本文整理汇总了Python中stix.core.STIXHeader.package_intents方法的典型用法代码示例。如果您正苦于以下问题:Python STIXHeader.package_intents方法的具体用法?Python STIXHeader.package_intents怎么用?Python STIXHeader.package_intents使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.core.STIXHeader的用法示例。
在下文中一共展示了STIXHeader.package_intents方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: stix_pkg
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def stix_pkg(config, src, endpoint, payload, title='random test data',
description='random test data',
package_intents='Indicators - Watchlist',
tlp_color='WHITE', dest=None):
'''package observables'''
# setup the xmlns...
xmlns_url = config['edge']['sites'][dest]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][dest]['stix']['xmlns_name']
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = '../../../../descendant-or-self::node()'
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
if isinstance(payload, Observable):
stix_package.add_observable(payload)
elif isinstance(payload, Indicator):
stix_package.add_indicator(payload)
elif isinstance(payload, Incident):
stix_package.add_incident(payload)
return(stix_package)示例2: generateMainPackage
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def generateMainPackage(events):
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = "Export from " + namespace[1] + " MISP"
stix_header.package_intents = "Threat Report"
stix_package.stix_header = stix_header
return stix_package示例3: generateEventPackage
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def generateEventPackage(event):
package_name = namespace[1] + ':STIXPackage-' + event["Event"]["uuid"]
stix_package = STIXPackage(id_=package_name)
stix_header = STIXHeader()
stix_header.title="MISP event #" + event["Event"]["id"] + " uuid: " + event["Event"]["uuid"]
stix_header.package_intents="Threat Report"
stix_package.stix_header = stix_header
objects = generateSTIXObjects(event)
incident = objects[0]
ttps = objects[1]
stix_package.add_incident(incident)
for ttp in ttps:
stix_package.add_ttp(ttp)
return stix_package示例4: generateEventPackage
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def generateEventPackage(event):
package_name = namespace[1] + ":STIXPackage-" + event["Event"]["uuid"]
timestamp = getDateFromTimestamp(int(event["Event"]["timestamp"]))
stix_package = STIXPackage(id_=package_name, timestamp=timestamp)
stix_header = STIXHeader()
stix_header.title = event["Event"]["info"] + " (MISP Event #" + event["Event"]["id"] + ")"
stix_header.package_intents = "Threat Report"
stix_package.stix_header = stix_header
objects = generateSTIXObjects(event)
incident = objects[0]
ttps = objects[1]
stix_package.add_incident(incident)
for ttp in ttps:
stix_package.add_ttp(ttp)
return stix_package示例5: gen_stix_indicator_sample
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def gen_stix_indicator_sample(
config,
target=None,
datatype=None,
title="random test data",
description="random test data",
package_intents="Indicators - Watchlist",
tlp_color="WHITE",
observables_list=None,
):
"""generate sample stix data comprised of indicator_count
indicators of type datatype"""
# setup the xmlns...
xmlns_url = config["edge"]["sites"][target]["stix"]["xmlns_url"]
xmlns_name = config["edge"]["sites"][target]["stix"]["xmlns_name"]
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = "../../../../descendant-or-self::node()"
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
indicator_ = Indicator()
indicator_.title = str(uuid.uuid4()) + "_sample_indicator"
indicator_.confidence = "Unknown"
indicator_.add_indicator_type("Malware Artifacts")
observable_composition_ = ObservableComposition()
observable_composition_.operator = indicator_.observable_composition_operator
for observable_id in observables_list:
observable_ = Observable()
observable_.idref = observable_id
observable_composition_.add(observable_)
indicator_.observable = Observable()
indicator_.observable.observable_composition = observable_composition_
stix_package.add_indicator(indicator_)
return stix_package示例6: gen_stix_indicator_sample
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def gen_stix_indicator_sample(config, target=None, datatype=None,
title='random test data',
description='random test data',
package_intents='Indicators - Watchlist',
tlp_color='WHITE', observables_list=None):
'''generate sample stix data comprised of indicator_count
indicators of type datatype'''
# setup the xmlns...
xmlns_url = config['edge']['sites'][target]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][target]['stix']['xmlns_name']
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = '../../../../descendant-or-self::node()'
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
indicator_ = Indicator()
indicator_.title = str(uuid.uuid4()) + '_sample_indicator'
indicator_.confidence = 'Unknown'
indicator_.add_indicator_type('Malware Artifacts')
observable_composition_ = ObservableComposition()
observable_composition_.operator = \
indicator_.observable_composition_operator
for observable_id in observables_list:
observable_ = Observable()
observable_.idref = observable_id
observable_composition_.add(observable_)
indicator_.observable = Observable()
indicator_.observable.observable_composition = observable_composition_
stix_package.add_indicator(indicator_)
return(stix_package)示例7: gen_stix_observable_sample
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def gen_stix_observable_sample(config, target=None, datatype=None,
title='random test data',
description='random test data',
package_intents='Indicators - Watchlist',
tlp_color='WHITE'):
'''generate sample stix data comprised of indicator_count
indicators of type datatype'''
