Python Indicator.add_description Beispiele

Beispiel #1

Datei: convert_stix.py Projekt: sroy8091/cti-stix-slider

def convert_indicator(indicator20):
    indicator1x = Indicator(id_=convert_id20(indicator20["id"]),
                            timestamp=text_type(indicator20["modified"]))
    if "name" in indicator20:
        indicator1x.title = indicator20["name"]
    if "description" in indicator20:
        indicator1x.add_description(indicator20["description"])
    indicator1x.indicator_types = convert_open_vocabs_to_controlled_vocabs(
        indicator20["labels"], INDICATOR_LABEL_MAP)
    indicator1x.add_valid_time_position(
        convert_to_valid_time(
            text_type(indicator20["valid_from"]),
            text_type(indicator20["valid_until"])
            if "valid_until" in indicator20 else None))
    indicator1x.add_observable(
        create_pattern_object(
            indicator20["pattern"]).toSTIX1x(id20=indicator20["id"]))
    if "kill_chain_phases" in indicator20:
        process_kill_chain_phases(indicator20["kill_chain_phases"],
                                  indicator1x)
    if "object_marking_refs" in indicator20:
        for m_id in indicator20["object_marking_refs"]:
            ms = create_marking_specification(m_id)
            if ms:
                CONTAINER.add_marking(indicator1x, ms, descendants=True)
    if "granular_markings" in indicator20:
        error(
            "Granular Markings present in '%s' are not supported by stix2slider",
            604, indicator20["id"])
    record_id_object_mapping(indicator20["id"], indicator1x)
    return indicator1x

Beispiel #2

    def generate_indicators(self, count):
        '''Generate a list of STIX Indicators'''
        indicators = []
        for i in range(0, count):
            indicator = Indicator(title='Multiple indicator types')
            indicator.set_producer_identity(Identity(name='Secret Source'))
            indicator.set_produced_time(datetime.today())
            indicator.add_indicator_type(choice(['Malware Artifacts', 'C2', 'Exfiltration']))
            indicator.add_short_description('Short description...')
            indicator.add_description('Long description...')
            indicator.confidence = Confidence(choice(['High', 'Medium', 'Low', 'None', 'Unknown']))
            kill_chain_phase = choice(LMCO_KILL_CHAIN_PHASES)
            indicator.kill_chain_phases = KillChainPhasesReference(
                [KillChainPhaseReference(name=kill_chain_phase.name)])
            ips = self.gen_ips(randint(0, 5))
            for ip in ips:
                indicator.add_observable(ip)

            # user_agents = self.gen_user_agents(randint(0, 5))
            # for ua in user_agents:
            #     indicator.add_observable(ua)

            # fqnds = self.gen_fqdns(randint(0, 5))
            # for f in fqnds:
            #     indicator.add_observable(f)

            # urls = self.gen_urls(randint(0, 5))
            # for u in urls:
            #     indicator.add_observable(u)

            indicators.append(indicator)

        return indicators