Beispiel #1
0
    def write_cbs_from_poll_response_11(self,
                                        poll_response,
                                        dest_dir,
                                        write_type_=W_CLOBBER):
        """
        This function writes content blocks to file from a TAXII 1.1 Poll Response
        """

        for cb in poll_response.content_blocks:
            if cb.content_binding.binding_id == CB_STIX_XML_10:
                format_ = '_STIX10_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_101:
                format_ = '_STIX101_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_11:
                format_ = '_STIX11_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_111:
                format_ = '_STIX111_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_12:
                format_ = '_STIX12_'
                ext = '.xml'
            else:  # Format and extension are unknown
                format_ = ''
                ext = ''

            if cb.timestamp_label:
                date_string = 't' + cb.timestamp_label.isoformat()
            else:
                date_string = 's' + datetime.datetime.now().isoformat()

            filename = gen_filename(poll_response.collection_name, format_,
                                    date_string, ext)
            filename = os.path.join(dest_dir, filename)
            write, message = TaxiiScript.get_write_and_message(
                filename, write_type_)

            if write:
                with io.open(filename, 'wb') as f:
                    f.write(cb.content.encode())

            print("%s%s" % (message, filename))
Beispiel #2
0
    def write_cbs_from_poll_response_11(self, poll_response, dest_dir, write_type_=W_CLOBBER):
        """
        This function writes content blocks to file from a TAXII 1.1 Poll Response
        """

        for cb in poll_response.content_blocks:
            if cb.content_binding.binding_id == CB_STIX_XML_10:
                format_ = '_STIX10_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_101:
                format_ = '_STIX101_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_11:
                format_ = '_STIX11_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_111:
                format_ = '_STIX111_'
                ext = '.xml'
            elif cb.content_binding.binding_id == CB_STIX_XML_12:
                format_ = '_STIX12_'
                ext = '.xml'
            else:  # Format and extension are unknown
                format_ = ''
                ext = ''

            if cb.timestamp_label:
                date_string = 't' + cb.timestamp_label.isoformat()
            else:
                date_string = 's' + datetime.datetime.now().isoformat()

            filename = gen_filename(poll_response.collection_name,
                                    format_,
                                    date_string,
                                    ext)
            filename = os.path.join(dest_dir, filename)
            write, message = TaxiiScript.get_write_and_message(filename, write_type_)

            if write:
                with io.open(filename, 'wb') as f:
                    f.write(cb.content)

            print("%s%s" % (message, filename))
Beispiel #3
0
    def write_response_to_import(self, response, dest_dir):
        """ write response to disc """
        if not os.path.exists(dest_dir):
            os.makedirs(dest_dir)

        for cb in response.content_blocks:
            if cb.content_binding.binding_id == CB_STIX_XML_10: sformat = '_STIX10_'
            elif cb.content_binding.binding_id == CB_STIX_XML_101: sformat = '_STIX101_'
            elif cb.content_binding.binding_id == CB_STIX_XML_11: sformat = '_STIX11_'
            elif cb.content_binding.binding_id == CB_STIX_XML_111: sformat = '_STIX111_'
            else: sformat = ''
            ext = '.xml'

            date_string = 's' + datetime.datetime.now().isoformat()
            if cb.timestamp_label: date_string = 't' + cb.timestamp_label.isoformat()

            filename = gen_filename(response.collection_name, sformat, date_string, ext)
            filename = os.path.join(dest_dir, filename)
            with open(filename, 'w') as f:
                f.write(cb.content)
        return True
Beispiel #4
0
def file_name_for_content_block(content_block, collection):
    # Shamelessly mimics libtaxii (for compatability).
    format_for_binding_id = {
        CB_STIX_XML_10: '_STIX10_',
        CB_STIX_XML_101: '_STIX101_',
        CB_STIX_XML_11: '_STIX11_',
        CB_STIX_XML_111: '_STIX111_',
    }
    binding_id = content_block.content_binding.binding_id
    if binding_id in format_for_binding_id:
        format_ = format_for_binding_id[binding_id]
        extension = '.xml'
    else:
        format_ = ''
        extension = ''

    if content_block.timestamp_label:
        date_string = 't' + content_block.timestamp_label.isoformat()
    else:
        date_string = 's' + datetime.datetime.now().isoformat()

    return gen_filename(collection, format_, date_string, extension)
    def process_fsisac_stix_for_today(self):
        today_str = datetime.datetime.today().strftime('%Y-%m-%d')
        print "[*] Downloading stix for today (%s)..." % (today_str)

