本文整理汇总了Python中cybox.objects.email_message_object.EmailMessage.header方法的典型用法代码示例。如果您正苦于以下问题:Python EmailMessage.header方法的具体用法?Python EmailMessage.header怎么用?Python EmailMessage.header使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cybox.objects.email_message_object.EmailMessage的用法示例。
在下文中一共展示了EmailMessage.header方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def main():
stix_package = STIXPackage()
ttp = TTP(title="Phishing")
stix_package.add_ttp(ttp)
# Create the indicator for just the subject
email_subject_object = EmailMessage()
email_subject_object.header = EmailHeader()
email_subject_object.header.subject = "[IMPORTANT] Please Review Before"
email_subject_object.header.subject.condition = "StartsWith"
email_subject_indicator = Indicator()
email_subject_indicator.title = "Malicious E-mail Subject Line"
email_subject_indicator.add_indicator_type("Malicious E-mail")
email_subject_indicator.observable = email_subject_object
email_subject_indicator.confidence = "Low"
# Create the indicator for just the attachment
file_attachment_object = EmailMessage()
file_attachment_object.attachments = Attachments()
attached_file_object = File()
attached_file_object.file_name = "Final Report"
attached_file_object.file_name.condition = "StartsWith"
attached_file_object.file_extension = "doc.exe"
attached_file_object.file_extension.condition = "Equals"
file_attachment_object.add_related(attached_file_object, "Contains", inline=True)
file_attachment_object.attachments.append(file_attachment_object.parent.id_)
indicator_attachment = Indicator()
indicator_attachment.title = "Malicious E-mail Attachment"
indicator_attachment.add_indicator_type("Malicious E-mail")
indicator_attachment.observable = file_attachment_object
indicator_attachment.confidence = "Low"
# Create the combined indicator w/ both subject an attachment
full_email_object = EmailMessage()
full_email_object.attachments = Attachments()
# Add the previously referenced file as another reference rather than define it again:
full_email_object.attachments.append(file_attachment_object.parent.id_)
full_email_object.header = EmailHeader()
full_email_object.header.subject = "[IMPORTANT] Please Review Before"
full_email_object.header.subject.condition = "StartsWith"
combined_indicator = Indicator(title="Malicious E-mail")
combined_indicator.add_indicator_type("Malicious E-mail")
combined_indicator.confidence = Confidence(value="High")
combined_indicator.observable = full_email_object
email_subject_indicator.add_indicated_ttp(TTP(idref=ttp.id_))
indicator_attachment.add_indicated_ttp(TTP(idref=ttp.id_))
combined_indicator.add_indicated_ttp(TTP(idref=ttp.id_))
stix_package.indicators = [combined_indicator, email_subject_indicator, indicator_attachment]
print stix_package.to_xml()示例2: add_email_observable
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def add_email_observable(self, headers):
e = EmailMessage()
h = EmailHeader.from_dict(headers)
e.header = h
self.__emails.add(e)
email_observable = Observable(e)
self.email_indicator.add_observable(email_observable)示例3: to_cybox
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def to_cybox(self, exclude=None):
"""
Convert an email to a CybOX Observables.
Pass parameter exclude to specify fields that should not be
included in the returned object.
Returns a tuple of (CybOX object, releasability list).
To get the cybox object as xml or json, call to_xml() or
to_json(), respectively, on the resulting CybOX object.
