本文整理汇总了Python中stix.ttp.TTP.title方法的典型用法代码示例。如果您正苦于以下问题:Python TTP.title方法的具体用法?Python TTP.title怎么用?Python TTP.title使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类stix.ttp.TTP的用法示例。
在下文中一共展示了TTP.title方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
from stix.campaign import Campaign
from stix.common.related import RelatedTTP
from stix.core import STIXPackage
from stix.ttp import TTP
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting.add_targeted_information("Information Assets - Customer PII")
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
ttp_ref = TTP()
ttp_ref.idref = ttp.id_
related_ttp = RelatedTTP(ttp_ref)
related_ttp.relationship = "Targets"
c = Campaign()
c.title = "Operation Alpha"
c.related_ttps.append(related_ttp)
pkg = STIXPackage()
pkg.add_campaign(c)
pkg.add_ttp(ttp)
print pkg.to_xml()示例2: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.incident import Incident
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
attrib = Attribution()
attrib.append(actor)
c = Campaign()
c.attribution = []
c.attribution.append(attrib)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
c.related_incidents.append(Incident(idref="example:incident-229ab6ba-0eb2-415b-bdf2-079e6b42f51e"))
c.related_incidents.append(Incident(idref="example:incident-517cf274-038d-4ed4-a3ec-3ac18ad9db8a"))
c.related_incidents.append(Incident(idref="example:incident-7d8cf96f-91cb-42d0-a1e0-bfa38ea08621"))
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()示例3: test_ttp
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def test_ttp(self):
t = TTP()
t.title = UNICODE_STR
t.description = UNICODE_STR
t.short_description = UNICODE_STR
t2 = round_trip(t)
self._test_equal(t, t2)示例4: resolveAttributes
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def resolveAttributes(incident, ttps, attributes):
for attribute in attributes:
if attribute["type"] in not_implemented_attributes:
addJournalEntry(
incident,
"!Not implemented attribute category/type combination caught! attribute["
+ attribute["category"]
+ "]["
+ attribute["type"]
+ "]: "
+ attribute["value"],
)
elif attribute["type"] in non_indicator_attributes:
# types that will definitely not become indicators
handleNonIndicatorAttribute(incident, ttps, attribute)
else:
# types that may become indicators
handleIndicatorAttribute(incident, ttps, attribute)
if incident.related_indicators and not ttps:
ttp = TTP(timestamp=incident.timestamp)
ttp.id_ = incident.id_.replace("incident", "ttp")
ttp.title = "Unknown"
ttps.append(ttp)
for rindicator in incident.related_indicators:
for ttp in ttps:
ittp = TTP(idref=ttp.id_, timestamp=ttp.timestamp)
rindicator.item.add_indicated_ttp(ittp)
return [incident, ttps]示例5: cvebuild
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def cvebuild(var):
"""Search for a CVE ID and return a STIX formatted response."""
cve = CVESearch()
data = json.loads(cve.id(var))
if data:
try:
from stix.utils import set_id_namespace
namespace = {NS: NS_PREFIX}
set_id_namespace(namespace)
except ImportError:
from stix.utils import idgen
from mixbox.namespaces import Namespace
namespace = Namespace(NS, NS_PREFIX, "")
idgen.set_id_namespace(namespace)
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg = STIXPackage()
pkg.stix_header = STIXHeader()
pkg.stix_header.handling = marking()
# Define the exploit target
expt = ExploitTarget()
expt.title = data['id']
expt.description = data['summary']
# Add the vulnerability object to the package object
expt.add_vulnerability(vulnbuild(data))
# Do some TTP stuff with CAPEC objects
try:
for i in data['capec']:
ttp = TTP()
ttp.title = "CAPEC-" + str(i['id'])
ttp.description = i['summary']
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
pkg.add_ttp(ttp)
except KeyError:
pass
# Do some weakness stuff
if data['cwe'] != 'Unknown':
weak = Weakness()
weak.cwe_id = data['cwe']
expt.add_weakness(weak)
# Add the exploit target to the package object
pkg.add_exploit_target(expt)
xml = pkg.to_xml()