        # Create a TAXII Client
        client = tc.HttpClient()
        client.set_auth_type(tc.HttpClient.AUTH_CERT_BASIC
                             )  # Username/password plus client cert auth
        client.set_use_https(True)  # Use HTTPS

        # Update with your CIR credentials
        client.auth_credentials['username'] = FSISAC_USERNAME
        client.auth_credentials['password'] = FSISAC_PASSWORD
        client.auth_credentials['key_file'] = FSISAC_KEY
        client.auth_credentials['cert_file'] = FSISAC_CERT

        taxii_server = 'analysis.fsisac.com'
        taxii_service = '/taxii-discovery-service/'
        feed = 'system.Default'  # TAXII feed to be polled. Update to poll a custom TAXII feed.

        # TAXII poll Exclusive Start Date and Inclusive End Date, as python datetime tuples.
        toyear = datetime.datetime.today().year
        tomonth = datetime.datetime.today().month
        today = datetime.datetime.today().day
        yesterday = datetime.datetime.today() + datetime.timedelta(days=-1)
        yesterday = yesterday.day

        # print "=" * 100
        # print "DEBUGGING"
        # print "=" * 100
        # print toyear, tomonth, yesterday # debug
        # print toyear, tomonth, today # debug
        # print "=" * 100

        if yesterday == 31:
            start = datetime.datetime(toyear,
                                      tomonth - 1,
                                      yesterday,
                                      tzinfo=pytz.UTC)
        else:
            start = datetime.datetime(toyear,
                                      tomonth,
                                      yesterday,
                                      tzinfo=pytz.UTC)

        end = datetime.datetime(toyear, tomonth, today, tzinfo=pytz.UTC)

        # start = datetime.datetime(2019, 4, 5, tzinfo=pytz.UTC)
        # end = datetime.datetime(2019, 4, 5, tzinfo=pytz.UTC)

        # A TAXII poll can return a lot of data. For performance reasons, if the polling period spans multiple days,
        # only poll for one day at a time within the polling period.
        inc_start = start
        inc_end = inc_start + datetime.timedelta(days=1)

        while inc_start <= end:
            params = tm11.PollParameters()
            #Create the TAXII poll request
            poll_request = tm11.PollRequest(
                tm11.generate_message_id(),
                collection_name=feed,
                poll_parameters=params,
                exclusive_begin_timestamp_label=inc_start,
                inclusive_end_timestamp_label=inc_end)
            poll_xml = poll_request.to_xml()

            # Get the TAXII poll response
            http_resp = client.call_taxii_service2(taxii_server, taxii_service,
                                                   VID_TAXII_XML_11, poll_xml)
            taxii_message = t.get_message_from_http_response(
                http_resp, poll_request.message_id)

            # Write each content block from the TAXII poll response to the "path" directory.
            for cb in taxii_message.content_blocks:
                #filename = gen_filename(taxii_message.collection_name, 'FSISAC_STIX111_', cb.timestamp_label.isoformat(), '.xml')
                filename = gen_filename('FSISAC', '_STIX111_',
                                        cb.timestamp_label.isoformat(), '.xml')

                with open(STIX_DOWNLOADED_PATH + "/" + filename,
                          'w') as outfile:
                    outfile.write(cb.content)

                print "Written to %s" % filename

            # Increment to the next day in the specified date range.
            inc_start = inc_start + datetime.timedelta(days=1)
            inc_end = inc_end + datetime.timedelta(days=1)