当前位置: 首页>>代码示例>>Python>>正文


Python URI.type_方法代码示例

本文整理汇总了Python中cybox.objects.uri_object.URI.type_方法的典型用法代码示例。如果您正苦于以下问题:Python URI.type_方法的具体用法?Python URI.type_怎么用?Python URI.type_使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在cybox.objects.uri_object.URI的用法示例。



在下文中一共展示了URI.type_方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: stix_xml

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def stix_xml(bldata):
    # Create the STIX Package and Header objects
    stix_package = STIXPackage()
    stix_header = STIXHeader()
    # Set the description
    stix_header.description = "RiskIQ Blacklist Data - STIX Format"
    # Set the namespace
    NAMESPACE = {"http://www.riskiq.com" : "RiskIQ"}
    set_id_namespace(NAMESPACE) 
    # Set the produced time to now
    stix_header.information_source = InformationSource()
    stix_header.information_source.time = Time()
    stix_header.information_source.time.produced_time = datetime.now()
    # Create the STIX Package
    stix_package = STIXPackage()
    # Build document
    stix_package.stix_header = stix_header
    # Build the Package Intent
    stix_header.package_intents.append(PackageIntent.TERM_INDICATORS)

    # Build the indicator
    indicator = Indicator()
    indicator.title = "List of Malicious URLs detected by RiskIQ - Malware, Phishing, and Spam"
    indicator.add_indicator_type("URL Watchlist")
    for datum in bldata:
        url = URI()
        url.value = ""
        url.value = datum['url']
        url.type_ =  URI.TYPE_URL
        url.condition = "Equals"
        indicator.add_observable(url)

    stix_package.add_indicator(indicator)
    return stix_package.to_xml()
开发者ID:9b,项目名称:python_api,代码行数:36,代码来源:blacklist_stix.py


示例2: main

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def main():
    v = AnyURI("http://www.example.com/index1.html")
    v.condition = "Equals"

    u = URI()
    u.value = v
    u.type_ = URI.TYPE_URL

    print(Observables(u).to_xml())
开发者ID:clever-crow-consulting,项目名称:python-cybox,代码行数:11,代码来源:url_pattern.py


示例3: main

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def main():
    NS = cybox.utils.Namespace("http://example.com/", "example")
    cybox.utils.set_id_namespace(NS)

    v = AnyURI("http://www.example.com/index1.html")

    u = URI()
    u.value = v
    u.type_ = URI.TYPE_URL

    print Observables(u).to_xml()
开发者ID:bauer1j,项目名称:python-cybox,代码行数:13,代码来源:url_instance.py


示例4: main

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def main():
    print '<?xml version="1.0" encoding="UTF-8"?>'

    v = AnyURI("www.sample1.com/index.html")
    v.condition = "Equals"

    u = URI()
    u.value = v
    u.type_ = URI.TYPE_URL

    o = Observables(u)
    print o.to_xml()
开发者ID:2xyo,项目名称:python-cybox,代码行数:14,代码来源:se_01.py


示例5: create_url_indicator

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
    def create_url_indicator(self, url_indicator):
        indicator = Indicator()
        indicator.title = 'URL of site hosting malware'
        indicator.add_indicator_type('URL Watchlist')

        url = URI()
        url.value = url_indicator
        url.type_ =  URI.TYPE_URL
        url.condition = 'Equals'

        indicator.add_observable(url)
        return indicator
开发者ID:CyberIntelMafia,项目名称:malcrawler,代码行数:14,代码来源:har2stix.py


示例6: test_round_trip

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
    def test_round_trip(self):
        v = AnyURI("http://www.example.com")
        t = URI.TYPE_URL

        u = URI()
        u.value = v
        u.type_ = t

        uri2 = round_trip(u, URI, output=False)

        self.assertEqual(uri2.value, v)
        self.assertEqual(uri2.type_, t)
开发者ID:2xyo,项目名称:python-cybox,代码行数:14,代码来源:uri_test.py


