_json(), respectively, on the resulting CybOX object.
"""
obj = Address()
obj.address_value = self.ip
temp_type = self.ip_type.replace("-", "")
if temp_type.find(Address.CAT_ASN.replace("-", "")) >= 0:
obj.category = Address.CAT_ASN
elif temp_type.find(Address.CAT_ATM.replace("-", "")) >= 0:
obj.category = Address.CAT_ATM
elif temp_type.find(Address.CAT_CIDR.replace("-", "")) >= 0:
obj.category = Address.CAT_CIDR
elif temp_type.find(Address.CAT_MAC.replace("-", "")) >= 0:
obj.category = Address.CAT_MAC
elif temp_type.find(Address.CAT_IPV4_NETMASK.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV4_NETMASK
elif temp_type.find(Address.CAT_IPV4_NET.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV4_NET
elif temp_type.find(Address.CAT_IPV4.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV4
elif temp_type.find(Address.CAT_IPV6_NETMASK.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV6_NETMASK
elif temp_type.find(Address.CAT_IPV6_NET.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV6_NET
elif temp_type.find(Address.CAT_IPV6.replace("-", "")) >= 0:
obj.category = Address.CAT_IPV6
return ([Observable(obj)], self.releasability)示例2: generateIPObservable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def generateIPObservable(attribute):
address_object = Address()
cidr = False
if ("/" in attribute["value"]):
ip = attribute["value"].split('/')[0]
cidr = True
else:
ip = attribute["value"]
try:
socket.inet_aton(ip)
ipv4 = True
except socket.error:
ipv4 = False
if (cidr == True):
address_object.category = "cidr"
elif (ipv4 == True):
address_object.category = "ipv4-addr"
else:
address_object.category = "ipv6-addr"
if (attribute["type"] == "ip-src"):
address_object.is_source = True
else:
address_object.is_source = False
address_object.address_value = attribute["value"]
return address_object示例3: dns_queries
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def dns_queries(dnsqueries):
a = MalwareAction()
ao = AssociatedObject()
a.name = "Query DNS"
a.type_ = "Query"
# hostnameの解決
quri = URI()
quri.value = dnsqueries["hostname"]
dns_question = DNSQuestion()
dns_question.qname = quri
ao.properties = DNSQuery()
ao.properties.question = dns_question
# resultの解決
if dnsqueries.has_key("results"):
records = []
for result in dnsqueries["results"]:
dnsrecord = DNSRecord()
dnsrecord.domain_name = quri.value
address = Address()
address.CAT_IPV4
address.address_value = result
dnsrecord.ip_address = address
records.append(dnsrecord)
ao.properties.answer_resource_records = DNSResourceRecords(records)
#print ao.properties.path # print for debug
a.associated_objects = AssociatedObjects()
a.associated_objects.append(ao)
#print a.associated_objects.to # debug print
return a示例4: iplist_indicator
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def iplist_indicator(ips=[]):
iplist = Indicator()
iplist.add_indicator_type("IP Watchlist")
for i in ips:
address = Address()
address.address_value = i
#address.category="ipv4-addr"
iplist.add_observable(address)
return iplist示例5: test_round_trip
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def test_round_trip(self):
v = String("[email protected]")
c = Address.CAT_EMAIL
a = Address()
a.address_value = v
a.category = c
addr2 = round_trip(a, Address, output=False)
self.assertEqual(addr2.address_value, v)
self.assertEqual(addr2.category, c)示例6: test_round_trip
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def test_round_trip(self):
email = "[email protected]"
category = Address.CAT_EMAIL
addr = Address()
addr.address_value = email
addr.category = category
addr2 = cybox.test.round_trip(addr)
self.assertEqual(addr.to_dict(), addr2.to_dict())
# Explicitly check these fields
self.assertEqual(category, addr2.category)
self.assertEqual(email, str(addr2))示例7: add_obs_to_pkg
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def add_obs_to_pkg(obs, pkg):
if "ip" in obs:
for i in obs["ip"]:
address = Address()
address.address_value = i
pkg.add_observable(address)
if "host" in obs:
for h in obs["host"]:
hostname = Hostname()
hostname.hostname_value = h
pkg.add_observable(hostname)
if "domain" in obs:
for d in obs["domain"]:
domain = DomainName()
domain.value = d
pkg.add_observable(domain)
return pkg示例8: main
