def retrieve_attack_as_list(): server = Server("https://cti-taxii.mitre.org/taxii/") api_root = server.api_roots[0] for collection in api_root.collections: logging.info(collection.title + ":" + collection.id) attack = {} collection = Collection( "https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/" ) tc_source = TAXIICollectionSource(collection) filter_objs = { "techniques": Filter("type", "=", "attack-pattern"), "mitigations": Filter("type", "=", "course-of-action"), "groups": Filter("type", "=", "intrusion-set"), "malware": Filter("type", "=", "malware"), "tools": Filter("type", "=", "tool"), "relationships": Filter("type", "=", "relationship") } techniques = tc_source.query(filter_objs['techniques']) all_keys = gather_keys(techniques) parsed_techniques = [] for technique in techniques: parsed_technique = flatten_technique(technique, all_keys) parsed_techniques = parsed_techniques + parsed_technique return parsed_techniques
def main(): #DEBUGGING -- using the taxii2client instead of cabby. server = Server('http://otx.alienvault.com/taxii/discovery', 'emf65', 'password') #DEBUGGING -- print server information to console print(server.title)
def connect_server(self, url=None): """ Allow user to specify what url to use :param url: :return: """ server_url = MITRE_URL if url is None else url self.attack_server = Server(server_url) api_root = self.attack_server.api_roots[0] for collection in api_root.collections: self.collection_dict[collection.title] = collection
def connect_server(self, url=None): """ Allow user to specify what url to use :param url: :return: """ server_url = MITRE_TAXII_URL if url is None else url self.attack_server = Server(server_url) api_root = self.attack_server.api_roots[0] # CompositeSource to query all the collections at once c_sources = [ TAXIICollectionSource(collection) for collection in api_root.collections ] self.composite_ds = CompositeDataSource() self.composite_ds.add_data_sources(c_sources)
def _get_collection_url(server_url): server = Server(server_url) api_root = server.api_roots[0] collections = list(api_root.collections) print('{0:s} has {1:d} collections: '.format(server_url, len(collections))) for index, collection in enumerate(collections): print("[{0:d}] {1:s}: {2:s}".format(index, collection.title, collection.id)) collection_url = None while not collection_url: choice = input('Pick one: ') try: collection_url = collections[int(choice)].url except (ValueError, IndexError): print('Please specify a number from 0 to {0:d}'.format(len(collections))) return collection_url
def get_taxii_collection_source(cls): # あらかじめ ATT&CK の TAXIICOllectionSourceを取得する try: proxies = System.get_request_proxies() attck_txs = Server("%s/taxii/" % (cls.ATT_CK_TAXII_SERVER), proxies=proxies) api_root = attck_txs.api_roots[0] for collection in api_root.collections: if collection.title == cls.COLLCETION_TITLE: collection = Collection( "%s/stix/collections/%s/" % (cls.ATT_CK_TAXII_SERVER, collection.id), proxies=proxies) return TAXIICollectionSource(collection) return None except Exception: import traceback traceback.print_exc() return None
def __init__(self, source='taxii', local=None): """ Initialization - Creates a matrix generator object :param server: Source to utilize (taxii or local) :param local: string path to local cache of stix data """ self.convert_data = {} if source.lower() not in ['taxii', 'local']: print( '[MatrixGen] - Unable to generate matrix, source {} is not one of "taxii" or "local"' .format(source)) raise ValueError if source.lower() == 'taxii': self.server = Server('https://cti-taxii.mitre.org/taxii') self.api_root = self.server.api_roots[0] self.collections = dict() for collection in self.api_root.collections: if collection.title != "PRE-ATT&CK": tc = Collection( 'https://cti-taxii.mitre.org/stix/collections/' + collection.id) self.collections[collection.title.split(' ') [0].lower()] = TAXIICollectionSource(tc) elif source.lower() == 'local': if local is not None: hd = MemoryStore() if 'mobile' in local.lower(): self.collections['mobile'] = hd.load_from_file(local) else: self.collections['enterprise'] = hd.load_from_file(local) else: print( '[MatrixGen] - "local" source specified, but path to local source not provided' ) raise ValueError self.matrix = {} self._build_matrix()