示例7: main

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def main():
    pkg = STIXPackage()
    indicator = Indicator()
    indicator.id_ = "example:package-382ded87-52c9-4644-bab0-ad3168cbad50"
    indicator.title = "Malicious site hosting downloader"
    indicator.add_indicator_type("URL Watchlist")
    
    url = URI()
    url.value = "http://x4z9arb.cn/4712"
    url.type_ =  URI.TYPE_URL
    
    indicator.add_observable(url)

    pkg.add_indicator(indicator)
    
    print pkg.to_xml()
开发者ID:jb23lm,项目名称:stixproject.github.io,代码行数:18,代码来源:indicator-for-malicious-url.py


示例8: fqdn

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def fqdn(fqdn,provider,reporttime):
    currentTime = time.time()
    parsed_uri = urlparse( str(fqdn) )
    domain = '{uri.scheme}://{uri.netloc}/'.format(uri=parsed_uri)
    if domain.startswith('https'):
        domain = domain[8:]
    else:
        domain = domain[7:]
    if domain.endswith('/'):
        domain = domain[:-1]


    vuln = Vulnerability()
    vuln.cve_id = "FQDN-" + str(domain) + '_' + str(currentTime)
    vuln.description = "maliciousIPV4"
    et = ExploitTarget(title=provider + " observable")
    et.add_vulnerability(vuln)
    
    url = URI()
    url.value = fqdn
    url.type_ =  URI.TYPE_URL
    url.condition = "Equals"
    
     # Create an Indicator with the File Hash Object created above.
    indicator = Indicator()
    indicator.title = "FQDN-" + str(fqdn)
    indicator.description = ("Malicious FQDN " + str(fqdn) + " reported from " + provider)
    indicator.set_producer_identity(provider)
    indicator.set_produced_time(reporttime)
    indicator.add_observable(url)
    # Create a STIX Package
    stix_package = STIXPackage()
    
    stix_package.add(et)
    stix_package.add(indicator)
    
    # Print the XML!
    #print(stix_package.to_xml())
    
    
    f = open('/opt/TARDIS/Observables/FQDN/' + str(domain) + '_' + str(currentTime) + '.xml','w')
    f.write(stix_package.to_xml())
    f.close()

    
开发者ID:TravisFSmith,项目名称:iocdreaming,代码行数:45,代码来源:createSTIX.py


示例9: make_cybox_object

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def make_cybox_object(type_, name=None, value=None):
    """
    Converts type_, name, and value to a CybOX object instance.

    :param type_: The object type.
    :type type_: str
    :param name: The object name.
    :type name: str
    :param value: The object value.
    :type value: str
    :returns: CybOX object
    """

    if type_ == "Address":
        return Address(category=name, address_value=value)
    elif type_ == "Email Message":
        e = EmailMessage()
        e.raw_body = value
        return e
    #TODO: Http Request Header Fields not implemented?
    #elif type_ == "Http Request Header Fields":
        #pass
    #TODO: Mutex object type is incomplete
    #elif type_ == "Mutex":
        #return Mutex.object_from_dict({'name': value})
    #TODO: use Byte_Run object?
    #elif type_ == "String":
       #pass
    elif type_ == "URI":
        #return URI(type_=name, value=value)
        r = URI()
        r.type_ = name
        r.value = value
        return r
    #TODO: Win_File incomplete
    #elif type_ == "Win File":
    #TODO: Registry_Key incomplete
    #elif type_ == "Win Handle" and name == "RegistryKey":
        #return Registry_Key.object_from_dict({'key':value})
    raise UnsupportedCybOXObjectTypeError(type_, name)
开发者ID:maurakilleen,项目名称:crits,代码行数:42,代码来源:object_mapper.py


示例10: create_stix_package

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def create_stix_package(reference,results):
    stix_package = STIXPackage()

