Ejemplo n.º 1
0
def main():
    mydata = loaddata()
    '''
    Your Namespace
    '''
    #    NAMESPACE = {sanitizer(mydata["NSXURL"]) : (mydata["NS"])}
    #    set_id_namespace(NAMESPACE)
    NAMESPACE = Namespace(sanitizer(mydata['NSXURL']), sanitizer(mydata['NS']))
    set_id_namespace(NAMESPACE)  # new ids will be prefixed by "myNS"

    wrapper = STIXPackage()
    info_src = InformationSource()
    info_src.identity = Identity(name=sanitizer(mydata["Identity"]))

    marking_specification = MarkingSpecification()
    marking_specification.controlled_structure = "//node() | //@*"
    tlp = TLPMarkingStructure()
    tlp.color = sanitizer(mydata["TLP_COLOR"])
    marking_specification.marking_structures.append(tlp)

    handling = Marking()
    handling.add_marking(marking_specification)

    timestamp = datetime.datetime.fromtimestamp(
        time.time()).strftime('%Y-%m-%d %H:%M:%S')
    MyTITLE = sanitizer(mydata["Title"])
    SHORT = timestamp

    DESCRIPTION = sanitizer(mydata["Description"])

    wrapper.stix_header = STIXHeader(information_source=info_src,
                                     title=MyTITLE,
                                     description=DESCRIPTION,
                                     short_description=SHORT)
    wrapper.stix_header.handling = handling

    indiDom = Indicator()
    indiDom.title = MyTITLE
    indiDom.add_indicator_type("IP Watchlist")

    for key in mydata["IOC"].keys():
        myip = Address(address_value=sanitizer(key), category=Address.CAT_IPV4)
        myip.condition = "Equals"

        obsu = Observable(myip)

        #if mydata[key].size:
        for idx, mydata["IOC"][key] in enumerate(mydata["IOC"][key]):
            ioc = File()
            ioc.add_hash(sanitizer(mydata["IOC"][key]))

            myip.add_related(ioc, "Downloaded")

        indiDom.add_observable(obsu)

    wrapper.add_indicator(indiDom)

    print(wrapper.to_xml())
Ejemplo n.º 2
0
def main():
    NS = cybox.utils.Namespace("http://example.com/", "example")
    cybox.utils.set_id_namespace(NS)

    # �I�u�W�F�N�g�̍쐬�iEmailMesage)
    m = EmailMessage()
    # �I�u�W�F�N�g�Ɋ֘A�t��
    m.to = ["*****@*****.**", "*****@*****.**"]
    m.from_ = "*****@*****.**"
    m.subject = "New modifications to the specification"

    # �I�u�W�F�N�g�̍쐬�iAdress)
    a = Address("192.168.1.1", Address.CAT_IPV4)

    # �I�u�W�F�N�g�Ԃ̊֘A
    m.add_related(a, "Received_From", inline=False)
    a.add_related(m, "Received_to", inline=False)

    print Observables([m, a]).to_xml()