def get_attach_stix2_bundle(
tlp,
referred_url,
sharing_range,
request_file,
stip_user=None
):
# S-TIP Identity 作成する
individual_identity = _get_individual_identity(stip_user)
organization_identity = _get_organization_identity(stip_user)
# x_stip_sns_author
x_stip_sns_author = _get_x_stip_sns_author(stip_user)
# x_stip_sns_identity
x_stip_sns_identity = _get_x_stip_sns_identity()
# x_stip_sns_tool
x_stip_sns_tool = _get_x_stip_sns_tool()
# TLP marking_object 取得
tlp_marking_object = _get_tlp_markings(tlp)
# 共通 lang
common_lang = stip_user.language
title = request_file.name
content = 'File "%s" encoded in BASE64.' % (request_file.name)
x_stip_sns_attachment = _get_x_stip_sns_attachment(request_file)
# x_stip_sns_post
x_stip_sns_post = _get_x_stip_sns_post(
title,
content,
tlp,
sharing_range,
referred_url)
stip_sns = StipSns(
lang=common_lang,
object_marking_refs=[tlp_marking_object],
created_by_ref=individual_identity,
name=title,
description=content,
x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT,
x_stip_sns_author=x_stip_sns_author,
x_stip_sns_post=x_stip_sns_post,
x_stip_sns_attachment=x_stip_sns_attachment,
x_stip_sns_identity=x_stip_sns_identity,
x_stip_sns_tool=x_stip_sns_tool)
# bundle 作成
bundle = Bundle(
individual_identity,
tlp_marking_object,
stip_sns)
if organization_identity:
bundle.objects.append(organization_identity)
return bundle, stip_sns.id
def get_like_stix2_bundle(
x_stip_sns_object_ref,
x_stip_sns_object_ref_version,
like,
tlp,
stip_user=None
):
# S-TIP Identity 作成する
individual_identity = _get_individual_identity(stip_user)
organization_identity = _get_organization_identity(stip_user)
# x_stip_sns_author
x_stip_sns_author = _get_x_stip_sns_author(stip_user)
# x_stip_sns_identity
x_stip_sns_identity = _get_x_stip_sns_identity()
# x_stip_sns_tool
x_stip_sns_tool = _get_x_stip_sns_tool()
# TLP marking_object 取得
tlp_marking_object = _get_tlp_markings(tlp)
# 共通 lang
common_lang = stip_user.language
if like:
# like -> unlike
x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_UNLIKE
title = 'Unlike to %s' % (x_stip_sns_object_ref)
description = 'Unlike to %s' % (x_stip_sns_object_ref)
else:
# unlike -> like
x_stip_sns_type = const.STIP_STIX2_SNS_POST_TYPE_LIKE
title = 'Like to %s' % (x_stip_sns_object_ref)
description = 'Like to %s' % (x_stip_sns_object_ref)
stip_sns = StipSns(
lang=common_lang,
object_marking_refs=[tlp_marking_object],
created_by_ref=individual_identity,
name=title,
description=description,
x_stip_sns_type=x_stip_sns_type,
x_stip_sns_author=x_stip_sns_author,
x_stip_sns_object_ref=x_stip_sns_object_ref,
x_stip_sns_object_ref_version=x_stip_sns_object_ref_version,
x_stip_sns_identity=x_stip_sns_identity,
x_stip_sns_tool=x_stip_sns_tool)
# bundle 作成
bundle = Bundle(
individual_identity,
tlp_marking_object,
stip_sns)
if organization_identity:
bundle.objects.append(organization_identity)
return bundle
def _get_attach_stix2_bundle(stip_sns, tlp_marking_object, feed_file):
title = feed_file
content = 'File "%s" encoded in BASE64.' % (feed_file.file_name)
x_stip_sns_attachment = _get_x_stip_sns_attachment(feed_file)
stip_sns = StipSns(
lang=stip_sns.lang,
object_marking_refs=[tlp_marking_object],
created_by_ref=stip_sns.created_by_ref,
name=title,
description=content,
x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_ATTACHMENT,
x_stip_sns_author=stip_sns.x_stip_sns_author,
x_stip_sns_attachment=x_stip_sns_attachment,
x_stip_sns_identity=stip_sns.x_stip_sns_identity,
x_stip_sns_tool=stip_sns.x_stip_sns_tool)
return stip_sns
def get_comment_stix2_bundle(x_stip_sns_object_ref,
x_stip_sns_object_ref_version,
description,
tlp,
stip_user=None):
# S-TIP Identity 作成する
individual_identity = _get_individual_identity(stip_user)
organization_identity = _get_organization_identity(stip_user)
# x_stip_sns_author
x_stip_sns_author = _get_x_stip_sns_author(stip_user)
# x_stip_sns_identity
x_stip_sns_identity = _get_x_stip_sns_identity()
# x_stip_sns_tool
x_stip_sns_tool = _get_x_stip_sns_tool()
# TLP marking_object 取得
tlp_marking_object = _get_tlp_markings(tlp)
# 共通 lang
common_lang = stip_user.language
title = 'Comment to %s' % (x_stip_sns_object_ref)
stip_sns = StipSns(
lang=common_lang,
object_marking_refs=[tlp_marking_object],
created_by_ref=individual_identity,
name=title,
description=description,