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def main():
package = STIXPackage()
# Create the indicator
indicator = Indicator(title="IP Address for known C2 Channel")
indicator.add_indicator_type("IP Watchlist")
address = Address(category="ipv4-addr")
address.address_value = "10.0.0.0"
address.address_value.condition = "Equals"
indicator.observable = address
package.add_indicator(indicator)
# Create the campaign
campaign = Campaign(title="Operation Omega")
package.add_campaign(campaign)
# Link the campaign to the indicator
campaign.related_indicators.append(RelatedIndicator(item=Indicator(idref=indicator.id_)))
print package.to_xml()示例9: create_stix_package
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def create_stix_package(reference,results):
stix_package = STIXPackage()
STIX_NAMESPACE = {"http://wapacklabs.com" : "wapack"}
OBS_NAMESPACE = Namespace("http://wapacklabs.com", "wapack")
stix_set_id_namespace(STIX_NAMESPACE)
obs_set_id_namespace(OBS_NAMESPACE)
stix_header = STIXHeader()
fusionreport_title = reference
timestring = time.time()
formatted_timestring = datetime.fromtimestamp(timestring).strftime('%Y_%m_%d')
stix_file_name = fusionreport_title+'_stix_package_TR_'+formatted_timestring+'.xml'
stix_header.description = 'This STIX package includes indicators reported to the Red Sky community. Please send all inquiries to [email protected]'
stix_package.stix_header = stix_header
for item in results:
process_type = str(item["ProcessType"]).decode('utf-8')
if process_type == 'Direct':
indicator = str(item["Indicator"]).decode('utf-8')
#print indicator
item_reference = str(item["Reference"]).decode('utf-8')
source = str(item["Source"]).decode('utf-8')
killchain = str(item["KillChain"]).decode('utf-8')
first_seen = str(item["FirstSeen"]).decode('utf-8')
last_seen = str(item["LastSeen"]).decode('utf-8')
attribution = str(item["Attribution"]).decode('utf-8')
indicator_type = str(item["Type"]).decode('utf-8')
rrname = str(item["Rrname"])
rdata = str(item["Rdata"])
rootnode = str(item["RootNode"])
country = str(item["Country"]).decode('utf-8')
tags = str(item["Tags"]).decode('utf-8')
comment2 = item["Comment"]
comment = unicodedata.normalize('NFKD', comment2).encode('ascii','ignore')
confidence = str(item["Confidence"]).decode('utf-8')
if indicator_type == 'MD5' or indicator_type == 'SHA1':
f = File()
hashval = indicator
hashval2 = hashval.decode('utf8', 'ignore')
f.add_hash(hashval2)
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,f,stix_package)
if indicator_type == 'Registry':
reg = WinRegistryKey()
key = indicator
key_add = key.decode('utf8', 'ignore')
reg.key = key_add
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,reg,stix_package)
if indicator_type == 'Subject':
email_subj_obj = EmailMessage()
email_subj_obj.header = EmailHeader()
subj = indicator
subj_add = subj.decode('utf8', 'ignore')
email_subj_obj.header.subject = subj_add
indcator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,email_subj_obj,stix_package)
if indicator_type == 'File':
filename = File()
file_name_fix = indicator
file_name_fix2 = file_name_fix.decode('utf8', 'ignore')
filename.file_name = file_name_fix2
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,filename,stix_package)
if indicator_type == 'Email':
email = Address()
email.address_value = indicator.decode('utf8', 'ignore')
email.category = Address.CAT_EMAIL
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,email,stix_package)
if indicator_type == 'Domain':
domain = URI()
domainval = indicator.decode('utf8', 'ignore')
domain.value = domainval.decode('utf8', 'ignore')
domain.type_ = URI.TYPE_DOMAIN
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,domain,stix_package)
if indicator_type == 'IP':
ip = Address()
ip.address_value = indicator.decode('utf8', 'ignore')
ip.category = Address.CAT_IPV4
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,ip,stix_package)
if indicator_type == 'String':
strng = Memory()
string = indicator
strng.name = string.decode('utf8', 'ignore')
indicator = Indicator()
add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,strng,stix_package)
if indicator_type == 'URL':
url = URI()
url_indicator = indicator
#.........这里部分代码省略.........