"""
if exclude == None:
exclude = []
observables = []
obj = EmailMessage()
# Assume there is going to be at least one header
obj.header = EmailHeader()
if 'message_id' not in exclude:
obj.header.message_id = String(self.message_id)
if 'subject' not in exclude:
obj.header.subject = String(self.subject)
if 'sender' not in exclude:
obj.header.sender = Address(self.reply_to, Address.CAT_EMAIL)
if 'reply_to' not in exclude:
obj.header.reply_to = Address(self.reply_to, Address.CAT_EMAIL)
if 'x_originating_ip' not in exclude:
obj.header.x_originating_ip = Address(self.x_originating_ip,
Address.CAT_IPV4)
if 'raw_body' not in exclude:
obj.raw_body = self.raw_body
if 'raw_header' not in exclude:
obj.raw_header = self.raw_header
#copy fields where the names differ between objects
if 'helo' not in exclude and 'email_server' not in exclude:
obj.email_server = String(self.helo)
if ('from_' not in exclude and 'from' not in exclude and
'from_address' not in exclude):
obj.header.from_ = EmailAddress(self.from_address)
if 'date' not in exclude and 'isodate' not in exclude:
obj.header.date = DateTime(self.isodate)
observables.append(Observable(obj))
return (observables, self.releasability)示例4: resolveEmailObservable
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def resolveEmailObservable(attribute):
new_object = EmailMessage()
email_header = EmailHeader()
if (attribute["type"] == "email-src"):
email_header.from_ = attribute["value"]
elif(attribute["type"] == "email-dst"):
email_header.to = attribute["value"]
else:
email_header.subject = attribute["value"]
new_object.header = email_header
return new_object示例5: resolveEmailObservable
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def resolveEmailObservable(indicator, attribute):
indicator.add_indicator_type("Malicious E-mail")
new_object = EmailMessage()
email_header = EmailHeader()
if (attribute["type"] == "email-src"):
email_header.from_ = attribute["value"]
elif(attribute["type"] == "email-dst"):
email_header.to = attribute["value"]
else:
email_header.subject = attribute["value"]
new_object.header = email_header
return new_object示例6: __parse_email_message
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def __parse_email_message(self, msg):
""" Parses the supplied message
Returns a map of message parts expressed as cybox objects.
Keys: 'message', 'files', 'urls'
"""
files = []
url_list = []
domain_list = []
message = EmailMessage()
# Headers are required (for now)
message.header = self.__create_cybox_headers(msg)
if self.include_attachments:
files = self.__create_cybox_files(msg)
message.attachments = Attachments()
for f in files:
message.attachments.append(f.parent.id_)
f.add_related(message, "Contained_Within", inline=False)
if self.include_raw_headers:
raw_headers_str = self.__get_raw_headers(msg).strip()
if raw_headers_str:
message.raw_header = String(raw_headers_str)
# need this for parsing urls AND raw body text
raw_body = "\n".join(self.__get_raw_body_text(msg)).strip()
if self.include_raw_body and raw_body:
message.raw_body = String(raw_body)
if self.include_urls:
(url_list, domain_list) = self.__parse_urls(raw_body)
if url_list:
links = Links()
for u in url_list:
links.append(LinkReference(u.parent.id_))
if links:
message.links = links
# Return a list of all objects we've built
return [message] + files + url_list + domain_list示例7: json2observable
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def json2observable(config, src, dest, endpoint, json_, crits_id):
# TODO split into smaller functions
'''transform crits observables into cybox'''
try:
set_id_method(IDGenerator.METHOD_UUID)
xmlns_url = config['edge']['sites'][dest]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][dest]['stix']['xmlns_name']
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
if endpoint == 'ips':
crits_types = {'Address - cidr': 'cidr',
'Address - ipv4-addr': 'ipv4-addr',
'Address - ipv4-net': 'ipv4-net',
'Address - ipv4-net-mask': 'ipv4-netmask',
'Address - ipv6-addr': 'ipv6-addr',
'Address - ipv6-net': 'ipv6-net',
'Address - ipv6-net-mask': 'ipv6-netmask'}
addr = Address(address_value=json_['ip'],
category=crits_types[json_['type']])
addr.condition = 'Equals'
observable_ = Observable(addr)
elif endpoint == 'domains':
domain = DomainName()
domain.type_ = 'FQDN'
domain.value = json_['domain']
domain.condition = 'Equals'
observable_ = Observable(domain)
elif endpoint == 'samples':
crits_types = {'md5': 'MD5',
