Beispiel #1
0
def get_attach_stix2_bundle(
    tlp,
    referred_url,
    sharing_range,
    request_file,
    stip_user=None
):

    # S-TIP Identity 作成する
    individual_identity = _get_individual_identity(stip_user)
    organization_identity = _get_organization_identity(stip_user)
    # x_stip_sns_author
    x_stip_sns_author = _get_x_stip_sns_author(stip_user)

    # x_stip_sns_identity
    x_stip_sns_identity = _get_x_stip_sns_identity()
    # x_stip_sns_tool
    x_stip_sns_tool = _get_x_stip_sns_tool()
    # TLP marking_object 取得
    tlp_marking_object = _get_tlp_markings(tlp)
    # 共通 lang
    common_lang = stip_user.language

    title = request_file.name
    content = 'File "%s" encoded in BASE64.' % (request_file.name)
    x_stip_sns_attachment = _get_x_stip_sns_attachment(request_file)

    # x_stip_sns_post
    x_stip_sns_post = _get_x_stip_sns_post(
        title,
        content,
        tlp,
        sharing_range,
        referred_url)

    stip_sns = StipSns(
        lang=common_lang,
        object_marking_refs=[tlp_marking_object],
        created_by_ref=individual_identity,
        name=title,
        description=content,
        x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT,
        x_stip_sns_author=x_stip_sns_author,
        x_stip_sns_post=x_stip_sns_post,
        x_stip_sns_attachment=x_stip_sns_attachment,
        x_stip_sns_identity=x_stip_sns_identity,
        x_stip_sns_tool=x_stip_sns_tool)

    # bundle 作成
    bundle = Bundle(
        individual_identity,
        tlp_marking_object,
        stip_sns)
    if organization_identity:
        bundle.objects.append(organization_identity)
    return bundle, stip_sns.id
Beispiel #2
0
def get_like_stix2_bundle(
    x_stip_sns_object_ref,
    x_stip_sns_object_ref_version,
    like,
    tlp,
    stip_user=None
):

    # S-TIP Identity 作成する
    individual_identity = _get_individual_identity(stip_user)
    organization_identity = _get_organization_identity(stip_user)
    # x_stip_sns_author
    x_stip_sns_author = _get_x_stip_sns_author(stip_user)
    # x_stip_sns_identity
    x_stip_sns_identity = _get_x_stip_sns_identity()
    # x_stip_sns_tool
    x_stip_sns_tool = _get_x_stip_sns_tool()
    # TLP marking_object 取得
    tlp_marking_object = _get_tlp_markings(tlp)
    # 共通 lang
    common_lang = stip_user.language

    if like:
        # like -> unlike
        x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_UNLIKE
        title = 'Unlike to %s' % (x_stip_sns_object_ref)
        description = 'Unlike to %s' % (x_stip_sns_object_ref)
    else:
        # unlike -> like
        x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_LIKE
        title = 'Like to %s' % (x_stip_sns_object_ref)
        description = 'Like to %s' % (x_stip_sns_object_ref)

    stip_sns = StipSns(
        lang=common_lang,
        object_marking_refs=[tlp_marking_object],
        created_by_ref=individual_identity,
        name=title,
        description=description,
        x_stip_sns_type=x_stip_sns_type,
        x_stip_sns_author=x_stip_sns_author,
        x_stip_sns_object_ref=x_stip_sns_object_ref,
        x_stip_sns_object_ref_version=x_stip_sns_object_ref_version,
        x_stip_sns_identity=x_stip_sns_identity,
        x_stip_sns_tool=x_stip_sns_tool)

    # bundle 作成
    bundle = Bundle(
        individual_identity,
        tlp_marking_object,
        stip_sns)
    if organization_identity:
        bundle.objects.append(organization_identity)
    return bundle
Beispiel #3
0
def _get_attach_stix2_bundle(stip_sns, tlp_marking_object, feed_file):
    title = feed_file
    content = 'File "%s" encoded in BASE64.' % (feed_file.file_name)
    x_stip_sns_attachment = _get_x_stip_sns_attachment(feed_file)

    stip_sns = StipSns(
        lang=stip_sns.lang,
        object_marking_refs=[tlp_marking_object],
        created_by_ref=stip_sns.created_by_ref,
        name=title,
        description=content,
        x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT,
        x_stip_sns_author=stip_sns.x_stip_sns_author,
        x_stip_sns_attachment=x_stip_sns_attachment,
        x_stip_sns_identity=stip_sns.x_stip_sns_identity,
        x_stip_sns_tool=stip_sns.x_stip_sns_tool)
    return stip_sns
Beispiel #4
0
def get_comment_stix2_bundle(x_stip_sns_object_ref,
                             x_stip_sns_object_ref_version,
                             description,
                             tlp,
                             stip_user=None):

    # S-TIP Identity 作成する
    individual_identity = _get_individual_identity(stip_user)
    organization_identity = _get_organization_identity(stip_user)
    # x_stip_sns_author
    x_stip_sns_author = _get_x_stip_sns_author(stip_user)
    # x_stip_sns_identity
    x_stip_sns_identity = _get_x_stip_sns_identity()
    # x_stip_sns_tool
    x_stip_sns_tool = _get_x_stip_sns_tool()
    # TLP marking_object 取得
    tlp_marking_object = _get_tlp_markings(tlp)
    # 共通 lang
    common_lang = stip_user.language

    title = 'Comment to %s' % (x_stip_sns_object_ref)
    stip_sns = StipSns(
        lang=common_lang,
        object_marking_refs=[tlp_marking_object],
        created_by_ref=individual_identity,
        name=title,
        description=description,
        x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_COMMENT,
        x_stip_sns_author=x_stip_sns_author,
        x_stip_sns_object_ref=x_stip_sns_object_ref,
        x_stip_sns_object_ref_version=x_stip_sns_object_ref_version,
        x_stip_sns_identity=x_stip_sns_identity,
        x_stip_sns_tool=x_stip_sns_tool)

