def to_obj(self, return_obj=None, ns_info=None):
self._collect_ns_info(ns_info)
observable_list = [x.to_obj(ns_info=ns_info) for x in self.observables]
return core_binding.ObservableCompositionType(
operator = self._operator,
Observable=observable_list)
def process_indicator(indicator,
observables,
observable_composition,
top_level=True,
embed_observables=False):
if test_compatible_indicator(indicator):
#Dictionary for keeping track of indicatoritems without IDs
indicatoritem_dict = {}
current_composition = None
if not top_level:
observable = cybox_binding.ObservableType(
id='openioc:indicator-' + normalize_id(indicator.get_id()))
nested_observable_composition = cybox_binding.ObservableCompositionType(
operator=indicator.get_operator())
observable.set_Observable_Composition(
nested_observable_composition)
observable_composition.add_Observable(observable)
current_composition = nested_observable_composition
elif top_level:
current_composition = observable_composition
for indicator_item in indicator.get_IndicatorItem():
observable_obj = process_indicator_item(indicator_item,
observables,
indicatoritem_dict)
if observable_obj:
if embed_observables:
current_composition.add_Observable(observable_obj)
else:
if indicator_item.get_id() is not None:
observable = cybox_binding.ObservableType(
idref='openioc:indicator-item-' +
normalize_id(indicator_item.get_id()))
else:
observable = cybox_binding.ObservableType(
idref=indicatoritem_dict.get(
get_indicatoritem_string(indicator_item)))
observables.add_Observable(observable_obj)
current_composition.add_Observable(observable)
#Recurse as needed to handle embedded indicators
for embedded_indicator in indicator.get_Indicator():
process_indicator(embedded_indicator, observables,
current_composition, False, embed_observables)
else:
return False
return True
def generate_cybox(indicators, infilename, embed_observables):
#Create the core CybOX structure
observables = cybox_binding.ObservablesType()
#Set the description if it exists
description = None
if indicators.get_description() != None:
description = indicators.get_description()
elif indicators.get_short_description != None:
description = indicators.get_short_description()
indicator_definition = indicators.get_definition()
for indicator in indicator_definition.get_Indicator():
#Create the 'indicator' observable for holding the boolean indicator logic
id_string = ''
if indicator.get_id() is not None:
id_string = 'openioc:indicator-' + normalize_id(indicator.get_id())
else:
id_string = 'openioc:indicator-' + generate_observable_id()
indicator_observable = cybox_binding.ObservableType(id=id_string)
#Set the title as appropriate
if description != None:
indicator_observable.set_Title(description)
#Set observable source to IOC
observable_source = cybox_common_binding.MeasureSourceType()
observable_source_description = cybox_common_binding.StructuredTextType(
)
observable_source_description.set_valueOf_(
'OpenIOC File: ' + os.path.basename(infilename))
observable_source.set_Description(observable_source_description)
indicator_observable.set_Observable_Source(observable_source)
composition = cybox_binding.ObservableCompositionType(
operator=indicator.get_operator())
#Process the indicator, including any embedded indicators
if process_indicator(indicator, observables, composition, True,
embed_observables):
indicator_observable.set_Observable_Composition(composition)
observables.add_Observable(indicator_observable)
else:
#IOC had no indicator items compatible with CybOX
return None
return observables
def to_obj(self):
observable_list = [x.to_obj() for x in self.observables]
return core_binding.ObservableCompositionType(
operator = self._operator,
Observable=observable_list)
