本文整理汇总了Python中stix.core.STIXHeader.description方法的典型用法代码示例。如果您正苦于以下问题:Python STIXHeader.description方法的具体用法?Python STIXHeader.description怎么用?Python STIXHeader.description使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.core.STIXHeader的用法示例。
在下文中一共展示了STIXHeader.description方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: to_stix
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def to_stix(infile):
"""Converts the `infile` OpenIOC xml document into a STIX Package.
Args:
infile: OpenIOC xml filename to translate
Returns:
stix.core.STIXPackage object
"""
observables = to_cybox(infile)
# Build Indicators from the Observable objects
indicators = [_observable_to_indicator_stix(o) for o in observables]
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
# Set the Indicators collection
stix_package.indicators = indicators
# Create and write the STIX Header. Warning: these fields have been
# deprecated in STIX v1.2!
stix_header = STIXHeader()
stix_header.package_intent = PackageIntent.TERM_INDICATORS_MALWARE_ARTIFACTS
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
return stix_package示例2: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Set the namespace to be used in the STIX Package
stix.utils.set_id_namespace({"https://github.com/STIXProject/openioc-to-stix":"openiocToSTIX"})
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
# Add the OpenIOC namespace
input_namespaces = {"http://openioc.org/":"openioc"}
stix_package.__input_namespaces__ = input_namespaces
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
# Ignore any warnings - temporary fix for no schemaLocation w/ namespace
with warnings.catch_warnings():
warnings.simplefilter("ignore")
outfile.write(stix_package.to_xml())
warnings.resetwarnings()
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()示例3: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
f = File()
f.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F")
indicator = Indicator()
indicator.title = "File Hash Example"
indicator.description = "An indicator containing a File observable with an associated hash"
indicator.set_producer_identity("The MITRE Corporation")
indicator.set_produced_time(datetime.now(tzutc()))
indicator.add_object(f)
party_name = PartyName(name_lines=["Foo", "Bar"], person_names=["John Smith", "Jill Smith"], organisation_names=["Foo Inc.", "Bar Corp."])
ident_spec = STIXCIQIdentity3_0(party_name=party_name)
ident_spec.add_electronic_address_identifier("[email protected]")
ident_spec.add_free_text_line("Demonstrating Free Text!")
ident_spec.add_contact_number("555-555-5555")
ident_spec.add_contact_number("555-555-5556")
identity = CIQIdentity3_0Instance(specification=ident_spec)
indicator.set_producer_identity(identity)
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Example"
stix_package.stix_header = stix_header
stix_package.add_indicator(indicator)
xml = stix_package.to_xml()
print(xml)示例4: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
# Create a CyboX File Object
f = File()
# This automatically detects that it's an MD5 hash based on the length
f.add_hash("4EC0027BEF4D7E1786A04D021FA8A67F")
# Create an Indicator with the File Hash Object created above.
indicator = Indicator()
indicator.title = "File Hash Example"
indicator.description = (
"An indicator containing a File observable with an associated hash"
)
indicator.set_producer_identity("The MITRE Corporation")
indicator.set_produced_time(utils.dates.now())
# Add The File Object to the Indicator. This will promote the CybOX Object
# to a CybOX Observable internally.
indicator.add_object(f)
# Create a STIX Package
stix_package = STIXPackage()
# Create the STIX Header and add a description.
stix_header = STIXHeader()
stix_header.description = "File Hash Indicator Example"
stix_package.stix_header = stix_header
# Add our Indicator object. The add() method will inspect the input and
# append it to the `stix_package.indicators` collection.
stix_package.add(indicator)
# Print the XML!
print(stix_package.to_xml())示例5: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
# Create our CybOX Simple Hash Value
shv = Hash()
shv.simple_hash_value = "4EC0027BEF4D7E1786A04D021FA8A67F"
# Create a CybOX File Object and add the Hash we created above.
f = File()
h = Hash(shv, Hash.TYPE_MD5)
f.add_hash(h)
# Create the STIX Package
stix_package = STIXPackage()
# Create the STIX Header and add a description.
stix_header = STIXHeader()
stix_header.description = "Simple File Hash Observable Example"
stix_package.stix_header = stix_header
# Add the File Hash Observable to the STIX Package. The add() method will
# inspect the input and add it to the top-level stix_package.observables
# collection.
stix_package.add(f)