# If the function is not imported then output the xml to a file.
if __name__ == '__main__':
title = pkg.id_.split(':', 1)[-1]
with open(title + ".xml", "w") as text_file:
text_file.write(xml)
return xml示例6: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
# get args
parser = argparse.ArgumentParser(
description="Parse an input JSON file and output STIX XML ",
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("infile",help="input file")
parser.add_argument("--outfile","-o", help="output file")
args = parser.parse_args()
# We assume the input file is a flat JSON file
# format 'bot_name':[list,of,ips]
content = json.load(open(args.infile))
# Set up STIX document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = "C2 Server IP Addresses"
stix_header.add_package_intent (PackageIntent.TERM_INDICATORS_WATCHLIST)
stix_package.stix_header = stix_header
# Create Indicator and TTP for each item in JSON document
for item in content:
# Create TTP for C2 server
ttp = TTP()
ttp.title = item
stix_package.add_ttp(ttp)
# Create Indicator for C2 IP addresses
indicator = Indicator()
indicator.title = "IP addresses for known C2 channel"
indicator.description = "Bot connecting to control server"
# Add IPs for C2 node
addr = Address(address_value=content[item], category=Address.CAT_IPV4)
addr.address_value.condition= "Equals"
indicator.add_object(addr)
# Relate Indicator and TTP
indicator.add_indicated_ttp(TTP(idref=ttp.id_))
# Add Indicator to STIX PAckage
stix_package.add_indicator(indicator)
# Output to given file
# The context manager is just to make the output look nicer by ignoring
# warnings from to_xml()
with warnings.catch_warnings():
warnings.simplefilter("ignore")
stix_out = stix_package.to_xml()
if args.outfile:
fd = open(args.outfile,'w')
fd.write(stix_out)
else:
print stix_out示例7: _buildttp
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def _buildttp(i, expt):
"""Do some TTP stuff."""
ttp = TTP()
ttp.title = str(i['name'])
# The summary key is a list. In 1.2 this is represented
# properly using description ordinality.
ttp.description = i['summary']
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-" + str(i['id'])
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)
ttp.exploit_targets.append(ExploitTarget(idref=expt.id_))
return ttp示例8: _buildttp
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def _buildttp(data):
ttp = TTP()
ttp.title = data['name']
ttp.description = data['description']
attack_pattern = AttackPattern()
attack_pattern.capec_id = "CAPEC-" + str(data['id'])
attack_pattern.title = data['name']
attack_pattern.description = data['description']
ttp.behavior = Behavior()
ttp.behavior.add_attack_pattern(attack_pattern)
ttp.information_source = InformationSource()
ttp.information_source.identity = Identity()
ttp.information_source.identity.name = "The MITRE Corporation"
ttp.information_source.references = data['references']
return ttp示例9: generateTTP
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def generateTTP(incident, attribute):
ttp = TTP()
ttp.id_="example:ttp-" + attribute["uuid"]
setTLP(ttp, attribute["distribution"])
ttp.title = "MISP Attribute #" + attribute["id"] + " uuid: " + attribute["uuid"]
if attribute["type"] == "vulnerability":
vulnerability = Vulnerability()
vulnerability.cve_id = attribute["value"]
et = ExploitTarget()
et.add_vulnerability(vulnerability)
ttp.exploit_targets.append(et)
else:
malware = MalwareInstance()
malware.add_name(attribute["value"])
ttp.behavior = Behavior()
ttp.behavior.add_malware_instance(malware)
relatedTTP = RelatedTTP(ttp, relationship=attribute["category"])
incident.leveraged_ttps.append(relatedTTP)示例10: generateTTP
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def generateTTP(incident, attribute):
ttp = TTP(timestamp=getDateFromTimestamp(int(attribute["timestamp"])))
ttp.id_= namespace[1] + ":ttp-" + attribute["uuid"]
setTLP(ttp, attribute["distribution"])
ttp.title = attribute["category"] + ": " + attribute["value"] + " (MISP Attribute #" + attribute["id"] + ")"
if attribute["type"] == "vulnerability":
vulnerability = Vulnerability()
vulnerability.cve_id = attribute["value"]
et = ExploitTarget(timestamp=getDateFromTimestamp(int(attribute["timestamp"])))
et.add_vulnerability(vulnerability)
ttp.exploit_targets.append(et)
else:
malware = MalwareInstance()
malware.add_name(attribute["value"])
ttp.behavior = Behavior()
ttp.behavior.add_malware_instance(malware)
