def from_dict(win_process_dict, win_process_cls = None):
if not win_process_dict:
return None
if win_process_cls == None:
winprocess_ = Process.from_dict(win_process_dict, WinProcess())
else:
winprocess_ = Process.from_dict(win_process_dict, win_process_cls)
winprocess_.aslr_enabled = win_process_dict.get('aslr_enabled')
winprocess_.dep_enabled = win_process_dict.get('dep_enabled')
winprocess_.handle_list = WinHandleList.from_list(win_process_dict.get('handle_list'))
winprocess_.priority = String.from_dict(win_process_dict.get('priority'))
winprocess_.section_list = [Memory.from_dict(x) for x in win_process_dict.get('section_list', [])]
winprocess_.security_id = String.from_dict(win_process_dict.get('security_id'))
winprocess_.startup_info = StartupInfo.from_dict(win_process_dict.get('startup_info'))
winprocess_.security_type = String.from_dict(win_process_dict.get('security_type'))
winprocess_.window_title = String.from_dict(win_process_dict.get('window_title'))
return winprocess_
def from_dict(process_tree_node_dict):
if not process_tree_node_dict:
return None
process_tree_node_ = Process.from_dict(process_tree_node_dict, ProcessTreeNode())
process_tree_node_.id = process_tree_node_dict.get('id')
process_tree_node_.parent_action_idref = process_tree_node_dict.get('parent_action_idref')
process_tree_node_.initiated_actions = ActionReferenceList.from_list(process_tree_node_dict.get('initiated_actions'))
process_tree_node_.spawned_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('spawned_processes', [])]
process_tree_node_.injected_processes = [ProcessTreeNode.from_dict(x) for x in process_tree_node_dict.get('injected_processes', [])]
return process_tree_node_
from cybox.objects.file_object import File
from cybox.objects.win_service_object import WinService
from cybox.objects.win_registry_key_object import WinRegistryKey
# this can be changed to an output file
outfd = sys.stdout
# create an Observable object:
observables_doc = Observables([])
# add some different observables:
# you don't have to use every member and there are other members that are not being utilized here:
observables_doc.add(Process.from_dict({"name": "Process.exe",
"pid": 90,
"parent_pid": 10,
#"creation_time": "",
"image_info": {"command_line": "Process.exe /c blah.txt"}}))
observables_doc.add(File.from_dict({"file_name": "file.txt",
"file_extension": "txt",
"file_path": "path\\to\\file.txt"}))
observables_doc.add(helper.create_ipv4_observable("192.168.1.101"))
observables_doc.add(helper.create_url_observable("somedomain.com"))
observables_doc.add(WinService.from_dict({"service_name": "Service Name",
"display_name": "Service Display name",
"startup_type": "Service type",
