本文整理汇总了Python中cybox.objects.address_object.Address.from_dict方法的典型用法代码示例。如果您正苦于以下问题:Python Address.from_dict方法的具体用法?Python Address.from_dict怎么用?Python Address.from_dict使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cybox.objects.address_object.Address的用法示例。
在下文中一共展示了Address.from_dict方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: from_dict
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def from_dict(header_dict):
header = EmailHeader()
header.to = EmailRecipients.from_dict(header_dict.get('to'))
header.cc = EmailRecipients.from_dict(header_dict.get('cc'))
header.bcc = EmailRecipients.from_dict(header_dict.get('bcc'))
header.from_ = Address.from_dict(header_dict.get('from'), Address.CAT_EMAIL)
header.subject = String.from_dict(header_dict.get('subject'))
header.in_reply_to = String.from_dict(header_dict.get('in_reply_to'))
header.date = DateTime.from_dict(header_dict.get('date'))
header.message_id = String.from_dict(header_dict.get('message_id'))
header.sender = Address.from_dict(header_dict.get('sender'), Address.CAT_EMAIL)
header.reply_to = Address.from_dict(header_dict.get('reply_to'), Address.CAT_EMAIL)
header.errors_to = String.from_dict(header_dict.get('errors_to'))
return header示例2: create_ipv4_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def create_ipv4_observable(ipv4_address):
ipv4_object = Address.from_dict({"address_value": ipv4_address, "category": Address.CAT_IPV4})
ipv4_observable = Observable(ipv4_object)
ipv4_observable.title = "Malware Artifact - IP"
ipv4_observable.description = "IP derived from sandboxed malware sample."
ipv4_observable.short_description = "IP from malware."
return ipv4_observable示例3: from_dict
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def from_dict(socket_address_dict):
if not socket_address_dict:
return None
socket_address_ = SocketAddress()
socket_address_.ip_address = Address.from_dict(socket_address_dict.get('ip_address'))
socket_address_.port = Port.from_dict(socket_address_dict.get('port'))
return socket_address_示例4: add_ipv4_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def add_ipv4_observable(self, ipv4_address):
if ipv4_address in self.__ipv4:
return
self.__ipv4.add(ipv4_address)
ipv4_object = Address.from_dict({'address_value': ipv4_address, 'category': Address.CAT_IPV4})
ipv4_observable = Observable(ipv4_object)
ipv4_observable.title = "Malware Artifact - IP"
ipv4_observable.description = "IP derived from sandboxed malware sample."
ipv4_observable.short_description = "IP from malware."
self.ip_indicator.add_observable(ipv4_observable)示例5: from_dict
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def from_dict(contact_dict, contact=None):
if not contact_dict:
return None
if contact is None:
contact = WhoisContact()
contact.contact_type = contact_dict.get('contact_type')
contact.contact_id = String.from_dict(contact_dict.get('contact_id'))
contact.name = String.from_dict(contact_dict.get('name'))
contact.email_address = Address.from_dict(contact_dict.get('email_address'), Address.CAT_EMAIL)
contact.phone_number = String.from_dict(contact_dict.get('phone_number'))
contact.address = String.from_dict(contact_dict.get('address'))
return contact示例6: from_dict
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def from_dict(dns_record_dict):
if not dns_record_dict:
return None
dns_record_ = DNSRecord()
dns_record_.description = StructuredText.from_dict(dns_record_dict.get('description'))
dns_record_.domain_name = URI.from_dict(dns_record_dict.get('domain_name'))
dns_record_.ip_address = Address.from_dict(dns_record_dict.get('ip_address'))
dns_record_.address_class = String.from_dict(dns_record_dict.get('address_class'))
dns_record_.entry_type = String.from_dict(dns_record_dict.get('entry_type'))
dns_record_.record_name = String.from_dict(dns_record_dict.get('record_name'))
dns_record_.record_type = String.from_dict(dns_record_dict.get('record_type'))
dns_record_.ttl = Integer.from_dict(dns_record_dict.get('record_type'))
dns_record_.flags = HexBinary.from_dict(dns_record_dict.get('flags'))
