def create_discovery_method_instance(self,argument_list=None,child_pid_list=None,creation_time =None,is_hidden=None,image_info=None,extracted_features=None,environment_variable_list=None,
kernel_time=None,name=None,network_connection_list=None,parent_pid=None,pid=None,port_list=None,start_time=None,user_time=None,username=None):
instance = Process()
instance.argument_list= argument_list
instance.child_pid_list=child_pid_list
instance.creation_time = DateTime(creation_time)
instance.username=username
instance.user_time = Duration(user_time)
instance.start_time = DateTime(start_time)
instance.port_list =port_list
instance.pid = pid
instance.parent_pid = parent_pid
if network_connection_list is not None and (all(isinstance(x,NetworkConnection ) for x in network_connection_list)):
instance.network_connection_list = NetworkConnectionList()
for netcon in network_connection_list:
instance.network_connection_list.append(netcon)
else:
instance.network_connection_list= None
instance.name = name
instance.kernel_time = Duration(kernel_time)
if environment_variable_list is not None and (all(isinstance(x,EnvironmentVariable ) for x in environment_variable_list)):
instance.environment_variable_list = EnvironmentVariableList()
for envar in environment_variable_list:
instance.environment_variable_list.append(envar)
else:
instance.environment_variable_list =None
instance.extracted_features =extracted_features
instance.image_info = image_info
instance.is_hidden= is_hidden
return instance
def addsec_to_cybox(as_obtype, as_obdata):
#
# Addition Security to CybOX mappings, for discrete/separate observables
#
# 30: DataTypeSymbolName
if as_obtype == 30:
a = API()
a.function_name = as_obdata
return a
# 32: DataTypeLibraryName
if as_obtype == 32:
l = Library()
l.name = as_obdata
l.path = as_obdata
return l
# 14: DataTypeUsername
if as_obtype == 14:
u = UserAccount()
u.username = as_obdata
return u
# 10: DataTypeFile
if as_obtype == 10:
f = File()
f.full_path = as_obdata
return f
# 23: DataTypeHostname
if as_obtype == 23:
h = Hostname()
h.hostname_value = as_obdata
return h
# 29: DataTypeEnvString
if as_obtype == 29:
# Here, Process is meant to represent the hosting process; then we
# attach the actual environment variable value
p = Process()
p.environment_variable_list = as_obdata
return p
# 17: DataTypeApplication
if as_obtype == 17:
# Particularly on Android, identification of an installed package fits
# somewhere between File and Process, but not quite either. The closest
# fit is around LinuxPackage, which is what we use. We should technically
# derive from it, but we're trying to keep things simple.
p = LinuxPackage()
p.name = as_obdata
return p
# 11: DataTypeX509
# 12: DataTypeX509Subject
# 13: DataTypeX509Issuer
if as_obtype == 11 or as_obtype == 12 or as_obtype == 13:
c = X509Certificate()
if as_obtype == 11: c.raw_certificate = as_obdata.encode('hex')
if as_obtype == 12: c.certificate.subject = as_obdata
if as_obtype == 13: c.certificate.issuer = as_obdata
return c
# 2: DataTypeSHA1Hash
# 7: DataTypeVersionString
# 18: DataTypeString
# 31: DataTypePropertyName
# TODO: find the proper CybOX to represent these; for now, we don't
# report them
return None
