def test_feed_information_response1(self):
push_method1 = tm10.PushMethod(
push_protocol=t.VID_TAXII_HTTP_10, # Required
push_message_bindings=[t.VID_TAXII_XML_10]) # Required
polling_service1 = tm10.PollingServiceInstance(
poll_protocol=t.VID_TAXII_HTTP_10, # Required
poll_address='http://example.com/PollService/', # Required
poll_message_bindings=[t.VID_TAXII_XML_10]) # Required
subscription_service1 = tm10.SubscriptionMethod(
subscription_protocol=t.VID_TAXII_HTTP_10, # Required
subscription_address='http://example.com/SubsService/', # Required
subscription_message_bindings=[t.VID_TAXII_XML_10]) # Required
feed1 = tm10.FeedInformation(
feed_name='Feed1', # Required
feed_description='Description of a feed', # Required
supported_contents=[t.CB_STIX_XML_10], # Required. List of supported content binding IDs
available=True, # Optional. Defaults to None (aka Unknown)
push_methods=[push_method1], # Required if there are no polling_services. Optional otherwise
polling_service_instances=[polling_service1], # Required if there are no push_methods. Optional otherwise.
subscription_methods=[subscription_service1]) # Optional
feed_information_response1 = tm10.FeedInformationResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request
feed_informations=[feed1]) # Optional
round_trip_message(feed_information_response1)
def test_feed_information_response1(self):
push_method1 = tm10.FeedInformationResponse.FeedInformation.PushMethod(
push_protocol=t.VID_TAXII_HTTP_10, # Required
push_message_bindings=[t.VID_TAXII_XML_10]) # Required
polling_service1 = tm10.FeedInformationResponse.FeedInformation.PollingServiceInstance(
poll_protocol=t.VID_TAXII_HTTP_10, # Required
poll_address='http://example.com/PollService/', # Required
poll_message_bindings=[t.VID_TAXII_XML_10]) # Required
subscription_service1 = tm10.FeedInformationResponse.FeedInformation.SubscriptionMethod(
subscription_protocol=t.VID_TAXII_HTTP_10, # Required
subscription_address='http://example.com/SubsService/', # Required
subscription_message_bindings=[t.VID_TAXII_XML_10]) # Required
feed1 = tm10.FeedInformationResponse.FeedInformation(
feed_name='Feed1', # Required
feed_description='Description of a feed', # Required
supported_contents=[t.CB_STIX_XML_10], # Required. List of supported content binding IDs
available=True, # Optional. Defaults to None (aka Unknown)
push_methods=[push_method1], # Required if there are no polling_services. Optional otherwise
polling_service_instances=[polling_service1], # Required if there are no push_methods. Optional otherwise.
subscription_methods=[subscription_service1]) # Optional
feed_information_response1 = tm10.FeedInformationResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request
feed_informations=[feed1]) # Optional
round_trip_message(feed_information_response1)
def test_feed_information_response_deprecated(self):
# Test nested-class forms:
# FeedInformationResponse.FeedInformation
# FeedInformationResponse.FeedInformation.PushMethod
# FeedInformationResponse.FeedInformation.PollingServiceInstance
# FeedInformationResponse.FeedInformation.SubscriptionMethod
push_method1 = tm10.FeedInformationResponse.FeedInformation.PushMethod(
push_protocol=t.VID_TAXII_HTTP_10,
push_message_bindings=[t.VID_TAXII_XML_10])
polling_service1 = tm10.FeedInformationResponse.FeedInformation.PollingServiceInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/PollService/',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription_service1 = tm10.FeedInformationResponse.FeedInformation.SubscriptionMethod(
subscription_protocol=t.VID_TAXII_HTTP_10,
subscription_address='http://example.com/SubsService/',
subscription_message_bindings=[t.VID_TAXII_XML_10])
feed1 = tm10.FeedInformationResponse.FeedInformation(
feed_name='Feed1',
feed_description='Description of a feed',
supported_contents=[t.CB_STIX_XML_10],
push_methods=[push_method1],
polling_service_instances=[polling_service1],
subscription_methods=[subscription_service1])
feed_information_response1 = tm10.FeedInformationResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
feed_informations=[feed1])
round_trip_message(feed_information_response1)
def test_feed_information_response_deprecated(self):
# Test nested-class forms:
# FeedInformationResponse.FeedInformation
# FeedInformationResponse.FeedInformation.PushMethod
# FeedInformationResponse.FeedInformation.PollingServiceInstance
# FeedInformationResponse.FeedInformation.SubscriptionMethod
push_method1 = tm10.FeedInformationResponse.FeedInformation.PushMethod(