dns_record_.data_length = Integer.from_dict(dns_record_dict.get('data_length'))
dns_record_.record_data = dns_record_dict.get('record_data')
return dns_record_示例7: create_email_address_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def create_email_address_observable(email_address):
'''Create a CybOX Observable representing an IPv4 address'''
email_address_object = Address.from_dict({'address_value': email_address,
'category': Address.CAT_EMAIL})
return Observable(email_address_object)示例8: create_ipv4_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def create_ipv4_observable(ipv4_address):
'''Create a CybOX Observable representing an IPv4 address'''
ipv4_object = Address.from_dict({'address_value': ipv4_address,
'category': Address.CAT_IPV4})
return Observable(ipv4_object)示例9: transform
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def transform(self, event):
self._set_namespace(self.config['contact_domain'], self.config['contact_name'])
stix_package = STIXPackage()
self._add_header(stix_package, "Unauthorized traffic to honeypot", "Describes one or more honeypot incidents")
incident = Incident(id_="%s:%s-%s" % (self.config['contact_name'], 'incident', event['session_id']))
initial_time = StixTime()
initial_time.initial_compromise = event['timestamp'].isoformat()
incident.time = initial_time
incident.title = "Conpot Event"
incident.short_description = "Traffic to Conpot ICS honeypot"
incident.add_category(VocabString(value='Scans/Probes/Attempted Access'))
tool_list = ToolInformationList()
tool_list.append(ToolInformation.from_dict({
'name': "Conpot",
'vendor': "Conpot Team",
'version': conpot.__version__,
'description': textwrap.dedent('Conpot is a low interactive server side Industrial Control Systems '
'honeypot designed to be easy to deploy, modify and extend.')
}))
incident.reporter = InformationSource(tools=tool_list)
incident.add_discovery_method("Monitoring Service")
incident.confidence = "High"
# Victim Targeting by Sector
ciq_identity = CIQIdentity3_0Instance()
#identity_spec = STIXCIQIdentity3_0()
#identity_spec.organisation_info = OrganisationInfo(industry_type="Electricity, Industrial Control Systems")
#ciq_identity.specification = identity_spec
ttp = TTP(title="Victim Targeting: Electricity Sector and Industrial Control System Sector")
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.identity = ciq_identity
incident.leveraged_ttps.append(ttp)
indicator = Indicator(title="Conpot Event")
indicator.description = "Conpot network event"
indicator.confidence = "High"
source_port = Port.from_dict({'port_value': event['remote'][1], 'layer4_protocol': 'tcp'})
dest_port = Port.from_dict({'port_value': self.protocol_to_port_mapping[event['data_type']],
'layer4_protocol': 'tcp'})
source_ip = Address.from_dict({'address_value': event['remote'][0], 'category': Address.CAT_IPV4})
dest_ip = Address.from_dict({'address_value': event['public_ip'], 'category': Address.CAT_IPV4})
source_address = SocketAddress.from_dict({'ip_address': source_ip.to_dict(), 'port': source_port.to_dict()})
dest_address = SocketAddress.from_dict({'ip_address': dest_ip.to_dict(), 'port': dest_port.to_dict()})
network_connection = NetworkConnection.from_dict(
{'source_socket_address': source_address.to_dict(),
'destination_socket_address': dest_address.to_dict(),
'layer3_protocol': u"IPv4",
'layer4_protocol': u"TCP",
'layer7_protocol': event['data_type'],
'source_tcp_state': u"ESTABLISHED",
'destination_tcp_state': u"ESTABLISHED",
}
)
indicator.add_observable(Observable(network_connection))
artifact = Artifact()
artifact.data = json.dumps(event['data'])
artifact.packaging.append(ZlibCompression())
artifact.packaging.append(Base64Encoding())
indicator.add_observable(Observable(artifact))
incident.related_indicators.append(indicator)
stix_package.add_incident(incident)
stix_package_xml = stix_package.to_xml()
return stix_package_xml示例10: build
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def build(self):
self.stix_header.title = self.pulse["name"]