    STIX_NAMESPACE = {"http://wapacklabs.com" : "wapack"}

    OBS_NAMESPACE = Namespace("http://wapacklabs.com", "wapack")

    stix_set_id_namespace(STIX_NAMESPACE)

    obs_set_id_namespace(OBS_NAMESPACE)
    
    stix_header = STIXHeader()

    fusionreport_title = reference
    timestring = time.time()
    formatted_timestring = datetime.fromtimestamp(timestring).strftime('%Y_%m_%d')
    stix_file_name = fusionreport_title+'_stix_package_TR_'+formatted_timestring+'.xml'


    
    stix_header.description = 'This STIX package includes indicators reported to the Red Sky community. Please send all inquiries to [email protected]'
    stix_package.stix_header = stix_header
    for item in results:
        process_type = str(item["ProcessType"]).decode('utf-8')
        if process_type == 'Direct':
            indicator = str(item["Indicator"]).decode('utf-8')
            #print indicator
            item_reference = str(item["Reference"]).decode('utf-8')
            source = str(item["Source"]).decode('utf-8')
            killchain = str(item["KillChain"]).decode('utf-8')
            first_seen = str(item["FirstSeen"]).decode('utf-8')
            last_seen = str(item["LastSeen"]).decode('utf-8')
            attribution = str(item["Attribution"]).decode('utf-8')
            indicator_type = str(item["Type"]).decode('utf-8')               
            rrname = str(item["Rrname"])
            rdata = str(item["Rdata"])
            rootnode = str(item["RootNode"])
            country = str(item["Country"]).decode('utf-8')
            tags = str(item["Tags"]).decode('utf-8')
            comment2 = item["Comment"]
            comment = unicodedata.normalize('NFKD', comment2).encode('ascii','ignore')
            confidence = str(item["Confidence"]).decode('utf-8')

            if indicator_type == 'MD5' or indicator_type == 'SHA1':
                f = File()
                hashval = indicator
                hashval2 = hashval.decode('utf8', 'ignore')
                f.add_hash(hashval2)
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,f,stix_package)
            if indicator_type == 'Registry':
                reg = WinRegistryKey()
                key = indicator
                key_add = key.decode('utf8', 'ignore')
                reg.key = key_add
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,reg,stix_package)
            if indicator_type == 'Subject':
                email_subj_obj = EmailMessage()
                email_subj_obj.header = EmailHeader()
                subj = indicator
                subj_add = subj.decode('utf8', 'ignore')
                email_subj_obj.header.subject = subj_add
                indcator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,email_subj_obj,stix_package) 
            if indicator_type == 'File':
                filename = File()
                file_name_fix = indicator
                file_name_fix2 = file_name_fix.decode('utf8', 'ignore')
                filename.file_name = file_name_fix2
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,filename,stix_package)
            if indicator_type == 'Email':
                email = Address()
                email.address_value = indicator.decode('utf8', 'ignore')
                email.category = Address.CAT_EMAIL
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,email,stix_package)
            if indicator_type == 'Domain':
                domain = URI()
                domainval = indicator.decode('utf8', 'ignore')
                domain.value = domainval.decode('utf8', 'ignore')
                domain.type_ = URI.TYPE_DOMAIN
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,domain,stix_package)
            if indicator_type == 'IP':
                ip = Address()
                ip.address_value = indicator.decode('utf8', 'ignore')
                ip.category = Address.CAT_IPV4
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,ip,stix_package)
            if indicator_type == 'String':
                strng = Memory()
                string = indicator
                strng.name = string.decode('utf8', 'ignore')
                indicator = Indicator()
                add_stix_indicator_regular(indicator,indicator,item_reference,tags,source,last_seen,confidence,process_type,comment,killchain,attribution,strng,stix_package)
            if indicator_type == 'URL':
                url = URI()
                url_indicator = indicator
#.........这里部分代码省略.........
开发者ID:dechko,项目名称:threatrecon,代码行数:103,代码来源:threatrecon_stix_rss.py


示例11: make_cybox_object

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def make_cybox_object(type_, name=None, value=None):
    """
    Converts type_, name, and value to a CybOX object instance.

