def update_description(self, description):
'''
Update the description) of an IOC
This creates the description node if it is not present.
input
description: Value to set the description too
returns True.
'''
desc_node = self.metadata.find('description')
if desc_node is None:
print 'Could not find short description node for [%s]' % str(self.iocid)
print 'Creating & inserting the short description node'
desc_node = ioc_et.make_description_node(description)
insert_index = 0
for child in self.metadata.getchildren():
if child.tag == 'short_description':
index = self.metadata.index(child)
insert_index = index + 1
break
self.metadata.insert(insert_index, desc_node)
else:
desc_node.text = description
return True
def update_description(self, description):
'''
Update the description) of an IOC
This creates the description node if it is not present.
input
description: Value to set the description too
returns True.
'''
desc_node = self.metadata.find('description')
if desc_node is None:
print 'Could not find short description node for [%s]' % str(
self.iocid)
print 'Creating & inserting the short description node'
desc_node = ioc_et.make_description_node(description)
insert_index = 0
for child in self.metadata.getchildren():
if child.tag == 'short_description':
index = self.metadata.index(child)
insert_index = index + 1
break
self.metadata.insert(insert_index, desc_node)
else:
desc_node.text = description
return True
def __init__(self, ioc_xml):
self.working_xml = copy.deepcopy(ioc_xml)
self.orig_xml = copy.deepcopy(ioc_xml)
self.attributes = self.working_xml.attrib
metadata_root = "TEST"
if self.working_xml.nsmap[None] == "http://schemas.mandiant.com/2010/ioc":
self.version = "1.0"
metadata_root = self.working_xml
self.criteria = self.working_xml.find('definition')
if self.criteria == None:
self.working_xml.append(ioc_et.make_definition_node(ioc_et.make_Indicator_node("OR")))
self.criteria = self.working_xml.find('definition')
self.parameters = None
elif self.working_xml.nsmap[None] == "http://openioc.org/schemas/OpenIOC_1.1":
self.version = "1.1"
metadata_root = self.working_xml.find('metadata')
if metadata_root == None:
self.working_xml.append(ioc_et.make_metadata_node(name = "*Missing*", author = "*Missing*", description = "*Missing*", links=ioc_et.make_links_node()))
metadata_root = self.working_xml.find('metadata')
self.criteria = self.working_xml.find('criteria')
if self.criteria == None:
self.working_xml.append(ioc_et.make_criteria_node(ioc_et.make_Indicator_node("OR")))
self.criteria = self.working_xml.find('criteria')
self.parameters = self.working_xml.find('parameters')
if self.parameters == None:
self.working_xml.append(ioc_et.make_parameters_node())
self.parameters = self.working_xml.find('parameters')
self.name = metadata_root.find('short_description')
if self.name == None:
metadata_root.append(ioc_et.make_short_description_node("*Missing*"))
self.name = metadata_root.find('short_description')
self.desc = metadata_root.find('description')
if self.desc == None:
metadata_root.append(ioc_et.make_description_node("*Missing*"))
self.desc = metadata_root.find('description')
self.author = metadata_root.find('authored_by')
if self.author == None:
metadata_root.append(ioc_et.make_authored_by_node("*Missing*"))
self.author = metadata_root.find('authored_by')
self.created = metadata_root.find('authored_date')
if self.created == None:
metadata_root.append(ioc_et.make_authored_date_node())
self.created = metadata_root.find('authored_date')
self.links = metadata_root.find('links')
if self.links == None:
metadata_root.append(ioc_et.make_links_node())
self.links = metadata_root.find('links')
def add_ioc(self, author, version):
new_ioc_xml = ioc_et.make_IOC_root(version=version)
ioc_file = new_ioc_xml.attrib['id'] + ".ioc"
full_path = os.path.join(self.working_dir, ioc_file)
if version == "1.0":
new_ioc_xml.append(ioc_et.make_short_description_node(name = "*New IOC*"))
new_ioc_xml.append(ioc_et.make_description_node(text="PyIOCe Generated IOC"))
new_ioc_xml.append(ioc_et.make_authored_by_node(author = author))
new_ioc_xml.append(ioc_et.make_authored_date_node())
new_ioc_xml.append(ioc_et.make_links_node())
new_ioc_xml.append(ioc_et.make_definition_node(ioc_et.make_Indicator_node("OR")))
elif version == "1.1":
new_ioc_xml.append(ioc_et.make_metadata_node( name = "*New IOC*", author = "PyIOCe", description = "PyIOCe Generated IOC"))
new_ioc_xml.append(ioc_et.make_criteria_node(ioc_et.make_Indicator_node("OR")))
new_ioc_xml.append(ioc_et.make_parameters_node())
self.iocs[full_path] = IOC(new_ioc_xml)
self.iocs[full_path].orig_xml = et.Element('New')
return full_path