self.stix_header.description = self.pulse["description"]
self.stix_header.short_description = "%spulse/%s" % (PULSE_SERVER_BASE, str(self.pulse["id"]))
self.stix_header.package_intents.append(PackageIntent.TERM_INDICATORS)
self.stix_header.information_source = InformationSource()
self.stix_header.information_source.time = Time()
self.stix_header.information_source.description = "Alienvault OTX - https://otx.alienvault.com/"
self.stix_header.information_source.time.produced_time = self.pulse["modified"]
self.stix_header.information_source.identity = Identity()
self.stix_header.information_source.identity.name = "Alienvault OTX"
self.stix_package.stix_header = self.stix_header
hashes = []
addresses = []
domains = []
urls = []
mails = []
for p_indicator in self.pulse["indicators"]:
if p_indicator["type"] in self.hash_translation:
new_ind = Indicator()
new_ind.description = p_indicator["description"]
new_ind.title = "%s from %spulse/%s" % (p_indicator["indicator"], PULSE_SERVER_BASE, str(self.pulse["id"]))
file_ = File()
hash_ = Hash(p_indicator["indicator"], self.hash_translation[p_indicator["type"]])
file_.add_hash(hash_)
observable_ = Observable(file_)
elif p_indicator["type"] in self.address_translation:
new_ind = Indicator()
new_ind.description = p_indicator["description"]
new_ind.title = "%s from %spulse/%s" % (p_indicator["indicator"], PULSE_SERVER_BASE, str(self.pulse["id"]))
ipv4_ = Address.from_dict({'address_value': p_indicator["indicator"],
'category': self.address_translation[p_indicator["type"]]})
observable_ = Observable(ipv4_)
elif p_indicator["type"] in self.name_translation:
new_ind = Indicator()
new_ind.description = p_indicator["description"]
new_ind.title = "%s from %spulse/%s" % (p_indicator["indicator"], PULSE_SERVER_BASE, str(self.pulse["id"]))
domain_ = DomainName.from_dict({'value': p_indicator["indicator"], 'type':'FQDN'})
observable_ = Observable(domain_)
elif p_indicator["type"] == "URL":
new_ind = Indicator()
new_ind.description = p_indicator["description"]
new_ind.title = "%s from %spulse/%s" % (p_indicator["indicator"], PULSE_SERVER_BASE, str(self.pulse["id"]))
url_ = URI.from_dict({'value': p_indicator["indicator"], 'type': URI.TYPE_URL})
observable_ = Observable(url_)
elif p_indicator["type"] == "email":
email_ = Address.from_dict({'address_value': p_indicator["indicator"], 'category': Address.CAT_EMAIL})
observable_ = Observable(email_)
#elif p_indicator["type"] == "CVE":
# vuln_ = Vulnerability()
# vuln_.cveid = p_indicator["indicator"].upper()
# observable_ = Observable(vuln_)
elif p_indicator["type"] == "Mutex":
mutex_ = Mutex.from_dict({'named': True, 'name': p_indicator["indicator"]})
observable_ = Observable(mutex_)
elif p_indicator["type"] == "CIDR":
nrange = IP(p_indicator["indicator"])
nrange_values = nrange.strNormal(3).replace("-", ",")
ipv4_ = Address.from_dict({'address_value': nrange_values, 'category': Address.CAT_IPV4})
ipv4_.address_value.condition = "InclusiveBetween"
observable_ = Observable(ipv4_)
else:
continue
mind = Indicator()
mind.description = p_indicator["description"]
mind.title = "%s from %spulse/%s" % (p_indicator["indicator"], PULSE_SERVER_BASE, str(self.pulse["id"]))
observable_.title = "%s - %s" % (p_indicator["type"], p_indicator["indicator"])
mind.add_observable(observable_)
self.stix_package.add_indicator(mind)示例11: create_email_address_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def create_email_address_observable(email_address):
"""Create a CybOX Observable representing an IPv4 address"""
email_address_object = Address.from_dict({"address_value": email_address, "category": Address.CAT_EMAIL})
return Observable(email_address_object)示例12: create_ipv4_observable
# 需要导入模块: from cybox.objects.address_object import Address [as 别名]
# 或者: from cybox.objects.address_object.Address import from_dict [as 别名]
def create_ipv4_observable(ipv4_address):
"""Create a CybOX Observable representing an IPv4 address"""
ipv4_object = Address.from_dict({"address_value": ipv4_address, "category": Address.CAT_IPV4})
return Observable(ipv4_object)