def add_analyst_item(analyst_item, incident): insrc = InformationSource() analyst_identity = CIQIdentity3_0Instance() identity_spec = STIXCIQIdentity3_0() analyst_identity.specification = identity_spec if analyst_item: partyName = PartyName() partyName.add_name_line(analyst_item) identity_spec.party_name = partyName insrc.identity = analyst_identity incident.reporter = insrc
def add_victim_item(victim_item, incident): global targets_item victim_identity = CIQIdentity3_0Instance() identity_spec = STIXCIQIdentity3_0() victim_identity.specification = identity_spec if targets_item: for item in targets_item: victim_identity.add_role(item) country_item = victim_item.get('country') if not country_item: error("Required 'country' item is missing in 'victim' item") else: for c in country_item: address = Address() address.country = Country() address.country.add_name_element(c) state_item = victim_item.get('state') if state_item: address.administrative_area = AdministrativeArea() address.administrative_area.add_name_element(state_item) identity_spec.add_address(address) # no organisationInfo details - https://github.com/STIXProject/python-stix/issues/108 if victim_item.get("employee_count"): warn("'victim/employee_count' item not handled, yet") if victim_item.get("industry"): warn("'victim/industry' item not handled, yet") if victim_item.get("revenue"): warn("'victim/revenue' item not handled, yet") victim_id_item = victim_item.get('victim_id') if victim_id_item: partyName = PartyName() # id might be inappropriate for name partyName.add_name_line(victim_id_item) identity_spec.party_name = partyName incident.add_victim(victim_identity)