Beispiel #1
0
def parse(xml_file):
    # create binding object from xml file
    observables_obj = cybox_core_binding.parse(xml_file)

    # convert binding object into python-cybox object
    observables = Observables.from_obj(observables_obj)
    return observables
Beispiel #2
0
def parse(xml_file):
    obs_obj = cybox_core_binding.parse(xml_file) # create binding object from xml file
    obs = Observables.from_obj(obs_obj) # convert binding object into python-cybox object
    #pro = process_binding.parse(xml_file)
    #p = Process.from_obj(pro)
    #print p.pid    
    return obs
Beispiel #3
0
def parse(xml_file):
    # create binding object from xml file
    observables_obj = cybox_core_binding.parse(xml_file)

    # convert binding object into python-cybox object
    observables = Observables.from_obj(observables_obj)
    return observables
    def generate_oval(self):
        #Basic input file checking
        if os.path.isfile(self.infilename):
            #Parse the cybox file
            observables = cybox.parse(self.infilename)
            try:
                sys.stdout.write('Generating ' + self.outfilename + ' from ' +
                                 self.infilename + '...')
                print
                normal_observables = []
                obscomp_observables = []

                #Parse the observables and create their corresponding OVAL
                #Two bins: one for observables with observable compositions, and one for those without
                #This is to ensure that we account for referenced observables correctly
                for observable in observables.Observable:
                    if not observable.Observable_Composition:
                        normal_observables.append(observable)
                    elif observable.Observable_Composition:
                        obscomp_observables.append(observable)

                self.process_observables(obscomp_observables,
                                         normal_observables)

                #Build up the OVAL document from the parsed data and corresponding objects
                self.__build_oval_document()

                #Export to the output file
                outfile = open(self.outfilename, 'w')
                self.ovaldefroot.export(
                    outfile,
                    0,
                    namespacedef_=
                    'xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows http://oval.mitre.org/language/version5.7/ovaldefinition/complete/windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-common-schema.xsd"'
                )
                sys.stdout.write('Done')
                if self.verbose_mode:
                    for observable in self.skipped_observables:
                        print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'

            except Exception, err:
                print('\nError: %s\n' % str(err))
                if self.verbose_mode:
                    traceback.print_exc()
                    for observable in self.skipped_observables:
                        print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'
Beispiel #5
0
def read_cybox(input_file, isJson):
    if not isJson:
        cybox_obj = cybox_core_binding.parse(input_file)
        cybox_observables = Observables.from_obj(cybox_obj)
        cybox_data = cybox_observables.to_dict()
    else:
        with open(input_file, 'r') as f:
            cybox_data = json.load(input_file)

    # TODO: Add other indicator types
    indicator_data = {'ip_addresses': [],
                      'hostnames': [] }

    # TODO: Support additional logic (build parse tree or similar?)
    for each in cybox_data['observables']:
        if each['object']['properties']['category'] == 'ipv4-addr':
            indicator_data['ip_addresses'].append(each['object']['properties']['address_value'])

    return indicator_data
Beispiel #6
0
    def __get_email_cybox_object(self, email_sha256, log, config=None):
        if not config:
            return None, None, None

        mail_path = os.path.join(config['emailpath'], email_sha256[0:2], email_sha256[2:4], email_sha256)
        email_path = os.path.join(mail_path, 'cybox-%s-message.xml' % (email_sha256))
        email_stix_path = os.path.join(mail_path, 'stix-%s-email-message.xml' % (email_sha256))
        email_stix_filename = 'stix-%s-email-message.xml' % (email_sha256)
        if os.path.exists(mail_path) and os.path.exists(email_path):
            try:
                observables_obj = cybox_core_binding.parse(email_path)
                obs = Observables.from_obj(observables_obj)
                email_observables = obs.observables[1:]
                email_object = Object.from_obj(obs.observables[0].to_obj().Object)
                return email_object._properties, email_observables, (email_stix_path, email_stix_filename)
            except StandardError as e:
                log.error("failed extracting cybox email observable: %s" % (e))
                return None, None, None
        log.warning("no cybox report or email found for given hash: %s" % (email_path))
        return None, None, None
Beispiel #7
0
def alta_informacion(request):
    #"""
    #When in GET method return all the Content Blocks.
    #When in POST method, given a content binding id, a title, description and content we create a Content Block.
    #"""
    logger = logging.getLogger('TAXIIApplication.rest.views.alta_informacion')
    logger.debug('Entering alta_informacion')
    logger.debug(request.method)
    if request.method == 'GET':
        content = ContentBlock.objects.all()
        serializer = ContentBlockSerializer(content, many=True)
        return Response(serializer.data)
    elif request.method == 'POST':
        cont = request.DATA.get('content')

        c = StringIO.StringIO(cont)

        logger.debug(request.DATA.get('content_binding'))

	observables_obj = cybox_core_binding.parse(c)
	observables = Observables.from_obj(observables_obj)

        logger.debug(str(observables))

        stix_package = STIXPackage()
        stix_header = STIXHeader()

        stix_header.description = request.DATA.get('description')
        stix_header.title = request.DATA.get('title') 
        stix_package.stix_header = stix_header
        stix_package.add_observable(observables)

    	content_binding = ContentBindingId.objects.get(id=1)
    	cb = ContentBlock(title=request.DATA.get('title'), description=request.DATA.get('description') ,content_binding=content_binding, content=stix_package.to_xml())
    	cb.save()
        df = DataFeed.objects.get(name='default')

        df.content_blocks.add(cb)
	return Response(status=status.HTTP_201_CREATED)
    def generate_oval(self):
        #Basic input file checking
        if os.path.isfile(self.infilename):    
            #Parse the cybox file
            observables = cybox.parse(self.infilename)
            try:
                sys.stdout.write('Generating ' + self.outfilename + ' from ' + self.infilename + '...')
                print
                normal_observables = []
                obscomp_observables = []

                #Parse the observables and create their corresponding OVAL
                #Two bins: one for observables with observable compositions, and one for those without
                #This is to ensure that we account for referenced observables correctly
                for observable in observables.Observable:
                    if not observable.Observable_Composition:
                        normal_observables.append(observable)
                    elif observable.Observable_Composition:
                        obscomp_observables.append(observable)

                self.process_observables(obscomp_observables, normal_observables)

                #Build up the OVAL document from the parsed data and corresponding objects
                self.__build_oval_document()

                #Export to the output file
                outfile = open(self.outfilename, 'w')
                self.ovaldefroot.export(outfile, 0, namespacedef_='xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows http://oval.mitre.org/language/version5.7/ovaldefinition/complete/windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-common-schema.xsd"')
                sys.stdout.write('Done')
                if self.verbose_mode:
                    for observable in self.skipped_observables:
                        print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'

            except Exception, err:
                print('\nError: %s\n' % str(err))
                if self.verbose_mode:
                    traceback.print_exc()
                    for observable in self.skipped_observables:
                        print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'
Beispiel #9
0
def from_file(filename):
    cybox_obj = core_binding.parse(os.path.abspath(filename))
    return Observables.from_obj(cybox_obj)
Beispiel #10
0
def from_file(filename):
    cybox_obj = core_binding.parse(os.path.abspath(filename))
    return Observables.from_obj(cybox_obj)
def parse(filepath):
    xml = open(filepath,"r")
    par = cybox_core_binding.parse(xml)
    obs = Observables.from_obj(par)
    return obs