def get_attach_stix2_bundle( tlp, referred_url, sharing_range, request_file, stip_user=None ): # S-TIP Identity 作成する individual_identity = _get_individual_identity(stip_user) organization_identity = _get_organization_identity(stip_user) # x_stip_sns_author x_stip_sns_author = _get_x_stip_sns_author(stip_user) # x_stip_sns_identity x_stip_sns_identity = _get_x_stip_sns_identity() # x_stip_sns_tool x_stip_sns_tool = _get_x_stip_sns_tool() # TLP marking_object 取得 tlp_marking_object = _get_tlp_markings(tlp) # 共通 lang common_lang = stip_user.language title = request_file.name content = 'File "%s" encoded in BASE64.' % (request_file.name) x_stip_sns_attachment = _get_x_stip_sns_attachment(request_file) # x_stip_sns_post x_stip_sns_post = _get_x_stip_sns_post( title, content, tlp, sharing_range, referred_url) stip_sns = StipSns( lang=common_lang, object_marking_refs=[tlp_marking_object], created_by_ref=individual_identity, name=title, description=content, x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT, x_stip_sns_author=x_stip_sns_author, x_stip_sns_post=x_stip_sns_post, x_stip_sns_attachment=x_stip_sns_attachment, x_stip_sns_identity=x_stip_sns_identity, x_stip_sns_tool=x_stip_sns_tool) # bundle 作成 bundle = Bundle( individual_identity, tlp_marking_object, stip_sns) if organization_identity: bundle.objects.append(organization_identity) return bundle, stip_sns.id
def get_like_stix2_bundle( x_stip_sns_object_ref, x_stip_sns_object_ref_version, like, tlp, stip_user=None ): # S-TIP Identity 作成する individual_identity = _get_individual_identity(stip_user) organization_identity = _get_organization_identity(stip_user) # x_stip_sns_author x_stip_sns_author = _get_x_stip_sns_author(stip_user) # x_stip_sns_identity x_stip_sns_identity = _get_x_stip_sns_identity() # x_stip_sns_tool x_stip_sns_tool = _get_x_stip_sns_tool() # TLP marking_object 取得 tlp_marking_object = _get_tlp_markings(tlp) # 共通 lang common_lang = stip_user.language if like: # like -> unlike x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_UNLIKE title = 'Unlike to %s' % (x_stip_sns_object_ref) description = 'Unlike to %s' % (x_stip_sns_object_ref) else: # unlike -> like x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_LIKE title = 'Like to %s' % (x_stip_sns_object_ref) description = 'Like to %s' % (x_stip_sns_object_ref) stip_sns = StipSns( lang=common_lang, object_marking_refs=[tlp_marking_object], created_by_ref=individual_identity, name=title, description=description, x_stip_sns_type=x_stip_sns_type, x_stip_sns_author=x_stip_sns_author, x_stip_sns_object_ref=x_stip_sns_object_ref, x_stip_sns_object_ref_version=x_stip_sns_object_ref_version, x_stip_sns_identity=x_stip_sns_identity, x_stip_sns_tool=x_stip_sns_tool) # bundle 作成 bundle = Bundle( individual_identity, tlp_marking_object, stip_sns) if organization_identity: bundle.objects.append(organization_identity) return bundle
def _get_attach_stix2_bundle(stip_sns, tlp_marking_object, feed_file): title = feed_file content = 'File "%s" encoded in BASE64.' % (feed_file.file_name) x_stip_sns_attachment = _get_x_stip_sns_attachment(feed_file) stip_sns = StipSns( lang=stip_sns.lang, object_marking_refs=[tlp_marking_object], created_by_ref=stip_sns.created_by_ref, name=title, description=content, x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT, x_stip_sns_author=stip_sns.x_stip_sns_author, x_stip_sns_attachment=x_stip_sns_attachment, x_stip_sns_identity=stip_sns.x_stip_sns_identity, x_stip_sns_tool=stip_sns.x_stip_sns_tool) return stip_sns
def get_comment_stix2_bundle(x_stip_sns_object_ref, x_stip_sns_object_ref_version, description, tlp, stip_user=None): # S-TIP Identity 作成する individual_identity = _get_individual_identity(stip_user) organization_identity = _get_organization_identity(stip_user) # x_stip_sns_author x_stip_sns_author = _get_x_stip_sns_author(stip_user) # x_stip_sns_identity x_stip_sns_identity = _get_x_stip_sns_identity() # x_stip_sns_tool x_stip_sns_tool = _get_x_stip_sns_tool() # TLP marking_object 取得 tlp_marking_object = _get_tlp_markings(tlp) # 共通 lang common_lang = stip_user.language title = 'Comment to %s' % (x_stip_sns_object_ref) stip_sns = StipSns( lang=common_lang, object_marking_refs=[tlp_marking_object], created_by_ref=individual_identity, name=title, description=description, x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_COMMENT, x_stip_sns_author=x_stip_sns_author, x_stip_sns_object_ref=x_stip_sns_object_ref, x_stip_sns_object_ref_version=x_stip_sns_object_ref_version, x_stip_sns_identity=x_stip_sns_identity, x_stip_sns_tool=x_stip_sns_tool) # bundle 作成 bundle = Bundle(individual_identity, tlp_marking_object, stip_sns) if organization_identity: bundle.objects.append(organization_identity) bundle.objects.append( _get_relationship_between_individual_to_organization( individual_identity, organization_identity)) return bundle