push_protocol=t.VID_TAXII_HTTP_10,
push_message_bindings=[t.VID_TAXII_XML_10])
polling_service1 = tm10.FeedInformationResponse.FeedInformation.PollingServiceInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/PollService/',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription_service1 = tm10.FeedInformationResponse.FeedInformation.SubscriptionMethod(
subscription_protocol=t.VID_TAXII_HTTP_10,
subscription_address='http://example.com/SubsService/',
subscription_message_bindings=[t.VID_TAXII_XML_10])
feed1 = tm10.FeedInformationResponse.FeedInformation(
feed_name='Feed1',
feed_description='Description of a feed',
supported_contents=[t.CB_STIX_XML_10],
push_methods=[push_method1],
polling_service_instances=[polling_service1],
subscription_methods=[subscription_service1])
feed_information_response1 = tm10.FeedInformationResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
feed_informations=[feed1])
round_trip_message(feed_information_response1)
def test_discovery_response(self):
service_instance1 = tm10.ServiceInstance(
service_type=SVC_INBOX, # Required
services_version=VID_TAXII_SERVICES_10, # Required
protocol_binding=VID_TAXII_HTTP_10, # Required
service_address='http://example.com/inboxservice/', # Required
message_bindings=[
VID_TAXII_XML_10
], # Required, must have at least one value in the list
inbox_service_accepted_content=[
CB_STIX_XML_10
], # Optional for service_type=SVC_INBOX, prohibited otherwise
# If this is absent and service_type=SVC_INBOX,
# It means the inbox service accepts all content
available=True, # Optional - defaults to None, which means 'Unknown'
message='This is a message.') # Optional
# Create the discovery response
discovery_response1 = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(
), # Required. This should be the ID of the corresponding request
service_instances=[service_instance1]) # Optional.
round_trip_message(discovery_response1)
def test_status_message(self):
status_message1 = tm10.StatusMessage(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required. Should be the ID of the corresponding request
status_type=tm10.ST_SUCCESS, # Required
status_detail='Machine-processable info here!', # May be optional or not allowed, depending on status_type
message='This is a message.') # Optional
round_trip_message(status_message1)
def test_status_message(self):
status_message1 = tm10.StatusMessage(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required. Should be the ID of the corresponding request
status_type=tm10.ST_SUCCESS, # Required
status_detail='Machine-processable info here!', # May be optional or not allowed, depending on status_type
message='This is a message.') # Optional
round_trip_message(status_message1)
def test_poll_response1(self):
poll_response2 = tm10.PollResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required - this should be the ID of the corresponding request
feed_name='FeedName', # Required
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Required
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional
subscription_id='SubsId001', # Optional
message='This is a message.', # Optional
content_blocks=[string_content_block1]) # Optional
round_trip_message(poll_response2)
def test_poll_response1(self):
poll_response2 = tm10.PollResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required - this should be the ID of the corresponding request
feed_name='FeedName', # Required
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Required
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional
subscription_id='SubsId001', # Optional
message='This is a message.', # Optional
content_blocks=[string_content_block1]) # Optional
round_trip_message(poll_response2)
def test_discovery_request(self):
discovery_request1 = tm10.DiscoveryRequest(
message_id=tm10.generate_message_id(), # Required
extended_headers={'ext_header1': 'value1', 'ext_header2': 'value2'}) # Optional.
#Extended headers are optional for every message type, but only demonstrated here
round_trip_message(discovery_request1)
def create_request_message(self, args):
try:
if args.begin_ts:
begin_ts = dateutil.parser.parse(args.begin_ts)
if not begin_ts.tzinfo:
raise ValueError
else:
begin_ts = None
if args.end_ts:
end_ts = dateutil.parser.parse(args.end_ts)
if not end_ts.tzinfo:
raise ValueError
else:
end_ts = None
except ValueError:
print("Unable to parse timestamp value. Timestamp should include both date and time information along " \
"with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll.")
