当前位置: 首页>>代码示例>>Python>>正文

Python InformationSource.tools方法代码示例

本文整理汇总了Python中stix.common.InformationSource.tools方法的典型用法代码示例。如果您正苦于以下问题:Python InformationSource.tools方法的具体用法?Python InformationSource.tools怎么用?Python InformationSource.tools使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在stix.common.InformationSource的用法示例。


在下文中一共展示了InformationSource.tools方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: add_information_source_items

# 需要导入模块: from stix.common import InformationSource [as 别名]
# 或者: from stix.common.InformationSource import tools [as 别名]
def add_information_source_items(reference_item, source_id_item, schema_version_item, incident):
    insrc = InformationSource()
    if reference_item:
        for item in reference_item.split(';'):
            insrc.add_reference(item.strip())
    if source_id_item  or schema_version_item:
        insrc.tools = ToolInformationList()
    if source_id_item:  
        insrc.identity = Identity()  
        insrc.identity.name = source_id_item
        tool = ToolInformation()
        tool.name = "veris2stix"
        tool.vendor = "MITRE"
        tool.version = __version__
        insrc.tools.append(tool)
    if schema_version_item:
        tool = ToolInformation()
        tool.name = "VERIS schema"
        tool.vendor = "Verizon"
        tool.version = schema_version_item
        insrc.tools.append(tool)
    incident.information_source = insrc
开发者ID:rpiazza,项目名称:veris-to-stix,代码行数:24,代码来源:convert.py

示例2: _observable_to_indicator_stix

# 需要导入模块: from stix.common import InformationSource [as 别名]
# 或者: from stix.common.InformationSource import tools [as 别名]
def _observable_to_indicator_stix(observable):
    """Translate a CybOX Observable into a STIX Indicator.

    Args:
        observable: Observable object that will be translated

    Returns:
        Indicator object with STIX utility and CybOX tags
    """
    # Build STIX tool content
    tool = ToolInformation(tool_name='OpenIOC to STIX Utility')
    tool.version = version.__version__

    # Build Indicator.producer contents
    producer = InformationSource()
    producer.tools = ToolInformationList(tool)

    # Build Indicator
    indicator = Indicator(title="CybOX-represented Indicator Created from OpenIOC File")
    indicator.producer = producer
    indicator.add_observable(observable)

    return indicator
开发者ID:dandye,项目名称:openioc-to-stix,代码行数:25,代码来源:translate.py

示例3: create_cybox_object

# 需要导入模块: from stix.common import InformationSource [as 别名]
# 或者: from stix.common.InformationSource import tools [as 别名]

#.........这里部分代码省略.........
                main_file_object.add_related(dom, 'Connected_To', inline=False)
        else:
            domains = []
            addresses = []

        """ store http session information """
        if 'network' in jdict and 'http' in jdict['network']:
            log.debug("handling HTTP information ...")
            http_requests = self.__create_cybox_https(jdict['network']['http'], whitelist)
            for session in http_requests:
                main_file_object.add_related(session, 'Connected_To', inline=False)
        else:
            http_requests = []

        """ store dns queries information about the malware """
        if 'network' in jdict and 'dns' in jdict['network']:
            log.debug("handling DNS information ...")
            queries = self.__create_cybox_dns_queries(jdict['network']['dns'], whitelist)
            for query in queries:
                main_file_object.add_related(query, 'Connected_To', inline=False)
        else:
            queries = []

        """ store information about dropped files """
        if 'dropped' in jdict:
            log.debug('handling dropped files ...')
            dropped = self.__create_cybox_dropped_files(jdict['dropped'], jdict['target']['file']['sha256'])
            for drop in dropped:
                main_file_object.add_related(drop, 'Dropped', inline=False)
        else:
            dropped = []

        """ store virustotal information """
        if 'virustotal' in jdict and 'positives' in jdict['virustotal']:
            log.debug('handling virustotal information ...')
            vtInformationTools = self.__create_stix_virustotal(jdict['virustotal'], log, config)
            vtFound = True
        else:
            vtInformationTools = []
            vtFound = False

        """ create observables """
        if config["attachemail"] and len(email_observables)>0:
            obs = Observables([main_file_object]+email_observables+win_executable_extension+domains+addresses+http_requests+dropped+queries)
        else:
            obs = Observables([main_file_object]+win_executable_extension+domains+addresses+http_requests+dropped+queries)
        """ generate stix id with siemens namespace """
        if config:
            stix_id_generator = stix.utils.IDGenerator(namespace={config["xmlns"]: config["namespace"]})
        else:
            stix_id_generator = stix.utils.IDGenerator(namespace={"cert.siemens.com": "siemens_cert"})
        """ create stix package """
        stix_id = stix_id_generator.create_id()
        stix_package = STIXPackage(observables=obs, id_=stix_id)
        stix_header = STIXHeader()
        stix_header.title = "Analysis report: %s" % (str(main_file_object.file_name).decode('utf8', errors='xmlcharrefreplace'))
        if 'info' in jdict and 'started' in jdict['info']:
            sandbox_report_date = dateparser.parse(jdict['info']['started']+' CET').isoformat()
        else:
            sandbox_report_date = datetime.datetime.now(pytz.timezone('Europe/Berlin')).isoformat()
        stix_header.description = 'Summarized analysis results for file "%s" with MD5 hash "%s" created on %s.' % (str(main_file_object.file_name).decode('utf8', errors='xmlcharrefreplace'), main_file_object.hashes.md5, sandbox_report_date)
        stix_header.add_package_intent("Malware Characterization")
        """ create markings """
        spec = MarkingSpecification()
        spec.idref = stix_id
        spec.controlled_structure = "//node()"
        tlpmark = TLPMarkingStructure()
        if config:
            if not vtFound:
                tlpmark.color = config["color"]
            else:
                tlpmark.color = "GREEN"
        elif vtFound:
            tlpmark.color = "GREEN"
        else:
            tlpmark.color = "AMBER"
        spec.marking_structure = [tlpmark]
        """ attach to header """
        stix_header.handling = Marking([spec])
        stix_information_source = InformationSource()
        stix_information_source.time = Time(produced_time=sandbox_report_date)
        stix_information_source.tools = ToolInformationList([ToolInformation(tool_name="SIEMENS-ANALYSIS-TOOL-ID-12", tool_vendor="ANALYSIS-ID: %s" % (jdict['info']['id']))]+vtInformationTools)
        stix_header.information_source = stix_information_source
        stix_package.stix_header = stix_header
        """ write result xml file """
        xml_file_name = "stix-%s-malware-report.xml" % (file_md5)
        xml_report_file_path = os.path.join(self.reports_path, xml_file_name)
        fp = open(xml_report_file_path, 'w')
        if config:
            fp.write(stix_package.to_xml(ns_dict={config["xmlns"]: config["namespace"]}))
        else:
            fp.write(stix_package.to_xml(ns_dict={'cert.siemens.com': 'siemens_cert'}))
        fp.close()
        if config["copytoshare"]:
            self.__copy_xml_to_ti_share(xml_report_file_path, xml_file_name, config)
            for item in email_stix_path_tuple_list:
                self.__copy_xml_to_ti_share(item[0], item[1], config, "email")
        else:
            log.warning("copy to TI share is disabled: %s" % (config["copytoshare"]))
        return
开发者ID:zeroq,项目名称:cuckoo,代码行数:104,代码来源:cuckoo-cybox.py


注:本文中的stix.common.InformationSource.tools方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。