if attribute["comment"] != "":
ttp.description = attribute["comment"]
relatedTTP = RelatedTTP(ttp, relationship=attribute["category"])
incident.leveraged_ttps.append(relatedTTP)示例11: add_action_item
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def add_action_item(action_item, pkg):
if action_item.get('environmental'):
warn("'environmental' item in 'action' item does not map to any STIX concept")
error_item = action_item.get('error')
if error_item:
warn("'error' item in 'action' item not handled, yet")
hacking_item = action_item.get('hacking')
if hacking_item:
hacking_ttp = TTP()
add_hacking(hacking_item, hacking_ttp)
pkg.add_ttp(hacking_ttp)
malware_item = action_item.get('malware')
if malware_item:
malware_ttp = TTP()
add_malware(malware_item, malware_ttp)
pkg.add_ttp(malware_ttp)
misuse_item = action_item.get('misuse')
if misuse_item:
warn("'misuse' item in 'action' item not handled, yet")
#warn("'misuse' item in 'action' item maps to TTP")
#misusattack_patternTP = TTP()
#add_misuse_item(misuse_item, misuseTTP)
#pkg.add_ttp(misuseTTP)
physical_item = action_item.get('physical')
if physical_item:
add_physical(physical_item, pkg)
social_item = action_item.get('social')
if social_item:
social_ttp = TTP()
add_social(social_item, social_ttp)
pkg.add_ttp(social_ttp)
unknown_item = action_item.get('unknown')
if unknown_item:
unknown_ttp = TTP()
unknown_ttp.title = "Unknown"
notes_item = unknown_item.get("notes")
if notes_item:
unknown_ttp.title += " - " + escape(notes_item)
pkg.add_ttp(unknown_ttp)示例12: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
from stix.campaign import Campaign, Attribution
from stix.threat_actor import ThreatActor
from stix.core import STIXPackage
from stix.ttp import TTP, VictimTargeting
ttp = TTP()
ttp.title = "Victim Targeting: Customer PII and Financial Data"
ttp.victim_targeting = VictimTargeting()
ttp.victim_targeting.add_targeted_information("Information Assets - Financial Data")
actor = ThreatActor()
actor.title = "People behind the intrusion"
c = Campaign()
c.attribution.append(actor)
c.title = "Compromise of ATM Machines"
c.related_ttps.append(ttp)
pkg = STIXPackage()
pkg.add_campaign(c)
print pkg.to_xml()示例13: buildTtp
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def buildTtp(input_dict):
ttp = TTP()
ttp.title = input_dict['title']
ttp.description = input_dict['description']
if input_dict['intendedEffect']:
ttp.add_intended_effect(input_dict['intendedEffect'])
if input_dict['behavior']:
ttp.behavior = Behavior(input_dict['behavior'])
if input_dict['resources']:
ttp.resources = input_dict['resources']
if input_dict['victimTargeting']:
#TODO look into adding more victim fields
vic = VictimTargeting()
vic.add_targeted_information(input_dict['victimTargeting'])
ttp.victim_targeting = vic
#target = ExploitTargets().
#target.append(input_dict['exploitTargets'])
#ttp.exploit_targets = target
if input_dict['informationSource']:
ttp.information_source = InformationSource(input_dict['informationSource'])
if input_dict['killChain']:
ttp.kill_chain_phases = input_dict['killChain']
return ttp示例14: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
# "hardcoded" values
ns = "urn:example.com:marks_malware_metadata_mart"
ns_alias = "m4"
# Set the STIX ID Namespace
stix_namespace = {ns: ns_alias}
stix_sin(stix_namespace)
# Set the CybOX ID Namespace
cybox_namespace = Namespace(ns, ns_alias)
cybox_sin(cybox_namespace)
ttp_id = 'ttp-d539bb85-9363-4814-83c8-fa9975045686'
ttp_timestamp = '2014-09-30T15:56:27.000000+00:00'
# Fake database values
md5_hash = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
object_id = 'File-927731f2-cc2c-421c-a40e-dc6f4a6c75a4'
observable_id = 'Observable-45e3e64c-8438-441e-bc49-51e417466e29'
confidence = 'High'
confidence_timestamp = '2014-09-29T14:32:00.000000'
indicator_id = 'Indicator-54baefc1-4742-4b40-ba83-afd51115015b'
indicator_timestamp = '2014-09-29T14:32:00.000000'
# Code to create the STIX Package
sp = STIXPackage()
sp.stix_header = STIXHeader()
sp.stix_header.title = "File Hash Reputation for %s" % md5_hash
sp.stix_header.add_package_intent("Indicators - Malware Artifacts")
sp.stix_header.information_source = InformationSource()
sp.stix_header.information_source.identity = Identity()
sp.stix_header.information_source.identity.name = "Mark's Malware Metadata Mart"
file_hash = Hash(hash_value=md5_hash, type_='MD5', exact=True)