    # bundle 作成
    bundle = Bundle(individual_identity, tlp_marking_object, stip_sns)
    if organization_identity:
        bundle.objects.append(organization_identity)
        bundle.objects.append(
            _get_relationship_between_individual_to_organization(
                individual_identity, organization_identity))
    return bundle
Beispiel #5
0
def get_post_stix2_bundle(indicators,
                          ttps,
                          tas,
                          title,
                          content,
                          tlp,
                          referred_url,
                          sharing_range,
                          stix2_titles=[],
                          stix2_contents=[],
                          x_stip_sns_attachment_refs=None,
                          stip_user=None):

    # S-TIP Identity 作成する
    individual_identity = _get_individual_identity(stip_user)
    organization_identity = _get_organization_identity(stip_user)

    # x_stip_sns_author
    x_stip_sns_author = _get_x_stip_sns_author(stip_user)

    # x_stip_sns_post
    x_stip_sns_post = _get_x_stip_sns_post(title, content, tlp, sharing_range,
                                           referred_url)

    # x_stip_sns_object_ref
    x_stip_sns_object_ref = None
    # x_stip_sns_tags
    x_stip_sns_tags = None
    # x_stip_sns_indicators
    x_stip_sns_indicators = None
    # x_stip_sns_identity
    x_stip_sns_identity = _get_x_stip_sns_identity()
    # x_stip_sns_tool
    x_stip_sns_tool = _get_x_stip_sns_tool()

    # Report Object 用 object_refs
    report_object_refs = []

    # TLP marking_object 取得
    tlp_marking_object = _get_tlp_markings(tlp)

    # bundle 作成
    bundle = Bundle(individual_identity, tlp_marking_object)
    if organization_identity:
        bundle.objects.append(organization_identity)
        bundle.objects.append(
            _get_relationship_between_individual_to_organization(
                individual_identity, organization_identity))

    # objects に Vulnerability 追加
    for ttp in ttps:
        vulnerablity_object = _get_vulnerability_object(
            ttp, individual_identity, tlp_marking_object)
        bundle.objects.append(vulnerablity_object)
        report_object_refs.append(vulnerablity_object)

    # objects に ThreatActor 追加
    for ta in tas:
        ta_object = _get_threat_actor_object(ta, individual_identity,
                                             tlp_marking_object)
        bundle.objects.append(ta_object)
        report_object_refs.append(ta_object)

    # objects に Indicator 追加
    for indicator in indicators:
        indicator_o = _get_indicator_object(indicator, individual_identity,
                                            tlp_marking_object)
        if indicator_o is not None:
            bundle.objects.append(indicator_o)
            report_object_refs.append(indicator_o)

    # 共通 lang
    common_lang = stip_user.language
    # Report と StipSns に格納する granular_markings を取得する
    if len(stix2_titles) > 0 and len(stix2_contents) > 0:
        granular_markings = _make_granular_markings(stix2_titles[0],
                                                    stix2_contents[0],
                                                    stip_user.language)
    else:
        granular_markings = None

    # StipSns Object (Custom Object)
    stip_sns = StipSns(lang=common_lang,
                       granular_markings=granular_markings,
                       object_marking_refs=[tlp_marking_object],
                       created_by_ref=individual_identity,
                       name=title,
                       description=content,
                       x_stip_sns_type='post',
                       x_stip_sns_author=x_stip_sns_author,
                       x_stip_sns_post=x_stip_sns_post,
                       x_stip_sns_attachment_refs=x_stip_sns_attachment_refs,
                       x_stip_sns_object_ref=x_stip_sns_object_ref,
                       x_stip_sns_tags=x_stip_sns_tags,
                       x_stip_sns_indicators=x_stip_sns_indicators,
                       x_stip_sns_identity=x_stip_sns_identity,
                       x_stip_sns_tool=x_stip_sns_tool)
    report_object_refs.append(stip_sns)
    bundle.objects.append(stip_sns)

    # ReportObject
    published = format_stix2_datetime(datetime.datetime.now(tz=pytz.utc))
    report = Report(lang=common_lang,
                    granular_markings=granular_markings,
                    object_marking_refs=[tlp_marking_object],
                    name=title,
                    description=content,
                    created_by_ref=individual_identity,
                    published=published,
                    report_types=['threat-report'],
                    object_refs=report_object_refs)
    bundle.objects.append(report)

    # language-content 作成
    if granular_markings is None:
        # S-TIP オブジェクト用の language-content 作成
        language_contents = _get_language_contents(stix2_titles,
                                                   stix2_contents)
        if common_lang in language_contents:
            del language_contents[common_lang]

        if language_contents != {}:
            s_tip_lc = LanguageContent(created_by_ref=individual_identity,
                                       object_ref=stip_sns,
                                       object_modified=stip_sns.created,
                                       contents=language_contents)
            bundle.objects.append(s_tip_lc)

            # Report オブジェクト用の language-content 作成
            report_lc = LanguageContent(object_ref=report,
                                        created_by_ref=individual_identity,
                                        object_modified=report.created,
                                        contents=language_contents)
            bundle.objects.append(report_lc)
    return bundle