# Print the XML!
print(stix_package.to_xml())示例6: test_stix_header
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def test_stix_header(self):
header = STIXHeader()
header.title = UNICODE_STR
header.description = UNICODE_STR
header.short_description = UNICODE_STR
header2 = round_trip(header)
self._test_equal(header, header2)示例7: stix_xml
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def stix_xml(bldata):
# Create the STIX Package and Header objects
stix_package = STIXPackage()
stix_header = STIXHeader()
# Set the description
stix_header.description = "RiskIQ Blacklist Data - STIX Format"
# Set the namespace
NAMESPACE = {"http://www.riskiq.com" : "RiskIQ"}
set_id_namespace(NAMESPACE)
# Set the produced time to now
stix_header.information_source = InformationSource()
stix_header.information_source.time = Time()
stix_header.information_source.time.produced_time = datetime.now()
# Create the STIX Package
stix_package = STIXPackage()
# Build document
stix_package.stix_header = stix_header
# Build the Package Intent
stix_header.package_intents.append(PackageIntent.TERM_INDICATORS)
# Build the indicator
indicator = Indicator()
indicator.title = "List of Malicious URLs detected by RiskIQ - Malware, Phishing, and Spam"
indicator.add_indicator_type("URL Watchlist")
for datum in bldata:
url = URI()
url.value = ""
url.value = datum['url']
url.type_ = URI.TYPE_URL
url.condition = "Equals"
indicator.add_observable(url)
stix_package.add_indicator(indicator)
return stix_package.to_xml()示例8: stix_pkg
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def stix_pkg(config, src, endpoint, payload, title='random test data',
description='random test data',
package_intents='Indicators - Watchlist',
tlp_color='WHITE', dest=None):
'''package observables'''
# setup the xmlns...
xmlns_url = config['edge']['sites'][dest]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][dest]['stix']['xmlns_name']
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = '../../../../descendant-or-self::node()'
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
if isinstance(payload, Observable):
stix_package.add_observable(payload)
elif isinstance(payload, Indicator):
stix_package.add_indicator(payload)
elif isinstance(payload, Incident):
stix_package.add_incident(payload)
return(stix_package)示例9: buildSTIX
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def buildSTIX(ident,confid,restconfid, effect, resteffect,typeIncident,resttype,asset,restasset,hashPkg):
# IMPLEMENTATION WORKAROUND -
# restConfid --> header.description
# resteffect --> breach.description
# resttype --> reporter.description
# restasset --> reporter.identity.name
# setup stix document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = restconfid # "Example description"
stix_package.stix_header = stix_header
# add incident and confidence
breach = Incident(id_=ident)
breach.description = resteffect # "Intrusion into enterprise network"
breach.confidence = Confidence()
breach.confidence.value=confid
breach._binding_class.xml_type = typeIncident
# stamp with reporter
breach.reporter = InformationSource()
breach.reporter.description = resttype #"The person who reported it"
breach.reporter.time = Time()
breach.reporter.time.produced_time = datetime.strptime("2014-03-11","%Y-%m-%d") # when they submitted it
breach.reporter.identity = Identity()
breach.reporter.identity.name = restasset # "Sample Investigations, LLC"
# set incident-specific timestamps
breach.time = incidentTime()
breach.title = "Breach of CyberTech Dynamics"
breach.time.initial_compromise = datetime.strptime("2012-01-30", "%Y-%m-%d")
breach.time.incident_discovery = datetime.strptime("2012-05-10", "%Y-%m-%d")
breach.time.restoration_achieved = datetime.strptime("2012-08-10", "%Y-%m-%d")
breach.time.incident_reported = datetime.strptime("2012-12-10", "%Y-%m-%d")
# add the impact
#impact = ImpactAssessment()
#impact.add_effect("Unintended Access")
#breach.impact_assessment = impact
affected_asset = AffectedAsset()
affected_asset.description = "Database server at hr-data1.example.com"
affected_asset.type_ = asset
breach.affected_assets = affected_asset
#print("asset type: %s"%(breach.affected_assets[0].type_))
# add the victim
breach.add_victim (hashPkg)
# add the impact
impact = ImpactAssessment()
impact.add_effect(effect)
breach.impact_assessment = impact
stix_package.add_incident(breach)
#print("hey, I've got an incident! list size=%s"%(len(stix_package._incidents)))
# Print the XML!
#print(stix_package.to_xml())
return stix_package示例10: _add_header
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def _add_header(self, stix_package, title, desc):
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = desc
stix_header.information_source = InformationSource()
stix_header.information_source.time = CyboxTime()
stix_header.information_source.time.produced_time = datetime.now()
stix_package.stix_header = stix_header示例11: export_stix
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def export_stix(iocs):
"""
Export the tagged items in STIX format.
