本文整理汇总了Python中stix.core.STIXPackage.from_dict方法的典型用法代码示例。如果您正苦于以下问题:Python STIXPackage.from_dict方法的具体用法?Python STIXPackage.from_dict怎么用?Python STIXPackage.from_dict使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.core.STIXPackage的用法示例。
在下文中一共展示了STIXPackage.from_dict方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import from_dict [as 别名]
def main():
fn = 'ex_01.xml'
stix_package = STIXPackage.from_xml(fn)
stix_dict = stix_package.to_dict() # parse to dictionary
pprint(stix_dict)
stix_package_two = STIXPackage.from_dict(stix_dict) # create python-stix object from dictionary
xml = stix_package_two.to_xml() # generate xml from python-stix object
print(xml)示例2: test
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import from_dict [as 别名]
def test(files):
'''Parses each file in the list of files and performs a to_obj(), from_obj()
to_dict(), from_dict(), and to_xml() on each STIXPackage
'''
info("testing [%s] files" % (len(files)))
for fn in files:
with open(fn, 'rb') as f:
try:
sp = STIXPackage.from_xml(f)
o = sp.to_obj()
sp2 = STIXPackage.from_obj(o)
d = sp.to_dict()
sp3 = STIXPackage.from_dict(d)
xml = sp.to_xml()
print "[+] Sucessfully tested %s" % fn
except Exception as ex:
tb = traceback.format_exc()
print "[!] Error with %s : %s" % (fn, str(ex))
print tb示例3: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import from_dict [as 别名]
def main():
FILENAME = 'sample.xml'
# Parse input file
stix_package = STIXPackage.from_xml(FILENAME)
# Convert STIXPackage to a Python dictionary via the to_dict() method.
stix_dict = stix_package.to_dict()
# Print the dictionary!
pprint(stix_dict)
# Convert the first STIXPackage dictionary into another STIXPackage via
# the from_dict() method.
stix_package_two = STIXPackage.from_dict(stix_dict)
# Serialize the new STIXPackage object to XML
xml = stix_package_two.to_xml()
# Print the XML!
print(xml)示例4: toStixXml
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import from_dict [as 别名]
def toStixXml(self):
"""
This method converts a DetectorEvent object into a STIX compliant XML
string ready for output. It first converts the object into a hash of the
right format and then converts it into XML using STIXPackage.from_dict
and to_xml on the resulting object.
Returns:
Reference to string containing STIX/CybOX XML file.
"""
self.logger.debug('In toStixXml')
stixDict = {'campaigns': [{}],
'courses_of_action': [{}],
'exploit_targets': [{}],
'id': 'INSERT_PACKAGE_ID_HERE'}
stixDict['incidents'] = []
stixDict['indicators'] = [{}]
stixDict['observables'] = {'major_version': 2,
'minor_version': 1,
'observables': [{}],
'update_version': 0}
stixDict['stix_header'] = {'description': 'DESCRIPTION',
# 'handling':
# [{'controlled_structure':
# '//node()',
# 'marking_structures':
# [{'color': 'WHITE',
# 'xsi:type':
# 'tlpMarking:TLPMarkingStructureType'}]},
# {'controlled_structure':
# '//node()',
# 'marking_structures':
# [{'xsi:type':
# 'simpleMarking:SimpleMarkingStructureType'}]},
# {'controlled_structure': '//node()',
# 'marking_structures':
# [{'xsi:type':
# 'TOUMarking:TermsOfUseMarkingStructureType'}]}],
'information_source': {'identity': {},
'time':
{'produced_time':
'2014-12-31T08:00:00+00:00'},
'tools': [{}]},
'package_intents': [{'value': 'Incident',
'xsi:type':
'stixVocabs:PackageIntentVocab-1.0'}],
'title': 'TITLE'}
stixDict['threat_actors'] = [{}]
# stixDict['ttps'] = {'kill_chains':
# {'kill_chains': [{'kill_chain_phases': [{}]}]},
# 'ttps': [{}]}
stixDict['version'] = '1.1.1'
if (((not self.multiAttackFlag) or (not self.attackBoundaryFlag))
and
len(self.attackInstanceList) != 1):
self.logger.error('For non-multiple attack or non-boundary attack '+