    :param type_: The object type.
    :type type_: str
    :param name: The object name.
    :type name: str
    :param value: The object value.
    :type value: str
    :returns: CybOX object
    """

    if type_ == "Account":
        acct = Account()
        acct.description = value
        return acct
    elif type_ == "Address":
        return Address(category=name, address_value=value)
    elif type_ == "Email Message":
        e = EmailMessage()
        e.raw_body = value
        return e
    elif type_ == "API":
        api = API()
        api.description = value
        return api
    elif type_ == "Artifact":
        if name == "Data Region":
            atype = Artifact.TYPE_GENERIC
        elif name == 'FileSystem Fragment':
            atype = Artifact.TYPE_FILE_SYSTEM
        elif name == 'Memory Region':
            atype = Artifact.TYPE_MEMORY
        else:
            raise UnsupportedCybOXObjectTypeError(type_, name)
        return Artifact(value, atype)
    elif type_ == "Code":
        obj = Code()
        obj.code_segment = value
        obj.type = name
        return obj
    elif type_ == "Disk":
        disk = Disk()
        disk.disk_name = type_
        disk.type = name
        return disk
    elif type_ == "Disk Partition":
        disk = DiskPartition()
        disk.device_name = type_
        disk.type = name
        return disk
    elif type_ == "DNS Query":
        r = URI()
        r.value = value
        dq = DNSQuestion()
        dq.qname = r
        d = DNSQuery()
        d.question = dq
        return d
    elif type_ == "DNS Record":
        # DNS Record indicators in CRITs are just a free form text box, there
        # is no good way to map them into the attributes of a DNSRecord cybox
        # object. So just stuff it in the description until someone tells me
        # otherwise.
        d = StructuredText(value=value)
        dr = DNSRecord()
        dr.description = d
        return dr
    elif type_ == "GUI Dialogbox":
        obj = GUIDialogbox()
        obj.box_text = value
        return obj
    elif type_ == "GUI Window":
        obj = GUIWindow()
        obj.window_display_name = value
        return obj
    elif type_ == "HTTP Request Header Fields" and name and name == "User-Agent":
        # TODO/NOTE: HTTPRequestHeaderFields has a ton of fields for info.
        #    we should revisit this as UI is reworked or CybOX is improved.
        obj = HTTPRequestHeaderFields()
        obj.user_agent = value
        return obj
    elif type_ == "Library":
        obj = Library()
        obj.name = value
        obj.type = name
        return obj
    elif type_ == "Memory":
        obj = Memory()
        obj.memory_source = value
        return obj
    elif type_ == "Mutex":
        m = Mutex()
        m.named = True
        m.name = String(value)
        return m
    elif type_ == "Network Connection":
        obj = NetworkConnection()
        obj.layer7_protocol = value
#.........这里部分代码省略.........
开发者ID:0x3a,项目名称:crits,代码行数:103,代码来源:object_mapper.py


示例12: make_cybox_object

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def make_cybox_object(type_, value=None):
    """
    Converts type_, name, and value to a CybOX object instance.

    :param type_: The object type.
    :type type_: str
    :param value: The object value.
    :type value: str
    :returns: CybOX object
    """

