Beispiel #1
0
 def _make_stix_package(self, origin_feed, post, creator=None):
     # package ID作成
     package_id = self.generator.create_id(prefix='Package')
     # package作成
     stix_package = STIXPackage(id_=package_id)
     stix_package.timestamp = datetime.datetime.now(tz=pytz.timezone(origin_feed.user.timezone))
     # header格納
     stix_package.stix_header = self._get_stix_header(origin_feed, post, creator)
     # Comment元の Feed の Package ID を Related Package に追加する
     stix_package.add_related_package(origin_feed.package_id)
     return stix_package
Beispiel #2
0
    def _make_stix_package(self, feed, indicators=[], ttps=[], tas=[]):
        user_timezone = pytz.timezone(feed.user.timezone)
        # package ID作成
        package_id = self.generator.create_id(prefix='Package')

        # package作成
        stix_package = STIXPackage(id_=package_id)
        stix_package.timestamp = datetime.datetime.now(tz=user_timezone)

        # header格納
        stix_package.stix_header = self._get_stix_header(feed)

        # indicators 格納
        # web 画面から取得した indicators (json) から stix indicators 作成する
        stix_indicators = Indicators()
        for indicator_json in indicators:
            indicator = CommonExtractor.get_indicator_from_json(
                indicator_json, user_timezone)
            if indicator is not None:
                stix_indicators.append(indicator)
        stix_package.indicators = stix_indicators

        # ExploitTargets格納
        stix_exploit_targets = ExploitTargets()
        for ttp_json in ttps:
            et = CommonExtractor.get_exploit_target_from_json(ttp_json)
            if et is not None:
                stix_exploit_targets.append(et)
        stix_package.exploit_targets = stix_exploit_targets

        # ThreatActors 格納
        for ta_json in tas:
            value = ta_json['value']
            if SNSConfig.get_cs_custid(
            ) is not None and SNSConfig.get_cs_custkey() is not None:
                ta = self.get_ta_from_crowd_strike(value)
                if ta is None:
                    # ATT&CK から ThreatActor 取得する
                    ta = self.get_ta_from_attck(value)
            else:
                ta = self.get_ta_from_attck(value)
            stix_package.add_threat_actor(ta)

        # 添付ファイル用の STIX 作成する
        for file_ in feed.files.all():
            attach_file_stix_package = self._make_stix_package_for_attached_file(
                file_, feed)
            self.attachment_files.append(attach_file_stix_package)
            # 添付ファイル用の STIX を Related Pacakge に追加する
            stix_package.add_related_package(attach_file_stix_package.id_)
        return stix_package