本文整理汇总了Python中stix.core.STIXPackage.title方法的典型用法代码示例。如果您正苦于以下问题:Python STIXPackage.title方法的具体用法?Python STIXPackage.title怎么用?Python STIXPackage.title使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.core.STIXPackage的用法示例。
在下文中一共展示了STIXPackage.title方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import title [as 别名]
def main():
# NOTE: ID values will differ due to being regenerated on each script execution
pkg = STIXPackage()
pkg.title="Examples of Observable Composition"
# USE CASE: single obj with single condition
obs = File()
obs.file_name = "foo.exe"
obs.file_name.condition = "Contains"
pkg.add_observable(obs)
# USE CASE: single obj with multiple conditions
obs = File()
obs.file_name = "foo"
obs.file_name.condition = "Contains"
obs.size_in_bytes = '1896000'
obs.size_in_bytes.condition = "Equals"
pkg.add_observable(obs)
# USE CASE: multiple obj with individual conditions
obs = EmailMessage()
obs.subject = "Syria strategic plans leaked"
obs.subject.condition= "Equals"
file_obj = File()
file_obj.file_name = "bombISIS.pdf"
file_obj.file_name.condition = "Equals"
obs.add_related(file_obj, "Contains")
pkg.add_observable(obs)
# USE CASE: multiple objects with complex condition like (A OR B) AND C
# orcomp = either of a mutex or file are present
orcomp = ObservableComposition()
orcomp.operator = "OR"
obs = Mutex()
obs.name = 'foo'
obs.name.condition= "Contains"
orcomp.add(obs)
obs = File()
obs.file_name = "barfoobar"
obs.file_name.condition = "Equals"
orcomp.add(obs)
# andcomp = the above is true AND a network connection is present
andcomp = ObservableComposition()
andcomp.operator = "AND"
andcomp.add(orcomp)
obs = NetworkConnection()
sock = SocketAddress()
sock.ip_address = "46.123.99.25"
sock.ip_address.category = "ipv4-addr"
sock.ip_address.condition = "Equals"
obs.destination_socket_address = sock
andcomp.add (obs)
pkg.add_observable(andcomp)
# USE CASE: single object, one property with multiple values
obs = SocketAddress()
obs.ip_address = ['10.0.0.0','10.0.0.1','10.0.0.2'] # comma delimiter automagically added
obs.ip_address.condition = "Equals"
obs.ip_address.apply_condition = "ANY"
pkg.add_observable(obs)
print pkg.to_xml() 示例2: main
# 需要导入模块: from stix.core import STIXPackage [as 别名]
# 或者: from stix.core.STIXPackage import title [as 别名]
def main():
# NOTE: ID values will differ due to being regenerated on each script execution
pkg1 = STIXPackage()
pkg1.title = "Example of Indicator Composition for an aggregate indicator composition"
# USE CASE: Indicator with aggregate pattern
# Add TTP for malware usage
malware_ttp = TTP()
malware_ttp.behavior = Behavior()
malware = MalwareInstance()
malware.title = "foobar malware"
malware.add_type("Remote Access Trojan")
malware_ttp.behavior.add_malware_instance(malware)
c2_ttp = TTP()
c2_ttp.resources = Resource()
c2_ttp.resources.infrastructure = Infrastructure()
c2_ttp.resources.infrastructure.add_type(VocabString("Malware C2"))
pkg1.add_ttp(c2_ttp)
pkg1.add_ttp(malware_ttp)
nw_ind = Indicator()
nw_ind.description = "Indicator for a particular C2 infstructure IP address."
# add network network connection to this indicator
obs = NetworkConnection()
sock = SocketAddress()
sock.ip_address = "46.123.99.25"
sock.ip_address.category = "ipv4-addr"
sock.ip_address.condition = "Equals"
obs.destination_socket_address = sock
nw_ind.add_observable(obs)
nw_ind.add_indicated_ttp(TTP(idref=c2_ttp.id_))
# create File Hash indicator w/ embedded Observable
file_ind = Indicator()
file_ind.description = "Indicator for the hash of the foobar malware."
file_ind.add_indicator_type("File Hash Watchlist")
file_obs = File()
file_obs.add_hash("01234567890abcdef01234567890abcdef")
file_obs.hashes[0].type_ = "MD5"
file_obs.hashes[0].type_.condition = "Equals"
file_ind.add_observable(file_obs)
# create references
file_ind.add_indicated_ttp(TTP(idref=malware_ttp.id_))
# create container indicator
ind = Indicator()
ind.add_indicator_type(VocabString("Campaign Characteristics"))
ind.description = "Indicator for a composite of characteristics for the use of specific malware and C2 infrastructure within a Campaign."
# Add campaign with related
camp = Campaign()
camp.title = "holy grail"
pkg1.add_campaign(camp)
camp.related_ttps.append(TTP(idref=c2_ttp.id_))
camp.related_ttps.append(TTP(idref=malware_ttp.id_))
# Add threat actor
ta = ThreatActor()
ta.identity = Identity()
ta.identity.name = "boobear"
ta.observed_ttps.append(TTP(idref=malware_ttp.id_))
pkg1.add_threat_actor(ta)
# Create composite expression
ind.composite_indicator_expression = CompositeIndicatorExpression()
ind.composite_indicator_expression.operator = "AND"
ind.composite_indicator_expression.append(file_ind)
ind.composite_indicator_expression.append(nw_ind)
pkg1.add_indicator(ind)
print pkg1.to_xml()
# USE CASE: Indicator with partial matching
pkg2 = STIXPackage()
pkg2.title = "Example of Indicator Composition for a one of many indicator composition"
# create container indicator
watchlistind = Indicator()
watchlistind.add_indicator_type("IP Watchlist")
watchlistind.description = "This Indicator specifies a pattern where any one or more of a set of three IP addresses are observed."
watchlistind.add_indicated_ttp(TTP(idref=c2_ttp.id_))
# Create composite expression
watchlistind.composite_indicator_expression = CompositeIndicatorExpression()
watchlistind.composite_indicator_expression.operator = "OR"
ips = ['23.5.111.68', '23.5.111.99', '46.123.99.25']
#.........这里部分代码省略.........