'sha1': 'SHA1',
'sha224': 'SHA224',
'sha256': 'SHA256',
'sha384': 'SHA384',
'sha512': 'SHA512',
'ssdeep': 'SSDEEP'}
file_object = File()
file_object.file_name = json_['filename']
for hash in crits_types.keys():
if hash in json_:
file_object.add_hash(Hash(json_[hash],
type_=crits_types[hash]))
for i in file_object.hashes:
i.simple_hash_value.condition = "Equals"
observable_ = Observable(file_object)
elif endpoint == 'emails':
crits_types = {'subject': 'subject', 'to': 'to', 'cc': 'cc',
'from_address': 'from_', 'sender': 'sender',
'date': 'date', 'message_id': 'message_id',
'reply_to': 'reply_to', 'boundary': 'boundary',
'x_mailer': 'x_mailer',
'x_originating_ip': 'x_originating_ip'}
email = EmailMessage()
email.header = EmailHeader()
for k in crits_types.keys():
val = json_.get(k, None)
if val:
email.header.__setattr__(crits_types[k], val)
email.header.__getattribute__(crits_types[k]).condition = \
'Equals'
observable_ = Observable(email)
else:
config['logger'].error(
log.log_messages['unsupported_object_error'].format(
type_='crits', obj_type=endpoint, id_=crits_id))
return(None)
observable_.id = xmlns_name + ':observable-' + crits_id
observable_.id_ = observable_.id
return(observable_)
except:
e = sys.exc_info()[0]
config['logger'].error(
log.log_messages['obj_convert_error'].format(
src_type='crits', src_obj='observable', id_=crits_id,
dest_type='cybox', dest_obj='observable'))
config['logger'].exception(e)
return(None)示例8: gen_stix_observable_sample
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def gen_stix_observable_sample(config, target=None, datatype=None,
title='random test data',
description='random test data',
package_intents='Indicators - Watchlist',
tlp_color='WHITE'):
'''generate sample stix data comprised of indicator_count
indicators of type datatype'''
# setup the xmlns...
xmlns_url = config['edge']['sites'][target]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][target]['stix']['xmlns_name']
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = '../../../../descendant-or-self::node()'
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
# ...and stuff it full of random sample data :-)
if datatype == 'ip':
addr = Address(address_value=datagen.generate_random_ip_address(),
category='ipv4-addr')
addr.condition = 'Equals'
stix_package.add_observable(Observable(addr))
elif datatype == 'domain':
domain = DomainName()
domain.type_ = 'FQDN'
domain.value = datagen.generate_random_domain(config)
domain.condition = 'Equals'
stix_package.add_observable(Observable(domain))
elif datatype == 'filehash':
file_object = File()
file_object.file_name = str(uuid.uuid4()) + '.exe'
hashes = datagen.generate_random_hashes()
for hash in hashes.keys():
file_object.add_hash(Hash(hashes[hash], type_=hash.upper()))
for i in file_object.hashes:
i.simple_hash_value.condition = "Equals"
stix_package.add_observable(Observable(file_object))
elif datatype == 'email':
try:
msg = datagen.get_random_spam_msg(config)
email = EmailMessage()
email.header = EmailHeader()
header_map = {'Subject': 'subject', 'To': 'to', 'Cc':
'cc', 'Bcc': 'bcc', 'From': 'from_',
'Sender': 'sender', 'Date': 'date',
'Message-ID': 'message_id', 'Reply-To':
'reply_to', 'In-Reply-To': 'in_reply_to',
'Content-Type': 'content_type', 'Errors-To':
'errors_to', 'Precedence': 'precedence',
'Boundary': 'boundary', 'MIME-Version':
'mime_version', 'X-Mailer': 'x_mailer',
'User-Agent': 'user_agent',
'X-Originating-IP': 'x_originating_ip',
'X-Priority': 'x_priority'}
# TODO handle received_lines
for key in header_map.keys():
val = msg.get(key, None)
if val:
email.header.__setattr__(header_map[key], val)
email.header.__getattribute__(header_map[key]).condition = \
'Equals'
# TODO handle email bodies (it's mostly all there except for
# handling weird text encoding problems that were making
# libcybox stacktrace)
# body = get_email_payload(random_spam_msg)
# if body:
# email.raw_body = body
stix_package.add_observable(Observable(email))
except:
return(None)
observable_id = stix_package.observables.observables[0].id_
return(observable_id, stix_package)示例9: gen_stix_observable_sample
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def gen_stix_observable_sample(
config,
target=None,
datatype=None,
title="random test data",
description="random test data",
package_intents="Indicators - Watchlist",
tlp_color="WHITE",
):
"""generate sample stix data comprised of indicator_count
indicators of type datatype"""
