def create(): reports = [] reports.extend(get_zeus()) reports.extend(get_palevo()) reports.extend(get_spyeye()) feedinfo = {'name': 'abusech', 'display_name': "abuse.ch Malware Domains", 'provider_url': "http://www.abuse.ch", 'summary': "abuse.ch tracks C&C servers for Zeus, SpyEye and Palevo malware. " + "This feed combines the three domain names blocklists.", 'tech_data': "There are no requirements to share any data to receive this feed.", "icon": "abuse.ch.jpg" } # the lazy way to the icon old_cwd = os.getcwd() os.chdir(os.path.dirname(os.path.realpath(__file__))) feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) bytes = feed.dump() os.chdir(old_cwd) return bytes
def build_feed_data(feed_name: str, display_name: str, feed_summary: str, site: str, icon_link: str, reports: List[Dict[str, Any]]) -> str: """ Return a feed definition as a JSON string definition. :param feed_name: the short name of the feed :param display_name: the display name of the feed :param feed_summary: the feed summary :param site: the site name :param icon_link: path to the icon source :param reports: List of gathered reports :return: feed as JSON string """ feedinfo = {'name': feed_name, 'display_name': display_name, 'provider_url': 'http://' + site, 'summary': feed_summary, 'tech_data': "There are no requirements to share any data to receive this feed.", } # handle optionals if icon_link: feedinfo['icon'] = icon_link feedinfo = CbFeedInfo(**feedinfo) reports = remove_duplicate_reports(reports) feed = CbFeed(feedinfo, reports) return feed.dump()
def create(): nodes = get_tor_nodes() reports = build_reports(nodes) feedinfo = {'name': 'tor', 'display_name': "Tor Exit Nodes", 'provider_url': 'https://www.torproject.org/', 'summary': "This feed is a list of Tor Node IP addresses, updated every 30 minutes.", 'tech_data': "There are no requirements to share any data to receive this feed.", 'icon': 'tor.png', 'icon_small': 'tor.small.jpg', 'category': 'Open Source', } # lazy way out to get right icon path. sorry. old_cwd = os.getcwd() os.chdir(os.path.dirname(os.path.realpath(__file__))) feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) created_feed = feed.dump() os.chdir(old_cwd) return created_feed
def create(localcsv=None): if localcsv: lines = open(localcsv, "r").readlines() else: r = requests.get("http://www.malwaredomainlist.com/mdlcsv.php", stream=True) lines = r.text.split("\r\n") reports = reports_from_csv(lines) feedinfo = {'name': 'mdl', 'display_name': "Malware Domain List", 'provider_url': "http://www.malwaredomainlist.com/mdl.php", 'summary': "Malware Domain List is a non-commercial community project to track domains used by malware." + " This feed contains the most recent 180 days of entries.", 'tech_data': "There are no requirements to share any data to receive this feed.", "icon": "mdl.png" } # lazy way out old_cwd = os.getcwd() os.chdir(os.path.dirname(os.path.realpath(__file__))) feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) bytes = feed.dump() os.chdir(old_cwd) return bytes
def _initialize_feed(self): feed = { "name": self.integration_name, "display_name": self.integration_display_name(), "summary": self.integration_summary(), "tech_data": self.integration_detail(), "provider_url": self.integration_url(), "icon": self.integration_icon() } return CbFeedInfo(**feed)
def create_feed(options): # generate the required feed information fields # based on command-line arguments # feedinfo = { 'name': options.name, 'display_name': options.display_name, 'provider_url': options.url, 'summary': options.summary, 'tech_data': options.techdata } # if an icon was provided, encode as base64 and # include in the feed information # if options.icon: b64bytes = base64.b64encode(open(options.icon).read()).decode("utf-8") feedinfo['icon'] = b64bytes # if a small icon was provided, encode as base64 and # include in the feed information # if options.small_icon: b64bytes = base64.b64encode(open( options.small_icon).read()).decode("utf-8") feedinfo['icon_small'] = b64bytes # if a feed category was provided, include it in the feed information # if options.category: feedinfo['category'] = options.category # build a CbFeedInfo instance # this does field validation # feedinfo = CbFeedInfo(**feedinfo) # build a list of reports (always one report in this # case). the single report will include all the IOCs # reports = build_reports(options) # build a CbFeed instance # this does field validation (including on the report data) # feed = CbFeed(feedinfo, reports) return feed.dump()
def create(): nodes = get_tor_nodes() reports = build_reports(nodes) feedinfo = {'name': 'tor', 'display_name': "Tor Exit Nodes", 'provider_url': 'https://www.torproject.org/', 'summary': "This feed is a list of Tor Node IP addresses, updated every 30 minutes.", 'tech_data': "There are no requirements to share any data to receive this feed.", 'icon': 'images/tor.png'} feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) return feed.dump()
def generate_feed_information(): """ return a dictionary of feed information this is feed 'metadata' - the description of the feed, and not the feed contents """ feed = {} feed["name"] = "iSIGHT" feed["display_name"] = "iSIGHT Partners feed" feed["summary"] = "iSIGHT Partners provides a cyber intelligence feed" feed[ "tech_data"] = "There are no requirements to share any data with Carbon Black to receive this feed. The underlying IOC data is provided by iSIGHT Partners" feed["provider_url"] = "http://www.isightpartners.com/" feed["icon"] = "isight.png" feed["icon_small"] = "isight.small.jpg" feed["category"] = "Partner" return CbFeedInfo(**feed)
def create(input_source): reports = build_reports(input_source) # **************************** # TODO - you probably want to change these values to reflect your # local input source feedinfo = { 'name': 'stiximport', 'display_name': "STIX Package Import", 'provider_url': 'http://stix.mitre.org', 'summary': "This feed was imported from stix package(s) at %s" % input_source, 'tech_data': "There are no requirements to share any data to receive this feed.", 'icon': 'images/stix.gif' } feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) return feed.dump()
def build_feed_data(feed_name, display_name, feed_summary, site, icon_link, reports): """ :return:feed as bytes to be written out """ feedinfo = { 'name': feed_name, 'display_name': display_name, 'provider_url': 'http://' + site, 'summary': feed_summary, 'tech_data': "There are no requirements to share any data to receive this feed.", 'icon': icon_link } feedinfo = CbFeedInfo(**feedinfo) reports = remove_duplicate_reports(reports) feed = CbFeed(feedinfo, reports) return feed.dump()
def create(): reports = [] tmp = get_zeus() if tmp: reports.extend(tmp) tmp = get_feodo() if tmp: reports.extend(tmp) tmp = get_ransomware() if tmp: reports.extend(tmp) feedinfo = { 'name': 'abusech', 'display_name': "abuse.ch Malware Domains", 'provider_url': "http://www.abuse.ch", 'summary': "abuse.ch tracks C&C servers for Zeus and Palevo malware. " + "This feed combines the two domain names blocklists.", 'tech_data': "There are no requirements to share any data to receive this feed.", 'icon': "abuse.ch.jpg", 'icon_small': "abuse.ch.small.jpg", 'category': "Open Source" } # the lazy way to the icon old_cwd = os.getcwd() os.chdir(os.path.dirname(os.path.realpath(__file__))) feedinfo = CbFeedInfo(**feedinfo) feed = CbFeed(feedinfo, reports) feed_bytes = feed.dump() os.chdir(old_cwd) return feed_bytes