sys.exit()
poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(),
feed_name=args.feed,
exclusive_begin_timestamp_label=begin_ts,
inclusive_end_timestamp_label=end_ts,
subscription_id=args.subs_id)
return poll_req
def create_request_message(self, args):
try:
if args.begin_ts:
begin_ts = dateutil.parser.parse(args.begin_ts)
if not begin_ts.tzinfo:
raise ValueError
else:
begin_ts = None
if args.end_ts:
end_ts = dateutil.parser.parse(args.end_ts)
if not end_ts.tzinfo:
raise ValueError
else:
end_ts = None
except ValueError:
print("Unable to parse timestamp value. Timestamp should include both date and time information along " \
"with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll.")
sys.exit()
poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(),
feed_name=args.feed,
exclusive_begin_timestamp_label=begin_ts,
inclusive_end_timestamp_label=end_ts,
subscription_id=args.subs_id)
return poll_req
def test_discovery_request(self):
discovery_request1 = tm10.DiscoveryRequest(
message_id=tm10.generate_message_id(), # Required
# Extended headers are optional for every message type, but only demonstrated here
extended_headers={'ext_header1': 'value1', 'ext_header2': 'value2'}) # Optional.
round_trip_message(discovery_request1)
def test_discovery_response_deprecated(self):
# Test nested-class form:
# DiscoveryResponse.ServiceInstance
service_instance1 = tm10.DiscoveryResponse.ServiceInstance(
service_type=tm10.SVC_INBOX,
services_version=t.VID_TAXII_SERVICES_10,
protocol_binding=t.VID_TAXII_HTTP_10,
service_address='http://example.com/inboxservice/',
message_bindings=[t.VID_TAXII_XML_10])
discovery_response1 = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
service_instances=[service_instance1])
round_trip_message(discovery_response1)
def test_inbox_message2(self):
inbox_message2 = tm10.InboxMessage(
message_id=tm10.generate_message_id(), # Required
message='This is a message.', # Optional
subscription_information=self.subscription_information1, # Optional
content_blocks=[string_content_block1]) # Optional
round_trip_message(inbox_message2)
def test_discovery_response_deprecated(self):
# Test nested-class form:
# DiscoveryResponse.ServiceInstance
service_instance1 = tm10.DiscoveryResponse.ServiceInstance(
service_type=tm10.SVC_INBOX,
services_version=t.VID_TAXII_SERVICES_10,
protocol_binding=t.VID_TAXII_HTTP_10,
service_address='http://example.com/inboxservice/',
message_bindings=[t.VID_TAXII_XML_10])
discovery_response1 = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
service_instances=[service_instance1])
round_trip_message(discovery_response1)
def test_inbox_message2(self):
inbox_message2 = tm10.InboxMessage(
message_id=tm10.generate_message_id(), # Required
message='This is a message.', # Optional
subscription_information=self.subscription_information1, # Optional
content_blocks=[string_content_block1]) # Optional
round_trip_message(inbox_message2)
def test_feed_subscription_request(self):
manage_feed_subscription_request1 = tm10.ManageFeedSubscriptionRequest(
message_id=tm10.generate_message_id(), # Required
feed_name='SomeFeedName', # Required
action=tm10.ACT_UNSUBSCRIBE, # Required
subscription_id='SubsId056', # Required for unsubscribe, prohibited otherwise
delivery_parameters=delivery_parameters1) # Required
round_trip_message(manage_feed_subscription_request1)
def test_feed_subscription_request(self):
manage_feed_subscription_request1 = tm10.ManageFeedSubscriptionRequest(
message_id=tm10.generate_message_id(), # Required
feed_name='SomeFeedName', # Required
action=tm10.ACT_UNSUBSCRIBE, # Required
subscription_id='SubsId056', # Required for unsubscribe, prohibited otherwise
delivery_parameters=delivery_parameters1) # Required
round_trip_message(manage_feed_subscription_request1)
def test_manage_feed_subscription_response(self):
poll_instance1 = tm10.PollInstance(
poll_protocol=t.VID_TAXII_HTTP_10, # Required
poll_address='http://example.com/poll', # Required
poll_message_bindings=[t.VID_TAXII_XML_10]) # Required
subscription_instance1 = tm10.SubscriptionInstance(
subscription_id='SubsId234', # required
delivery_parameters=delivery_parameters1, # Required if message is responding to a status action. Optional otherwise
poll_instances=[poll_instance1]) # Required if action was polling subscription. Optional otherwise