    if type_ == IndicatorTypes.USER_ID:
        acct = Account()
        acct.description = value
        return acct
    elif type_ in IPTypes.values():
        if type_ == IPTypes.IPV4_ADDRESS:
            name = 'ipv4-addr'
        elif type_ == IPTypes.IPV6_ADDRESS:
            name = 'ipv6-addr'
        elif type_ == IPTypes.IPV4_SUBNET:
            name = 'ipv4-net'
        elif type_ == IPTypes.IPV6_SUBNET:
            name = 'ipv6-net'
        return Address(category=name, address_value=value)
    elif type_ == IndicatorTypes.API_KEY:
        api = API()
        api.description = value
        return api
    elif type_ == IndicatorTypes.DOMAIN:
        obj = DomainName()
        obj.value = value
        return obj
    elif type_ == IndicatorTypes.USER_AGENT:
        obj = HTTPRequestHeaderFields()
        obj.user_agent = value
        return obj
    elif type_ == IndicatorTypes.MUTEX:
        m = Mutex()
        m.named = True
        m.name = String(value)
        return m
    elif type_ in (IndicatorTypes.SOURCE_PORT,
                   IndicatorTypes.DEST_PORT):
        p = Port()
        try:
            p.port_value = PositiveInteger(value)
        except ValueError: # XXX: Raise a better exception...
            raise UnsupportedCybOXObjectTypeError(type_, name)
        return p
    elif type_ == IndicatorTypes.PROCESS_NAME:
        p = Process()
        p.name = String(value)
        return p
    elif type_ == IndicatorTypes.URI:
        r = URI()
        r.type_ = 'URL'
        r.value = value
        return r
    elif type_ in (IndicatorTypes.REGISTRY_KEY,
                   IndicatorTypes.REG_KEY_CREATED,
                   IndicatorTypes.REG_KEY_DELETED,
                   IndicatorTypes.REG_KEY_ENUMERATED,
                   IndicatorTypes.REG_KEY_MONITORED,
                   IndicatorTypes.REG_KEY_OPENED):
        obj = WinRegistryKey()
        obj.key = value
        return obj
    """
    The following are types that are listed in the 'Indicator Type' box of
    the 'New Indicator' dialog in CRITs. These types, unlike those handled
    above, cannot be written to or read from CybOX at this point.

    The reason for the type being omitted is written as a comment inline.
    This can (and should) be revisited as new versions of CybOX are released.
    NOTE: You will have to update the corresponding make_crits_object function
    with handling for the reverse direction.

    In the mean time, these types will raise unsupported errors.
    """
    #elif type_ == "Device": # No CybOX API
    #elif type_ == "DNS Cache": # No CybOX API
    #elif type_ == "GUI": # revisit when CRITs supports width & height specification
    #elif type_ == "HTTP Session": # No good mapping between CybOX/CRITs
    #elif type_ == "Linux Package": # No CybOX API
    #elif type_ == "Network Packet": # No good mapping between CybOX/CRITs
    #elif type_ == "Network Route Entry": # No CybOX API
    #elif type_ == "Network Route": # No CybOX API
    #elif type_ == "Network Subnet": # No CybOX API
    #elif type_ == "Semaphore": # No CybOX API
    #elif type_ == "Socket": # No good mapping between CybOX/CRITs
    #elif type_ == "UNIX File": # No CybOX API
    #elif type_ == "UNIX Network Route Entry": # No CybOX API
    #elif type_ == "UNIX Pipe": # No CybOX API
    #elif type_ == "UNIX Process": # No CybOX API
    #elif type_ == "UNIX User Account": # No CybOX API
    #elif type_ == "UNIX Volume": # No CybOX API
    #elif type_ == "User Session": # No CybOX API
    #elif type_ == "Whois": # No good mapping between CybOX/CRITs
    #elif type_ == "Win Computer Account": # No CybOX API
#.........这里部分代码省略.........
开发者ID:apolkosnik,项目名称:crits_services,代码行数:103,代码来源:object_mapper.py


示例13: cybox_object_uri

# 需要导入模块: from cybox.objects.uri_object import URI [as 别名]
# 或者: from cybox.objects.uri_object.URI import type_ [as 别名]
def cybox_object_uri(obj):
    u = URI()
    u.value = obj.uri_value
    u.type_ = obj.uri_type
    u.condition = obj.condition
    return u
开发者ID:gregtampa,项目名称:kraut_salad,代码行数:8,代码来源:utils.py



注:本文中的cybox.objects.uri_object.URI.type_方法示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。