BROKE!
"""
observables_doc = None
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = filename
stix_package.stix_header = stix_header
for ioc in iocs['md5']:
observable = cybox_helper.create_file_hash_observable('', value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
if t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
observable = cybox_helper.create_domain_name_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
if len(observables) > 0:
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
stix_xml = stix_package.to_xml()
f.write(stix_xml)示例12: build_stix
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def build_stix( input_dict ):
# setup stix document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Incident report for " + input_dict['organization']
stix_header.add_package_intent ("Incident")
# Add handling requirements if needed
if input_dict['sensitive'] == "True":
mark = SimpleMarkingStructure()
mark.statement = "Sensitive"
mark_spec = MarkingSpecification()
mark_spec.marking_structures.append(mark)
stix_header.handling = Marking(mark_spec)
stix_package.stix_header = stix_header
# add incident and confidence
incident = Incident()
incident.description = input_dict['description']
incident.confidence = input_dict['confidence']
# add incident reporter
incident.reporter = InformationSource()
incident.reporter.description = "Person who reported the incident"
incident.reporter.time = Time()
incident.reporter.time.produced_time = datetime.strptime(input_dict['timestamp'], "%Y-%m-%d") # when they submitted it
incident.reporter.identity = Identity()
incident.reporter.identity.name = input_dict['submitter']
# incident time is a complex object with support for a bunch of different "when stuff happened" items
incident.time = incidentTime()
incident.title = "Breach of " + input_dict['organization']
incident.time.incident_discovery = datetime.strptime(input_dict['timestamp'], "%Y-%m-%d") # when they submitted it
# add the impact
impact = ImpactAssessment()
impact.add_effect(input_dict['damage'])
incident.impact_assessment = impact
#Add the thing that was stolen
jewels = AffectedAsset()
jewels.type_ = input_dict['asset']
incident.add_affected_asset (jewels)
# add the victim
incident.add_victim (input_dict['organization'])
stix_package.add_incident(incident)
return stix_package示例13: _export_multi_json
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def _export_multi_json():
from stix.core import STIXPackage, STIXHeader
if jsonPattern is None:
if streamFlag: #stream
fullFileName = "cifStream"
else:
fullFileName = myJsonFile
xmlFileName = outputFile
else:
fullFileName = jsonPath + myJsonFile + '.json'
fileName = "stix_" + str(myJsonFile)
xmlFileName = stixPath + fileName + '.xml'
if testMode:
print "-----------------File Name: -------- " + fullFileName
print "xmlFileName: " + xmlFileName
global log_string
log_string = log_string + "\n\n" + str(datetime.datetime.now().time()) + ": fullFileName: " + fullFileName + "\n"
log_string = log_string + str(datetime.datetime.now().time()) + ": xmlFileName: " + xmlFileName + "\n"
wholeJson = _prepare_json(fullFileName)
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Search result from CIF with search parameter " + str(mySearchParam)
stix_header.title = "Indicators from search by " + str(mySearchParam)
stix_package.stix_header = stix_header
stix_header.package_intent = "Purpose: mitigation"
for x in wholeJson:
indicatorIns = _export_from_json_to_xml(json.loads(x))
stix_package.add_indicator(indicatorIns)
if streamFlag is False:
f = open(xmlFileName, 'w')
try:
f.write(stix_package.to_xml())
finally:
f.close()
#if testMode:
# print stix_package.to_xml()
log_string = log_string + str(datetime.datetime.now().time()) + ": -------------- STIX----------- \n\n" + stix_package.to_xml()
return stix_package.to_xml() 示例14: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
stix_package = STIXPackage()
stix_header = STIXHeader()
# Add tool information
stix_header.information_source = InformationSource()
stix_header.information_source.tools = ToolInformationList()
stix_header.information_source.tools.append(ToolInformation("python-stix ex_04.py", "The MITRE Corporation"))
stix_header.description = "Example "
stix_package.stix_header = stix_header
print(stix_package.to_xml())
print(stix_package.to_dict())示例15: main
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import description [as 别名]
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
outfile.write(stix_package.to_xml())
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()