file_hash.type_.condition = "Equals"
file_obj = File()
file_obj.id_ = (ns_alias + ':' + object_id)
file_obj.add_hash(file_hash)
indicator = Indicator(title="File Hash Reputation",
id_=(ns_alias + ':' + indicator_id),
timestamp=indicator_timestamp)
indicator.indicator_type = "File Hash Reputation"
indicator.add_observable(file_obj)
indicator.observables[0].id_ = ns_alias + ':' + observable_id
ttp = TTP()
ttp.id_ = ns_alias + ':' + ttp_id
ttp.timestamp = ttp_timestamp
ttp.title = "Malicious File"
indicator.add_indicated_ttp(TTP(idref=ttp.id_, timestamp=ttp.timestamp))
indicator.indicated_ttps[0].confidence = confidence
indicator.indicated_ttps[0].confidence.timestamp = confidence_timestamp
sp.add_indicator(indicator)
sp.add_ttp(ttp)
stix_xml = sp.to_xml()
poll_response = tm11.PollResponse(message_id=generate_message_id(),
in_response_to="1234",
collection_name='file_hash_reputation')
cb = tm11.ContentBlock(content_binding=CB_STIX_XML_111,
content=stix_xml)
poll_response.content_blocks.append(cb)
print poll_response.to_xml(pretty_print=True)示例15: main
# 需要导入模块: from stix.ttp import TTP [as 别名]
# 或者: from stix.ttp.TTP import title [as 别名]
def main():
# get args
parser = argparse.ArgumentParser ( description = "Parse a given CSV from Shadowserver and output STIX XML to stdout"
, formatter_class=argparse.ArgumentDefaultsHelpFormatter )
parser.add_argument("--infile","-f", help="input CSV with bot data", default = "bots.csv")
args = parser.parse_args()
# setup stix document
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.title = "Bot Server IP addresses"
stix_header.description = "IP addresses connecting to bot control servers at a given port"
stix_header.add_package_intent ("Indicators - Watchlist")
# add marking
mark = Marking()
markspec = MarkingSpecification()
markstruct = SimpleMarkingStructure()
markstruct.statement = "Usage of this information, including integration into security mechanisms implies agreement with the Shadowserver Terms of Service available at https://www.shadowserver.org/wiki/pmwiki.php/Shadowserver/TermsOfService"
markspec.marking_structures.append(markstruct)
mark.add_marking(markspec)
stix_header.handling = mark
# include author info
stix_header.information_source = InformationSource()
stix_header.information_source.time = Time()
stix_header.information_source.time.produced_time =datetime.now(tzutc())
stix_header.information_source.tools = ToolInformationList()
stix_header.information_source.tools.append("ShadowBotnetIP-STIXParser")
stix_header.information_source.identity = Identity()
stix_header.information_source.identity.name = "MITRE STIX Team"
stix_header.information_source.add_role(VocabString("Format Transformer"))
src = InformationSource()
src.description = "https://www.shadowserver.org/wiki/pmwiki.php/Services/Botnet-CCIP"
srcident = Identity()
srcident.name = "shadowserver.org"
src.identity = srcident
src.add_role(VocabString("Originating Publisher"))
stix_header.information_source.add_contributing_source(src)
stix_package.stix_header = stix_header
# add TTP for overall indicators
bot_ttp = TTP()
bot_ttp.title = 'Botnet C2'
bot_ttp.resources = Resource()
bot_ttp.resources.infrastructure = Infrastructure()
bot_ttp.resources.infrastructure.title = 'Botnet C2'
stix_package.add_ttp(bot_ttp)
# read input data
fd = open (args.infile, "rb")
infile = csv.DictReader(fd)
for row in infile:
# split indicators out, may be 1..n with positional storage, same port and channel, inconsistent delims
domain = row['Domain'].split()
country = row['Country'].split()
region = row['Region'].split('|')
state = row['State'].split('|')
asn = row['ASN'].split()
asname = row['AS Name'].split()
asdesc = row['AS Description'].split('|')
index = 0
for ip in row['IP Address'].split():
indicator = Indicator()
indicator.title = "IP indicator for " + row['Channel']
indicator.description = "Bot connecting to control server"
# point to overall TTP
indicator.add_indicated_ttp(TTP(idref=bot_ttp.id_))
# add our IP and port
sock = SocketAddress()
sock.ip_address = ip
# add sighting
sight = Sighting()
sight.timestamp = ""
obs = Observable(item=sock.ip_address)
obsref = Observable(idref=obs.id_)
sight.related_observables.append(obsref)
indicator.sightings.append(sight)
stix_package.add_observable(obs)
# add pattern for indicator
sock_pattern = SocketAddress()
sock_pattern.ip_address = ip
port = Port()
port.port_value = row['Port']
#.........这里部分代码省略.........