x_stip_sns_type=const.STIP_STIX2_SNS_POST_TYPE_COMMENT,
x_stip_sns_author=x_stip_sns_author,
x_stip_sns_object_ref=x_stip_sns_object_ref,
x_stip_sns_object_ref_version=x_stip_sns_object_ref_version,
x_stip_sns_identity=x_stip_sns_identity,
x_stip_sns_tool=x_stip_sns_tool)
# bundle 作成
bundle = Bundle(individual_identity, tlp_marking_object, stip_sns)
if organization_identity:
bundle.objects.append(organization_identity)
bundle.objects.append(
_get_relationship_between_individual_to_organization(
individual_identity, organization_identity))
return bundle
def get_post_stix2_bundle(indicators,
ttps,
tas,
title,
content,
tlp,
referred_url,
sharing_range,
stix2_titles=[],
stix2_contents=[],
x_stip_sns_attachment_refs=None,
stip_user=None):
# S-TIP Identity 作成する
individual_identity = _get_individual_identity(stip_user)
organization_identity = _get_organization_identity(stip_user)
# x_stip_sns_author
x_stip_sns_author = _get_x_stip_sns_author(stip_user)
# x_stip_sns_post
x_stip_sns_post = _get_x_stip_sns_post(title, content, tlp, sharing_range,
referred_url)
# x_stip_sns_object_ref
x_stip_sns_object_ref = None
# x_stip_sns_tags
x_stip_sns_tags = None
# x_stip_sns_indicators
x_stip_sns_indicators = None
# x_stip_sns_identity
x_stip_sns_identity = _get_x_stip_sns_identity()
# x_stip_sns_tool
x_stip_sns_tool = _get_x_stip_sns_tool()
# Report Object 用 object_refs
report_object_refs = []
# TLP marking_object 取得
tlp_marking_object = _get_tlp_markings(tlp)
# bundle 作成
bundle = Bundle(individual_identity, tlp_marking_object)
if organization_identity:
bundle.objects.append(organization_identity)
bundle.objects.append(
_get_relationship_between_individual_to_organization(
individual_identity, organization_identity))
# objects に Vulnerability 追加
for ttp in ttps:
vulnerablity_object = _get_vulnerability_object(
ttp, individual_identity, tlp_marking_object)
bundle.objects.append(vulnerablity_object)
report_object_refs.append(vulnerablity_object)
# objects に ThreatActor 追加
for ta in tas:
ta_object = _get_threat_actor_object(ta, individual_identity,
tlp_marking_object)
bundle.objects.append(ta_object)
report_object_refs.append(ta_object)
# objects に Indicator 追加
for indicator in indicators:
indicator_o = _get_indicator_object(indicator, individual_identity,
tlp_marking_object)
if indicator_o is not None:
bundle.objects.append(indicator_o)
report_object_refs.append(indicator_o)
# 共通 lang
common_lang = stip_user.language
# Report と StipSns に格納する granular_markings を取得する
if len(stix2_titles) > 0 and len(stix2_contents) > 0:
granular_markings = _make_granular_markings(stix2_titles[0],
stix2_contents[0],
stip_user.language)
else:
granular_markings = None
# StipSns Object (Custom Object)
stip_sns = StipSns(lang=common_lang,
granular_markings=granular_markings,
object_marking_refs=[tlp_marking_object],
created_by_ref=individual_identity,
name=title,
description=content,
x_stip_sns_type='post',
x_stip_sns_author=x_stip_sns_author,
x_stip_sns_post=x_stip_sns_post,
x_stip_sns_attachment_refs=x_stip_sns_attachment_refs,
x_stip_sns_object_ref=x_stip_sns_object_ref,
x_stip_sns_tags=x_stip_sns_tags,
x_stip_sns_indicators=x_stip_sns_indicators,
x_stip_sns_identity=x_stip_sns_identity,
x_stip_sns_tool=x_stip_sns_tool)
report_object_refs.append(stip_sns)
bundle.objects.append(stip_sns)
# ReportObject
published = format_stix2_datetime(datetime.datetime.now(tz=pytz.utc))
report = Report(lang=common_lang,
granular_markings=granular_markings,
object_marking_refs=[tlp_marking_object],
name=title,
description=content,
created_by_ref=individual_identity,
published=published,
report_types=['threat-report'],
object_refs=report_object_refs)
bundle.objects.append(report)
# language-content 作成
if granular_markings is None:
# S-TIP オブジェクト用の language-content 作成
language_contents = _get_language_contents(stix2_titles,
stix2_contents)
if common_lang in language_contents:
del language_contents[common_lang]
if language_contents != {}:
s_tip_lc = LanguageContent(created_by_ref=individual_identity,
object_ref=stip_sns,
object_modified=stip_sns.created,
contents=language_contents)
bundle.objects.append(s_tip_lc)
# Report オブジェクト用の language-content 作成
report_lc = LanguageContent(object_ref=report,
created_by_ref=individual_identity,
object_modified=report.created,
contents=language_contents)
bundle.objects.append(report_lc)
return bundle