def get_post_stix2_bundle(indicators, ttps, tas, title, content, tlp, referred_url, sharing_range, stix2_titles=[], stix2_contents=[], x_stip_sns_attachment_refs=None, stip_user=None): # S-TIP Identity 作成する individual_identity = _get_individual_identity(stip_user) organization_identity = _get_organization_identity(stip_user) # x_stip_sns_author x_stip_sns_author = _get_x_stip_sns_author(stip_user) # x_stip_sns_post x_stip_sns_post = _get_x_stip_sns_post(title, content, tlp, sharing_range, referred_url) # x_stip_sns_object_ref x_stip_sns_object_ref = None # x_stip_sns_tags x_stip_sns_tags = None # x_stip_sns_indicators x_stip_sns_indicators = None # x_stip_sns_identity x_stip_sns_identity = _get_x_stip_sns_identity() # x_stip_sns_tool x_stip_sns_tool = _get_x_stip_sns_tool() # Report Object 用 object_refs report_object_refs = [] # TLP marking_object 取得 tlp_marking_object = _get_tlp_markings(tlp) # bundle 作成 bundle = Bundle(individual_identity, tlp_marking_object) if organization_identity: bundle.objects.append(organization_identity) bundle.objects.append( _get_relationship_between_individual_to_organization( individual_identity, organization_identity)) # objects に Vulnerability 追加 for ttp in ttps: vulnerablity_object = _get_vulnerability_object( ttp, individual_identity, tlp_marking_object) bundle.objects.append(vulnerablity_object) report_object_refs.append(vulnerablity_object) # objects に ThreatActor 追加 for ta in tas: ta_object = _get_threat_actor_object(ta, individual_identity, tlp_marking_object) bundle.objects.append(ta_object) report_object_refs.append(ta_object) # objects に Indicator 追加 for indicator in indicators: indicator_o = _get_indicator_object(indicator, individual_identity, tlp_marking_object) if indicator_o is not None: bundle.objects.append(indicator_o) report_object_refs.append(indicator_o) # 共通 lang common_lang = stip_user.language # Report と StipSns に格納する granular_markings を取得する if len(stix2_titles) > 0 and len(stix2_contents) > 0: granular_markings = _make_granular_markings(stix2_titles[0], stix2_contents[0], stip_user.language) else: granular_markings = None # StipSns Object (Custom Object) stip_sns = StipSns(lang=common_lang, granular_markings=granular_markings, object_marking_refs=[tlp_marking_object], created_by_ref=individual_identity, name=title, description=content, x_stip_sns_type='post', x_stip_sns_author=x_stip_sns_author, x_stip_sns_post=x_stip_sns_post, x_stip_sns_attachment_refs=x_stip_sns_attachment_refs, x_stip_sns_object_ref=x_stip_sns_object_ref, x_stip_sns_tags=x_stip_sns_tags, x_stip_sns_indicators=x_stip_sns_indicators, x_stip_sns_identity=x_stip_sns_identity, x_stip_sns_tool=x_stip_sns_tool) report_object_refs.append(stip_sns) bundle.objects.append(stip_sns) # ReportObject published = format_stix2_datetime(datetime.datetime.now(tz=pytz.utc)) report = Report(lang=common_lang, granular_markings=granular_markings, object_marking_refs=[tlp_marking_object], name=title, description=content, created_by_ref=individual_identity, published=published, report_types=['threat-report'], object_refs=report_object_refs) bundle.objects.append(report) # language-content 作成 if granular_markings is None: # S-TIP オブジェクト用の language-content 作成 language_contents = _get_language_contents(stix2_titles, stix2_contents) if common_lang in language_contents: del language_contents[common_lang] if language_contents != {}: s_tip_lc = LanguageContent(created_by_ref=individual_identity, object_ref=stip_sns, object_modified=stip_sns.created, contents=language_contents) bundle.objects.append(s_tip_lc) # Report オブジェクト用の language-content 作成 report_lc = LanguageContent(object_ref=report, created_by_ref=individual_identity, object_modified=report.created, contents=language_contents) bundle.objects.append(report_lc) return bundle