manage_feed_subscription_response1 = tm10.ManageFeedSubscriptionResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required - Should be the ID of the corresponding request
feed_name='Feed001', # Required
message='This is a message', # Optional
subscription_instances=[subscription_instance1]) # Required
round_trip_message(manage_feed_subscription_response1)
def test_manage_feed_subscription_response(self):
poll_instance1 = tm10.ManageFeedSubscriptionResponse.PollInstance(
poll_protocol=t.VID_TAXII_HTTP_10, # Required
poll_address='http://example.com/poll', # Required
poll_message_bindings=[t.VID_TAXII_XML_10]) # Required
subscription_instance1 = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance(
subscription_id='SubsId234', # required
delivery_parameters=[delivery_parameters1], # Required if message is responding to a status action. Optional otherwise
poll_instances=[poll_instance1]) # Required if action was polling subscription. Optional otherwise
manage_feed_subscription_response1 = tm10.ManageFeedSubscriptionResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required - Should be the ID of the corresponding request
feed_name='Feed001', # Required
message='This is a message', # Optional
subscription_instances=[subscription_instance1]) # Required
round_trip_message(manage_feed_subscription_response1)
def test_poll_request1(self):
poll_request1 = tm10.PollRequest(
message_id=tm10.generate_message_id(), # Required
feed_name='TheFeedToPoll', # Required
subscription_id='SubsId002', # Optional
exclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no lower bound'
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no upper bound'
content_bindings=[t.CB_STIX_XML_10]) # Optional - defaults to accepting all content bindings
round_trip_message(poll_request1)
def test_poll_request1(self):
poll_request1 = tm10.PollRequest(
message_id=tm10.generate_message_id(), # Required
feed_name='TheFeedToPoll', # Required
subscription_id='SubsId002', # Optional
exclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no lower bound'
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no upper bound'
content_bindings=[t.CB_STIX_XML_10]) # Optional - defaults to accepting all content bindings
round_trip_message(poll_request1)
def test_discovery_response(self):
service_instance1 = tm10.DiscoveryResponse.ServiceInstance(
service_type=tm10.SVC_INBOX, # Required
services_version=t.VID_TAXII_SERVICES_10, # Required
protocol_binding=t.VID_TAXII_HTTP_10, # Required
service_address='http://example.com/inboxservice/', # Required
message_bindings=[t.VID_TAXII_XML_10], # Required, must have at least one value in the list
inbox_service_accepted_content=[t.CB_STIX_XML_10], # Optional for service_type=SVC_INBOX, prohibited otherwise
#If this is absent and service_type=SVC_INBOX,
#It means the inbox service accepts all content
available=True, # Optional - defaults to None, which means 'Unknown'
message='This is a message.') # Optional
#Create the discovery response
discovery_response1 = tm10.DiscoveryResponse(
message_id=tm10.generate_message_id(), # Required
in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request
service_instances=[service_instance1]) # Optional.
round_trip_message(discovery_response1)
def main():
parser = t.scripts.get_base_parser("TAXII 1.0 Poll Client (Deprecated)", path="/services/poll/")
parser.add_argument("--feed", dest="feed", default="default", help="Data Collection to poll. Defaults to 'default'.")
parser.add_argument("--begin_timestamp", dest="begin_ts", default=None, help="The begin timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.")
parser.add_argument("--end_timestamp", dest="end_ts", default=None, help="The end timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.")
parser.add_argument("--subscription-id", dest="subs_id", default=None, help="The subscription ID to use. Defaults to None")
args = parser.parse_args()
try:
if args.begin_ts:
begin_ts = dateutil.parser.parse(args.begin_ts)
if not begin_ts.tzinfo:
raise ValueError
else:
begin_ts = None
if args.end_ts:
end_ts = dateutil.parser.parse(args.end_ts)
if not end_ts.tzinfo:
raise ValueError
else:
end_ts = None
except ValueError:
print "Unable to parse timestamp value. Timestamp should include both date and time information along with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll."