示例10: csv2stix
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
#.........这里部分代码省略.........
ttp_plugX.behavior = Behavior()
ttp_plugX.behavior.add_malware_instance(plugXObj)
ttp_plugX.add_intended_effect("Theft - Intellectual Property")
plugX_hashInd = Indicator(title="File hashes for PlugX Dropper")
plugX_hashInd.add_indicator_type("File Hash Watchlist")
plugX_hashInd.confidence = "High"
plugX_hashInd.add_indicated_ttp(TTP(idref=ttp_plugX.id_))
#=============
# Process content in to structure
#=============
ip_rules = []
ip_rules_M = []
domain_rules = []
with open(inFile, 'rb') as f:
reader = csv.reader(f)
for row in reader:
obs = row[0]
obsType = row[1]
description = row[2]
confidence = row[3]
#print obs,obsType,description,confidence
if description == 'TG-3390 infrastructure':
if obsType == 'Domain name':
domain_obj = DomainName()
domain_obj.value = obs
#domain_obj.title = description
infra_domainInd.add_object(domain_obj)
domain_rule = generate_snort([obs], 'DomainName', str(infra_domainInd.id_).split(':',1)[1].split('-',1)[1])
domain_rules.append(domain_rule)
elif obsType == 'IP address':
ipv4_obj = Address()
ipv4_obj.category = "ipv4-addr"
ipv4_obj.address_value = obs
ipv4_obj.title = description
ind_ref = str(infra_IPInd.id_).split(':',1)[1].split('-',1)[1]
if confidence == "High":
infra_IPInd.add_object(ipv4_obj)
ip_rules.append(obs)
else:
infra_IPInd_M.add_object(ipv4_obj)
ip_rules_M.append(obs)
else:
print "TTP Infra: obsType is wrong"
elif description == 'HttpBrowser RAT dropper':
file_obj = File()
file_obj.add_hash(Hash(obs))
file_obj.title = description
httpBDpr_hashInd.add_observable(file_obj)
elif description == 'HttpBrowser RAT':
file_obj = File()
file_obj.add_hash(Hash(obs))
file_obj.title = description
httpB_hashInd.add_observable(file_obj)
elif description == 'PlugX RAT dropper':
file_obj = File()
file_obj.add_hash(Hash(obs))
file_obj.title = description
plugX_hashInd.add_observable(file_obj)
else:
print "TTP not found"
#print ip_rules
ip_rule = generate_snort(ip_rules, 'Address', str(infra_IPInd.id_).split(':',1)[1].split('-',1)[1])
ip_rule_M = generate_snort(ip_rules_M, 'Address', str(infra_IPInd_M.id_).split(':',1)[1].split('-',1)[1])
ip_tm = SnortTestMechanism()示例11: STIXPackage
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
doc = xmltodict.parse(res.read())
# Create the STIX Package
package = STIXPackage()
# Create the STIX Header and add a description.
header = STIXHeader()
#header.title = "SANS ISC Top-100 Malicious IP Addresses"
#header.description = "Source: " + url
package.stix_header = header
for entry in doc['topips']['ipaddress']:
bytes = entry['source'].split('.')
indicator = Indicator()
indicator.title = "SANS ISC Malicious IP"
indicator.add_indicator_type("IP Watchlist")
ip = Address()
ip.address_value = "%d.%d.%d.%d" % (int(bytes[0]), int(bytes[1]), int(bytes[2]) , int(bytes[3]))
ip.category = 'ipv4-addr'
ip.condition = 'Equals'
indicator.add_observable(ip)
package.add_indicator(indicator)
print(package.to_xml())
if __name__ == '__main__':
main()示例12: cybox_object_address
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import address_value [as 别名]
def cybox_object_address(obj):
a = Address()
a.address_value =obj.address_value
a.category = obj.category
a.condition = obj.condition
return a