本文整理汇总了Python中stix.core.STIXPackage.add_campaign方法的典型用法代码示例。如果您正苦于以下问题:Python STIXPackage.add_campaign方法的具体用法?Python STIXPackage.add_campaign怎么用?Python STIXPackage.add_campaign使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.core.STIXPackage的用法示例。
在下文中一共展示了STIXPackage.add_campaign方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
# Build Campaign instances
camp1 = Campaign(title='Campaign 1')
camp2 = Campaign(title='Campaign 2')
# Build a CampaignRef object, setting the `idref` to the `id_` value of
# our `camp2` Campaign object.
campaign_ref = CampaignRef(idref=camp2.id_)
# Build an Indicator object.
i = Indicator()
# Add CampaignRef object pointing to `camp2`.
i.add_related_campaign(campaign_ref)
# Add Campaign object, which gets promoted into an instance of
# CampaignRef type internally. Only the `idref` is set.
i.add_related_campaign(camp1)
# Build our STIX Package and attach our Indicator and Campaign objects.
package = STIXPackage()
package.add_indicator(i)
package.add_campaign(camp1)
package.add_campaign(camp2)
# Print!
print package.to_xml()示例2: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.incident import Incident
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
attrib = Attribution()
attrib.append(actor)
c = Campaign()
c.attribution = []
c.attribution.append(attrib)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
c.related_incidents.append(Incident(idref="example:incident-229ab6ba-0eb2-415b-bdf2-079e6b42f51e"))
c.related_incidents.append(Incident(idref="example:incident-517cf274-038d-4ed4-a3ec-3ac18ad9db8a"))
c.related_incidents.append(Incident(idref="example:incident-7d8cf96f-91cb-42d0-a1e0-bfa38ea08621"))
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()示例3: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
campaign = Campaign(title="Campaign against ICS")
ttp = TTP(title="DrownedRat")
alpha_report = Report()
alpha_report.header = Header()
alpha_report.header.title = "Report on Adversary Alpha's Campaign against the Industrial Control Sector"
alpha_report.header.descriptions = "Adversary Alpha has a campaign against the ICS sector!"
alpha_report.header.intents = "Campaign Characterization"
alpha_report.add_campaign(Campaign(idref=campaign._id))
rat_report = Report()
rat_report.header = Header()
rat_report.header.title = "Indicators for Malware DrownedRat"
rat_report.header.intents = "Indicators - Malware Artifacts"
rat_report.add_ttp(TTP(idref=ttp._id))
wrapper = STIXPackage()
info_src = InformationSource()
info_src.identity = Identity(name="Government Sharing Program - GSP")
wrapper.stix_header = STIXHeader(information_source=info_src)
wrapper.add_report(alpha_report)
wrapper.add_report(rat_report)
wrapper.add_campaign(campaign)
wrapper.add_ttp(ttp)
print wrapper.to_xml()示例4: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
from stix.campaign import Campaign
from stix.common.related import RelatedTTP
from stix.core import STIXPackage
from stix.ttp import TTP
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting.add_targeted_information("Information Assets - Customer PII")
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
ttp_ref = TTP()
ttp_ref.idref = ttp.id_
related_ttp = RelatedTTP(ttp_ref)
related_ttp.relationship = "Targets"
c = Campaign()
c.title = "Operation Alpha"
c.related_ttps.append(related_ttp)
pkg = STIXPackage()
pkg.add_campaign(c)
pkg.add_ttp(ttp)
print pkg.to_xml()示例5: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
package = STIXPackage()
# Create the indicator
indicator = Indicator(title="IP Address for known C2 Channel")
indicator.add_indicator_type("IP Watchlist")
address = Address(category="ipv4-addr")
address.address_value = "10.0.0.0"
address.address_value.condition = "Equals"