sys.exit()
poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(),
feed_name=args.feed,
exclusive_begin_timestamp_label=begin_ts,
inclusive_end_timestamp_label=end_ts,
subscription_id=args.subs_id)
poll_req_xml = poll_req.to_xml(pretty_print=True)
print "Poll Request: \r\n", poll_req_xml
client = tc.HttpClient()
client.setUseHttps(args.https)
client.setProxy(args.proxy)
tls = (args.cert is not None and args.key is not None)
basic = (args.username is not None and args.password is not None)
if tls and basic:
client.setAuthType(tc.HttpClient.AUTH_CERT_BASIC)
client.setAuthCredentials({'key_file': args.key, 'cert_file': args.cert, 'username': args.username, 'password': args.password})
elif tls:
client.setAuthType(tc.HttpClient.AUTH_CERT)
client.setAuthCredentials({'key_file': args.key, 'cert_file': args.cert})
elif basic:
client.setAuthType(tc.HttpClient.AUTH_BASIC)
client.setAuthCredentials({'username': args.username, 'password': args.password})
resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_10, poll_req_xml, args.port)
response_message = t.get_message_from_http_response(resp, '0')
print "Response Message: \r\n", response_message.to_xml(pretty_print=True)
def test_manage_feed_subscription_response_deprecated(self):
# Test nested-class forms:
# ManageFeedSubscriptionResponse.PollInstance
# ManageFeedSubscriptionResponse.SubscriptionInstance
poll = tm10.ManageFeedSubscriptionResponse.PollInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/poll',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance(
subscription_id='SubsId234',
delivery_parameters=[delivery_parameters1],
poll_instances=[poll])
response = tm10.ManageFeedSubscriptionResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
feed_name='Feed001',
subscription_instances=[subscription])
round_trip_message(response)
def test_manage_feed_subscription_response_deprecated(self):
# Test nested-class forms:
# ManageFeedSubscriptionResponse.PollInstance
# ManageFeedSubscriptionResponse.SubscriptionInstance
poll = tm10.ManageFeedSubscriptionResponse.PollInstance(
poll_protocol=t.VID_TAXII_HTTP_10,
poll_address='http://example.com/poll',
poll_message_bindings=[t.VID_TAXII_XML_10])
subscription = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance(
subscription_id='SubsId234',
delivery_parameters=delivery_parameters1,
poll_instances=[poll])
response = tm10.ManageFeedSubscriptionResponse(
message_id=tm10.generate_message_id(),
in_response_to=tm10.generate_message_id(),
feed_name='Feed001',
subscription_instances=[subscription])
round_trip_message(response)
def test_inbox_message_deprecated(self):
# Test nested-class form:
# InboxMessage.SubscriptionInformation
sub_info = tm10.InboxMessage.SubscriptionInformation(
feed_name='SomeFeedName',
subscription_id='SubsId021',
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()))
inbox_msg = tm10.InboxMessage(message_id=tm10.generate_message_id(),
subscription_information=sub_info,
content_blocks=[xml_content_block1])
round_trip_message(inbox_msg)
def test_inbox_message_deprecated(self):
# Test nested-class form:
# InboxMessage.SubscriptionInformation
sub_info = tm10.InboxMessage.SubscriptionInformation(
feed_name='SomeFeedName',
subscription_id='SubsId021',
inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),
inclusive_end_timestamp_label=datetime.datetime.now(tzutc()))
inbox_msg = tm10.InboxMessage(
message_id=tm10.generate_message_id(),
subscription_information=sub_info,
content_blocks=[xml_content_block1])
round_trip_message(inbox_msg)
def taxii_poll(src_feed, is_ssl_enabled, username, feed_path=common.TAXII_DATA, site_url="127.0.0.1", timestamp=None):
"""
pull stix from edge via taxii, currently requires trust_localhost enabled in taxii server
:param site_url:
:param src_feed:
:param is_ssl_enabled:
:param feed_path:
:param timestamp:
:return:
"""
client = tc.HttpClient()
client.setUseHttps(is_ssl_enabled)
# NOTE: IMPORTANT: ASSUMES TAXII CLIENT USES TRUST_LOCALHOST
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials({'username': username, 'password': ''})
if not timestamp:
earliest = epoch_start()
else:
earliest = timestamp
latest = nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=src_feed,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
site_url,
feed_path,
t.VID_TAXII_XML_10, poll_request.to_xml())
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
pass
elif isinstance(taxii_message, tm10.PollResponse):
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(indicators_, observables_) = \
process_taxii_content_blocks(content_block)
indicators.update(indicators_)
observables.update(observables_)
return latest, indicators, observables
def taxii_poll(config, src, dest, timestamp=None):
"""pull stix from edge via taxii"""
client = tc.HttpClient()
client.setUseHttps(config["edge"]["sites"][src]["taxii"]["ssl"])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{
"username": config["edge"]["sites"][src]["taxii"]["user"],
"password": config["edge"]["sites"][src]["taxii"]["pass"],
}
)
if not timestamp:
earliest = util.epoch_start()
else:
earliest = timestamp
latest = util.nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=config["edge"]["sites"][src]["taxii"]["collection"],
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11],
)
http_response = client.callTaxiiService2(
