def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'IP': e = IPv4Address(observable.get('value')) e += Label('IP Address', observable.get('value')) if observable.get('port'): e += Label('Port', observable.get('port')) if upper(observable.get('location', dict()).get('city')) != 'UNDEFINED_GEO_LOCATION_STRING': e += Label('Location', '<br/>'.join(['{}:{}'.format(encode_to_utf8(k), encode_to_utf8(v)) for k, v in observable.get('location', dict()).iteritems()])) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'REGISTRY_KEY': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 e = RegistryKey(observable.get('value'), weight=weight) # TODO : Verify this # e.name = observable.get('name') e.value = observable.get('value') # TODO : Verify this # e.action = observable.get('action', dict()).get('displayName') e.hive = observable.get('hive') e.key = observable.get('key') # TODO : Verify this # e.data = registryKeyValues # e.rtype = type e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'FILE_HASH': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 filehashes = observable.get('fileHashes', list()) for filehash in filehashes: e = FileHash(filehash.get('value'), weight=weight) e.name = observable.get('name') e.value = filehash.get('value') e.htype = filehash.get('type') e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'URI': e = URL(observable.get('value')) e.url = observable.get('value') e += Label('URI', observable.get('value')) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'IP': e = IPv4Address(observable.get('value')) e += Label('IP Address', observable.get('value')) if observable.get('port'): e += Label('Port', observable.get('port')) if upper( observable.get('location', dict()).get('city') ) != 'UNDEFINED_GEO_LOCATION_STRING': e += Label( 'Location', '<br/>'.join([ '{}:{}'.format(encode_to_utf8(k), encode_to_utf8(v)) for k, v in observable.get( 'location', dict()).iteritems() ])) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get( 'type', dict()).get('value')) == 'FILE_HASH': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 filehashes = observable.get('fileHashes', list()) for filehash in filehashes: e = FileHash(filehash.get('value'), weight=weight) #e.name = observable.get('name') e.value = filehash.get('value') e.htype = filehash.get('type') e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get( 'type', dict()).get('value')) == 'REGISTRY_KEY': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 e = RegistryKey(observable.get('value'), weight=weight) # TODO : Verify this # e.name = observable.get('name') e.value = observable.get('value') # TODO : Verify this # e.action = observable.get('action', dict()).get('displayName') e.hive = observable.get('hive') e.key = observable.get('key') # TODO : Verify this # e.data = registryKeyValues # e.rtype = type e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response