from stix2 import TAXIICollectionSource, Filter from taxii2client import Server, Collection # Instantiate server and get API Root taxi_server = Server("https://cti-taxii.mitre.org/taxii/") api_root = taxi_server.api_roots[0] # Print name and ID of all ATT&CK technology-domains available as collections for collection in api_root.collections: print(collection.title + ": " + collection.id) # Initialize dictionary to hold Enterprise ATT&CK content attack_dict = {} attack_stix_root_url = "https://cti-taxii.mitre.org/stix/collections/" attack_enterprise = attack_stix_root_url + api_root.collections[0].id print(attack_enterprise) #Establish TAXII2 Collection instance for Enterprise ATT&CK collection collection = Collection(attack_enterprise) #Supply the collection to TAXIICollection
from taxii2client import Server from stix2 import CustomObject, properties, TAXIICollectionSource from taxii2client import Collection from stix2 import Filter import sys discovery_url = sys.argv[1] poll_url = sys.argv[2] #descovery server = Server(discovery_url, 'user1', 'Password1') print(server.title) #poll collection = Collection(poll_url, 'user1', 'Password1') tc_source = TAXIICollectionSource(collection) f1 = Filter("type", "=", "indicator") indicators = tc_source.query([f1]) for indicator in indicators: print(indicator)
#!/usr/bin/env python3 import json from taxii2client import Server discovery="http://taxii.digitalside.it/taxii" username="******" password="******" server = Server(discovery, user=username, password=password) api_root = server.api_roots[0] collection = api_root.collections[0] test = collection.get_objects() print(json.dumps(test, indent=4, sort_keys=True))
def get_server(self): server_url = urljoin(self.base_url, '/taxii/') self.server = Server(server_url, verify=self.verify, proxies=self.proxies)
# https://medium.com/mitre-attack/att-ck-content-available-in-stix-2-0-via-public-taxii-2-0-server-317e5c41e214 # # Need pip install stix2 # pip install taxii2-client # # # Debugging tool to list out all the items # Example: # python list from stix2 import TAXIICollectionSource, Filter from taxii2client import Server from proxies import get_proxies server = Server("https://cti-taxii.mitre.org/taxii/", proxies=get_proxies()) api_root = server.api_roots[0] # # Three collections: Enterprise ATT&CK, PRE-ATT&CK, MOBILE # for collection in api_root.collections: print(collection.title + ": " + collection.id) #collection = Collection("https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/") # Supply the collection to TAXIICollection tc_source = TAXIICollectionSource(collection) # Create filters to retrieve content from Enterprise ATT&CK filter_objs = {
def server(): """Default server object for example.com""" return Server(DISCOVERY_URL)
import os import requests import re from shutil import rmtree from taxii2client import Server FEEDS = ["CVE", "CWE", "CAPEC", "MISP", "ATTACK"] MITRE_STIX = "https://cti-taxii.mitre.org/stix/collections/" MITRE_TAXII = Server("https://cti-taxii.mitre.org/taxii/") API_ROOT = MITRE_TAXII.api_roots[0] NVD_FEED = 'https://nvd.nist.gov/vuln/data-feeds#JSON_FEED' NVD_REGEX = 'nvdcve-1.1-[0-9]*\.json\.zip' NVD = 'https://nvd.nist.gov/feeds/json/cve/1.1/' CWE = 'https://cwe.mitre.org/data/xml/views/' CAPEC = 'https://capec.mitre.org/data/xml/views/' CIRCL_API = 'https://cve.circl.lu/api/' MISP_GALAXY = 'https://raw.githubusercontent.com/MISP/misp-galaxy/master/clusters/' MISP_THREAT_ACTOR = 'threat-actor.json' ATTACK_TEACHER = 'https://raw.githubusercontent.com/TravisFSmith/mitre_attack/master/teaching/All.json' RED = '#fc3b3b' ORANGE = '#fd8d3c' YELLOW = '#fce93b' GREEN = '#31a354' BLUE = '#3182bd'
def make_limo_taxii_client(): s = Server("https://limo.anomali.com/api/v1/taxii2/taxii/", user='******', password='******') return s
def make_mitre_taxii_client(): s = Server("https://cti-taxii.mitre.org/taxii/") return s
def server(): """Default server object for example.com""" return Server(DISCOVERY_URL, user="******", password="******")
from taxii2client import Server, Collection, ApiRoot, Status import json from datetime import datetime import dateutil.parser def manifest_find_object_by_id(manifest, id): for obj in manifest['objects']: if id in obj['id']: return obj return None if __name__ == "__main__": server = Server('http://localhost:8090/taxii', user='******', password='******') print("Server title : %s" % server.title) collection = Collection( 'http://localhost:8090/demo_api/collections/7d9a78b8-46f6-4b88-98c5-595f54251e21', user='******', password='******') print('Description : %s' % collection.description) with open('apt1.json', encoding='utf-8') as json_file: stix_bundle = json.load(json_file) print('JSON file :') print('description : %s' % stix_bundle['type']) print('Objects included : %d' % len(stix_bundle['objects']))