config["edge"]["sites"][src]["host"],
config["edge"]["sites"][src]["taxii"]["path"],
t.VID_TAXII_XML_10,
poll_request.to_xml(),
port=config["edge"]["sites"][src]["taxii"]["port"],
)
taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
config["logger"].error(log.log_messages["polling_error"].format(type_="taxii", error=taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
incidents = dict()
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(incidents_, indicators_, observables_) = process_taxii_content_blocks(config, content_block)
incidents.update(incidents_)
indicators.update(indicators_)
observables.update(observables_)
return (latest, incidents, indicators, observables)
def taxii_poll(host=None, port=None, endpoint=None, collection=None, user=None, passwd=None, use_ssl=None, attempt_validation=None):
'''poll cti via taxii'''
client = tc.HttpClient()
client.setUseHttps(use_ssl)
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username': user,
'password': passwd})
earliest = epoch_start()
latest = nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=collection,
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
host, endpoint,
t.VID_TAXII_XML_10, poll_request.to_xml(),
port=port)
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
print('''TAXII connection error! Exiting...
%s''' % (taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
cooked_stix_objs = {'campaigns': set(), 'courses_of_action': set(), \
'exploit_targets': set(), 'incidents': set(), \
'indicators': set(), 'threat_actors': set(), \
'ttps': set()}
cooked_cybox_objs = dict()
for content_block in taxii_message.content_blocks:
stix_package = taxii_content_block_to_stix(content_block)
(raw_stix_objs, raw_cybox_objs) = \
process_stix_pkg(stix_package)
for k in raw_stix_objs.keys():
cooked_stix_objs[k].update(raw_stix_objs[k])
for k in raw_cybox_objs.keys():
if not k in cooked_cybox_objs.keys():
cooked_cybox_objs[k] = set()
cooked_cybox_objs[k].update(raw_cybox_objs[k])
return(cooked_stix_objs, cooked_cybox_objs)
def taxii_poll(config, src, dest, timestamp=None):
'''pull stix from edge via taxii'''
client = tc.HttpClient()
client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl'])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username': config['edge']['sites'][src]['taxii']['user'],
'password': config['edge']['sites'][src]['taxii']['pass']})
if not timestamp:
earliest = util_.epoch_start()
else:
earliest = timestamp
latest = util_.nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=config['edge']['sites'][src]['taxii']['collection'],
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
config['edge']['sites'][src]['host'],
config['edge']['sites'][src]['taxii']['path'],
t.VID_TAXII_XML_10, poll_request.to_xml(),
port=config['edge']['sites'][src]['taxii']['port'])
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
config['logger'].error(log_.log_messages['polling_error'].format(
type_='taxii', error=taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
incidents = dict()
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(incidents_, indicators_, observables_) = \
process_taxii_content_blocks(config, content_block)
incidents.update(incidents_)
indicators.update(indicators_)
observables.update(observables_)
return(latest, incidents, indicators, observables)
def taxii_poll(config, src, dest, timestamp=None):
'''pull stix from edge via taxii'''
client = tc.HttpClient()
client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl'])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username': config['edge']['sites'][src]['taxii']['user'],
'password': config['edge']['sites'][src]['taxii']['pass']})
if not timestamp:
earliest = util.epoch_start()
else:
earliest = timestamp
latest = util.nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=config['edge']['sites'][src]['taxii']['collection'],
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
config['edge']['sites'][src]['host'],
config['edge']['sites'][src]['taxii']['path'],
t.VID_TAXII_XML_10, poll_request.to_xml(),
port=config['edge']['sites'][src]['taxii']['port'])
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
config['logger'].error(log.log_messages['polling_error'].format(
type_='taxii', error=taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
incidents = dict()
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(incidents_, indicators_, observables_) = \
process_taxii_content_blocks(config, content_block)
incidents.update(incidents_)
indicators.update(indicators_)
observables.update(observables_)
return(latest, incidents, indicators, observables)
def main():
parser = scripts.get_base_parser("Discovery Client", path="/services/discovery/")
args = parser.parse_args()
discovery_req = tm10.DiscoveryRequest(message_id=tm10.generate_message_id())
print "Request:\n"
if args.xml_output is False:
print discovery_req.to_text()
else:
print discovery_req.to_xml(pretty_print=True)
client = scripts.create_client(args)
resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_11, discovery_req,to_xml(pretty_print=True), args.port)
r = t.get_message_from_http_response(resp, '0')
print "Response:\n"
if args.xml_output is False:
print r.to_text()
else:
print r.to_xml(pretty_print=True)
def test_discovery_exchange(self):
"""Send a discovery request, look to get a discovery response back."""