indicator.observable = address
package.add_indicator(indicator)
# Create the campaign
campaign = Campaign(title="Operation Omega")
package.add_campaign(campaign)
# Link the campaign to the indicator
campaign.related_indicators.append(RelatedIndicator(item=Indicator(idref=indicator.id_)))
print package.to_xml()示例6: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
c = Campaign()
c.attribution.append(actor)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()示例7: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import add_campaign [as 别名]
def main():
# NOTE: ID values will differ due to being regenerated on each script execution
pkg1 = STIXPackage()
pkg1.title = "Example of Indicator Composition for an aggregate indicator composition"
# USE CASE: Indicator with aggregate pattern
# Add TTP for malware usage
malware_ttp = TTP()
malware_ttp.behavior = Behavior()
malware = MalwareInstance()
malware.title = "foobar malware"
malware.add_type("Remote Access Trojan")
malware_ttp.behavior.add_malware_instance(malware)
c2_ttp = TTP()
c2_ttp.resources = Resource()
c2_ttp.resources.infrastructure = Infrastructure()
c2_ttp.resources.infrastructure.add_type(VocabString("Malware C2"))
pkg1.add_ttp(c2_ttp)
pkg1.add_ttp(malware_ttp)
nw_ind = Indicator()
nw_ind.description = "Indicator for a particular C2 infstructure IP address."
# add network network connection to this indicator
obs = NetworkConnection()
sock = SocketAddress()
sock.ip_address = "46.123.99.25"
sock.ip_address.category = "ipv4-addr"
sock.ip_address.condition = "Equals"
obs.destination_socket_address = sock
nw_ind.add_observable(obs)
nw_ind.add_indicated_ttp(TTP(idref=c2_ttp.id_))
# create File Hash indicator w/ embedded Observable
file_ind = Indicator()
file_ind.description = "Indicator for the hash of the foobar malware."
file_ind.add_indicator_type("File Hash Watchlist")
file_obs = File()
file_obs.add_hash("01234567890abcdef01234567890abcdef")
file_obs.hashes[0].type_ = "MD5"
file_obs.hashes[0].type_.condition = "Equals"
file_ind.add_observable(file_obs)
# create references
file_ind.add_indicated_ttp(TTP(idref=malware_ttp.id_))
# create container indicator
ind = Indicator()
ind.add_indicator_type(VocabString("Campaign Characteristics"))
ind.description = "Indicator for a composite of characteristics for the use of specific malware and C2 infrastructure within a Campaign."
# Add campaign with related
camp = Campaign()
camp.title = "holy grail"
pkg1.add_campaign(camp)
camp.related_ttps.append(TTP(idref=c2_ttp.id_))
camp.related_ttps.append(TTP(idref=malware_ttp.id_))
# Add threat actor
ta = ThreatActor()
ta.identity = Identity()
ta.identity.name = "boobear"
ta.observed_ttps.append(TTP(idref=malware_ttp.id_))
pkg1.add_threat_actor(ta)
# Create composite expression
ind.composite_indicator_expression = CompositeIndicatorExpression()
ind.composite_indicator_expression.operator = "AND"
ind.composite_indicator_expression.append(file_ind)
ind.composite_indicator_expression.append(nw_ind)
pkg1.add_indicator(ind)
print pkg1.to_xml()
# USE CASE: Indicator with partial matching
pkg2 = STIXPackage()
pkg2.title = "Example of Indicator Composition for a one of many indicator composition"
# create container indicator
watchlistind = Indicator()
watchlistind.add_indicator_type("IP Watchlist")
watchlistind.description = "This Indicator specifies a pattern where any one or more of a set of three IP addresses are observed."
watchlistind.add_indicated_ttp(TTP(idref=c2_ttp.id_))
# Create composite expression
watchlistind.composite_indicator_expression = CompositeIndicatorExpression()
watchlistind.composite_indicator_expression.operator = "OR"
ips = ['23.5.111.68', '23.5.111.99', '46.123.99.25']
#.........这里部分代码省略.........