# setup the xmlns...
xmlns_url = config["edge"]["sites"][target]["stix"]["xmlns_url"]
xmlns_name = config["edge"]["sites"][target]["stix"]["xmlns_name"]
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = "../../../../descendant-or-self::node()"
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
# ...and stuff it full of random sample data :-)
if datatype == "ip":
addr = Address(address_value=datagen_.generate_random_ip_address(), category="ipv4-addr")
addr.condition = "Equals"
stix_package.add_observable(Observable(addr))
elif datatype == "domain":
domain = DomainName()
domain.type_ = "FQDN"
domain.value = datagen_.generate_random_domain(config)
domain.condition = "Equals"
stix_package.add_observable(Observable(domain))
elif datatype == "filehash":
file_object = File()
file_object.file_name = str(uuid.uuid4()) + ".exe"
hashes = datagen_.generate_random_hashes()
for hash in hashes.keys():
file_object.add_hash(Hash(hashes[hash], type_=hash.upper()))
for i in file_object.hashes:
i.simple_hash_value.condition = "Equals"
stix_package.add_observable(Observable(file_object))
elif datatype == "email":
try:
msg = datagen_.get_random_spam_msg(config)
email = EmailMessage()
email.header = EmailHeader()
header_map = {
"Subject": "subject",
"To": "to",
"Cc": "cc",
"Bcc": "bcc",
"From": "from_",
"Sender": "sender",
"Date": "date",
"Message-ID": "message_id",
"Reply-To": "reply_to",
"In-Reply-To": "in_reply_to",
"Content-Type": "content_type",
"Errors-To": "errors_to",
"Precedence": "precedence",
"Boundary": "boundary",
"MIME-Version": "mime_version",
"X-Mailer": "x_mailer",
"User-Agent": "user_agent",
"X-Originating-IP": "x_originating_ip",
"X-Priority": "x_priority",
}
# TODO handle received_lines
for key in header_map.keys():
val = msg.get(key, None)
if val:
email.header.__setattr__(header_map[key], val)
email.header.__getattribute__(header_map[key]).condition = "Equals"
# TODO handle email bodies (it's mostly all there except for
# handling weird text encoding problems that were making
# libcybox stacktrace)
# body = get_email_payload(random_spam_msg)
# if body:
# email.raw_body = body
stix_package.add_observable(Observable(email))
except:
return None
observable_id = stix_package.observables.observables[0].id_
return (observable_id, stix_package)示例10: cybox_object_email
# 需要导入模块: from cybox.objects.email_message_object import EmailMessage [as 别名]
# 或者: from cybox.objects.email_message_object.EmailMessage import header [as 别名]
def cybox_object_email(obj):
e = EmailMessage()
e.raw_body = obj.raw_body
e.raw_header = obj.raw_header
# Links
e.links = Links()
for link in obj.links.all():
pass
# Attachments
e.attachments = Attachments()
attachment_objects = []
for att in obj.attachments.all():
for meta in att.file_meta.all():
fobj = cybox_object_file(att, meta)
e.attachments.append(fobj.parent.id_)
fobj.add_related(e, "Contained_Within", inline=False)
attachment_objects.append(fobj)
# construct header information
h = EmailHeader()
h.subject = obj.subject
h.date = obj.email_date
h.message_id = obj.message_id
h.content_type = obj.content_type
h.mime_version = obj.mime_version
h.user_agent = obj.user_agent
h.x_mailer = obj.x_mailer
# From
for from_ in obj.from_string.all():
from_address = EmailAddress(from_.sender)
from_address.is_spoofed = from_.is_spoofed
from_address.condition = from_.condition
h.from_ = from_address
# Sender
for sender in obj.sender.all():
sender_address = EmailAddress(sender.sender)
sender_address.is_spoofed = sender.is_spoofed
sender_address.condition = sender.condition
h.sender.add(sender_address)
# To
recipients = EmailRecipients()
for recipient in obj.recipients.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.to = recipients
# CC
recipients = EmailRecipients()
for recipient in obj.recipients_cc.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.cc = recipients
# BCC
recipients = EmailRecipients()
for recipient in obj.recipients_bcc.all():
rec_address = EmailAddress(recipient.recipient)
rec_address.is_spoofed = recipient.is_spoofed
rec_address.condition = recipient.condition
recipients.append(rec_address)
h.bcc = recipients
e.header = h
return e, attachment_objects