req = tm10.DiscoveryRequest(tm10.generate_message_id())
response = self.post(DISCOVERY_PATH, req.to_xml())
self.assertDiscoveryResponse(response)
def test_discovery_exchange(self):
"""Send a discovery request, look to get a discovery response back."""
req = tm10.DiscoveryRequest(tm10.generate_message_id())
response = self.post(DISCOVERY_PATH, req.to_xml())
self.assertDiscoveryResponse(response)
def create_request_message(self, args):
return tm10.FeedInformationRequest(message_id=tm10.generate_message_id())
def test_feed_information_request1(self):
feed_information_request1 = tm10.FeedInformationRequest(
message_id=tm10.generate_message_id()) # Required
round_trip_message(feed_information_request1)
def main():
parser = scripts.get_base_parser("TAXII 1.0 Poll Client (Deprecated)", path="/services/poll/")
parser.add_argument("--feed", dest="feed", default="default", help="Data Collection to poll. Defaults to 'default'.")
parser.add_argument("--begin_timestamp", dest="begin_ts", default=None, help="The begin timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.")
parser.add_argument("--end_timestamp", dest="end_ts", default=None, help="The end timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.")
parser.add_argument("--subscription-id", dest="subs_id", default=None, help="The subscription ID to use. Defaults to None")
args = parser.parse_args()
try:
if args.begin_ts:
begin_ts = dateutil.parser.parse(args.begin_ts)
if not begin_ts.tzinfo:
raise ValueError
else:
begin_ts = None
if args.end_ts:
end_ts = dateutil.parser.parse(args.end_ts)
if not end_ts.tzinfo:
raise ValueError
else:
end_ts = None
except ValueError:
print "Unable to parse timestamp value. Timestamp should include both date and time information along with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll."
sys.exit()
poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(),
feed_name=args.feed,
exclusive_begin_timestamp_label=begin_ts,
inclusive_end_timestamp_label=end_ts,
subscription_id=args.subs_id)
print "Request:\n"
if args.xml_output is False:
print poll_req.to_text()
else:
print poll_req.to_xml(pretty_print=True)
client = scripts.create_client(args)
resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_10, poll_req.to_xml(pretty_print=True), args.port)
r = t.get_message_from_http_response(resp, '0')
print "Response:\n"
if args.xml_output is False:
print r.to_text()
else:
print r.to_xml(pretty_print=True)
if r.message_type == tm10.MSG_POLL_RESPONSE:
for cb in r.content_blocks:
if cb.content_binding.binding_id == t.CB_STIX_XML_10:
format = '_STIX10_'
ext = '.xml'
elif cb.content_binding.binding_id == t.CB_STIX_XML_101:
format = '_STIX101_'
ext = '.xml'
elif cb.content_binding.binding_id == t.CB_STIX_XML_11:
format = '_STIX11_'
ext = '.xml'
elif cb.content_binding.binding_id == t.CB_STIX_XML_111:
format = '_STIX111_'
ext = '.xml'
else: # Format and extension are unknown
format = ''
ext = ''
if cb.timestamp_label:
date_string = 't' + cb.timestamp_label.isoformat()
else:
date_string = 's' + datetime.datetime.now().isoformat()
filename = (args.dest_dir + r.collection_name + format + date_string + ext).translate(None, '/\\:*?"<>|')
f = open(filename, 'w')
f.write(cb.content)
f.flush()
f.close()
print "Wrote Content Block to %s" % filename
def test_feed_information_request1(self):
feed_information_request1 = tm10.FeedInformationRequest(
message_id=tm10.generate_message_id()) # Required
round_trip_message(feed_information_request1)
def create_request_message(self, args):
message_id = tm10.generate_message_id()
return tm10.FeedInformationRequest(message_id)