# setup the xmlns...
xmlns_url = config['edge']['sites'][target]['stix']['xmlns_url']
xmlns_name = config['edge']['sites'][target]['stix']['xmlns_name']
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = '../../../../descendant-or-self::node()'
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
# ...and stuff it full of random sample data :-)
if datatype == 'ip':
addr = Address(address_value=datagen.generate_random_ip_address(),
category='ipv4-addr')
addr.condition = 'Equals'
stix_package.add_observable(Observable(addr))
elif datatype == 'domain':
domain = DomainName()
domain.type_ = 'FQDN'
domain.value = datagen.generate_random_domain(config)
domain.condition = 'Equals'
stix_package.add_observable(Observable(domain))
elif datatype == 'filehash':
file_object = File()
file_object.file_name = str(uuid.uuid4()) + '.exe'
hashes = datagen.generate_random_hashes()
for hash in hashes.keys():
file_object.add_hash(Hash(hashes[hash], type_=hash.upper()))
for i in file_object.hashes:
i.simple_hash_value.condition = "Equals"
stix_package.add_observable(Observable(file_object))
elif datatype == 'email':
try:
msg = datagen.get_random_spam_msg(config)
email = EmailMessage()
email.header = EmailHeader()
header_map = {'Subject': 'subject', 'To': 'to', 'Cc':
'cc', 'Bcc': 'bcc', 'From': 'from_',
'Sender': 'sender', 'Date': 'date',
'Message-ID': 'message_id', 'Reply-To':
'reply_to', 'In-Reply-To': 'in_reply_to',
'Content-Type': 'content_type', 'Errors-To':
'errors_to', 'Precedence': 'precedence',
'Boundary': 'boundary', 'MIME-Version':
'mime_version', 'X-Mailer': 'x_mailer',
'User-Agent': 'user_agent',
'X-Originating-IP': 'x_originating_ip',
'X-Priority': 'x_priority'}
# TODO handle received_lines
for key in header_map.keys():
val = msg.get(key, None)
if val:
email.header.__setattr__(header_map[key], val)
email.header.__getattribute__(header_map[key]).condition = \
'Equals'
# TODO handle email bodies (it's mostly all there except for
# handling weird text encoding problems that were making
# libcybox stacktrace)
# body = get_email_payload(random_spam_msg)
# if body:
# email.raw_body = body
stix_package.add_observable(Observable(email))
except:
return(None)
observable_id = stix_package.observables.observables[0].id_
return(observable_id, stix_package)示例8: gen_stix_observable_sample
# 需要导入模块: from stix.core import STIXHeader [as 别名]
# 或者: from stix.core.STIXHeader import package_intents [as 别名]
def gen_stix_observable_sample(
config,
target=None,
datatype=None,
title="random test data",
description="random test data",
package_intents="Indicators - Watchlist",
tlp_color="WHITE",
):
"""generate sample stix data comprised of indicator_count
indicators of type datatype"""
# setup the xmlns...
xmlns_url = config["edge"]["sites"][target]["stix"]["xmlns_url"]
xmlns_name = config["edge"]["sites"][target]["stix"]["xmlns_name"]
set_stix_id_namespace({xmlns_url: xmlns_name})
set_cybox_id_namespace(Namespace(xmlns_url, xmlns_name))
# construct a stix package...
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = title
stix_header.description = description
stix_header.package_intents = package_intents
marking = MarkingSpecification()
marking.controlled_structure = "../../../../descendant-or-self::node()"
tlp_marking = TLPMarkingStructure()
tlp_marking.color = tlp_color
marking.marking_structures.append(tlp_marking)
stix_package.stix_header = stix_header
stix_package.stix_header.handling = Marking()
stix_package.stix_header.handling.add_marking(marking)
# ...and stuff it full of random sample data :-)
if datatype == "ip":
addr = Address(address_value=datagen_.generate_random_ip_address(), category="ipv4-addr")
addr.condition = "Equals"
stix_package.add_observable(Observable(addr))
elif datatype == "domain":
domain = DomainName()
domain.type_ = "FQDN"
domain.value = datagen_.generate_random_domain(config)
domain.condition = "Equals"
stix_package.add_observable(Observable(domain))
elif datatype == "filehash":
file_object = File()
file_object.file_name = str(uuid.uuid4()) + ".exe"
hashes = datagen_.generate_random_hashes()
for hash in hashes.keys():
file_object.add_hash(Hash(hashes[hash], type_=hash.upper()))
for i in file_object.hashes:
i.simple_hash_value.condition = "Equals"
stix_package.add_observable(Observable(file_object))
elif datatype == "email":
try:
msg = datagen_.get_random_spam_msg(config)
email = EmailMessage()
email.header = EmailHeader()
header_map = {
"Subject": "subject",
"To": "to",
"Cc": "cc",
"Bcc": "bcc",
"From": "from_",
"Sender": "sender",
"Date": "date",
"Message-ID": "message_id",
"Reply-To": "reply_to",
"In-Reply-To": "in_reply_to",
"Content-Type": "content_type",
"Errors-To": "errors_to",
"Precedence": "precedence",
"Boundary": "boundary",
"MIME-Version": "mime_version",
"X-Mailer": "x_mailer",
"User-Agent": "user_agent",
"X-Originating-IP": "x_originating_ip",
"X-Priority": "x_priority",
}
# TODO handle received_lines
for key in header_map.keys():
val = msg.get(key, None)
if val:
email.header.__setattr__(header_map[key], val)
email.header.__getattribute__(header_map[key]).condition = "Equals"
# TODO handle email bodies (it's mostly all there except for
# handling weird text encoding problems that were making
# libcybox stacktrace)
# body = get_email_payload(random_spam_msg)
# if body:
# email.raw_body = body
stix_package.add_observable(Observable(email))
except:
return None
observable_id = stix_package.observables.observables[0].id_
return (observable_id, stix_package)