'had more than one attack instance')
sys.exit(-1)
description_string = '\n\t\t\t\tMultipleAttack = '
description_string += 'TRUE' if self.multiAttackFlag else 'FALSE'
description_string += '\n\t\t\t\tAttackBoundaries = '
description_string += 'TRUE' if self.attackBoundaryFlag else 'FALSE'
description_string += '\n\t\t\t'
for attack_instance in self.attackInstanceList:
related_observables_hash = {'description' : description_string,
'related_observables':
{'observables': [],
'scope':'exclusive'}}
observables_list = (related_observables_hash['related_observables']
['observables'])
stixDict['incidents'].append(related_observables_hash)
for packet in attack_instance.packetList:
f_sec,sec = math.modf(packet.timeStamp)
self.logger.debug('%f %f',sec,f_sec)
dtime = datetime.datetime.fromtimestamp(
int(sec)).strftime('%Y-%m-%dT%H:%M:%S')+'.'+(
str(int(f_sec*1000000)))
#dtime = '2014-10-13T14:08:00.002000+00:00'
self.logger.debug('dtime = '+dtime)
observable_dict = {}
data_dict = {}
properties_dict = {}
packet_dict = {}
observable_dict['observable'] = data_dict
data_dict['keywords'] = ['LinkType=ethernet',
u'ProbAttack=' +
str(packet.probAttack)]
data_dict['object'] = properties_dict
properties_dict['properties'] = packet_dict
packet_dict['packaging'] = [{'algorithm': 'Base64',
'packaging_type': 'encoding'}]
packet_dict['raw_artifact'] = base64.b64encode(
str(packet.packet))
eth = dpkt.ethernet.Ethernet(str(packet.packet))
self.logger.debug('eth as string: %s',pformat(eth))
b64_decode = base64.b64decode(base64.b64encode(packet.packet))
v1 = pformat(packet.packet)
self.logger.debug('First version: %s',str(packet.packet).encode('hex'))
#.........这里部分代码省略.........
示例5: toStixXml
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import from_dict [as 别名]
def toStixXml(self, confidence, efficacy):
"""
This method converts a list of FASGuard generated Snort rules into a STIX
compliant XML string ready for output. It first converts the object
into a hash of the right format and then converts it into XML using
STIXPackage.from_dict and to_xml on the resulting object.
Arguments:
confidence - High, Medium or Low. High means low false alarm rate.
efficacy - High, Medium or Low. High means a low missed detection rate.
Returns:
Reference to string containing STIX/CybOX XML file.
"""
logger = logging.getLogger('simple_example')
self.logger = logger
self.logger.debug('In asg.fasguardStixRule')
stix_package = STIXPackage()
# Build the Exploit Target
vuln = Vulnerability()
vuln.cve_id = "Unknown"
et = ExploitTarget(title="From FASGuard")
et.add_vulnerability(vuln)
stix_package.add_exploit_target(et)
# Build the TTP
ttp = TTP(title="FASGuard Produced Signatures")
ttp.exploit_targets.append(ExploitTarget(idref=et.id_))
stix_package.add_ttp(ttp)
# Build the indicator
indicator = Indicator(title = "Snort Signature from FASGuard")
indicator.confidence = Confidence(confidence)
tm = SnortTestMechanism()
tm.rules = self.ruleList
tm.efficacy = efficacy
tm.producer = InformationSource(identity=Identity(name="FASGuard"))
tm.producer.references = ["http://fasguard.github.io/"]
indicator.test_mechanisms = [tm]
indicator.add_indicated_ttp(TTP(idref=ttp.id_))
stix_package.add_indicator(indicator)
return stix_package.to_xml()
# stixDict = {'campaigns': [{}],
# 'courses_of_action': [{}],
# 'exploit_targets': [{}],
# 'id': 'INSERT_PACKAGE_ID_HERE'}
# stixDict['indicators'] = [{'indicator':
# {'title':
# 'Automatically Generated FASGuard Signatures',
# 'test_mechanisms':
# {'test_mechanism':
# {'efficacy':'Low',
# 'producer':
# {'Identity':'FASGuard'},
# 'rule':'xyz'}}}}
# ]
stix_package = STIXPackage.from_dict(stixDict)
stix_xml = stix_package.to_xml()
return stix_xml