def parse_stix(self, reference=None, make_event=False, source=''):
"""
Parse the document.
:param reference: The reference to the data.
:type reference: str
:param make_event: Whether or not to create an Event for this document.
:type make_event: bool
:param source: The source of this document.
:type source: str
:raises: :class:`crits.standards.parsers.STIXParserException`
Until we have a way to map source strings in a STIX document to
a source in CRITs, we are being safe and using the source provided
as the true source.
"""
f = StringIO(self.data)
self.package = STIXPackage.from_xml(f)
f.close()
if not self.package:
raise STIXParserException("STIX package failure")
stix_header = self.package.stix_header
if stix_header and stix_header.information_source and stix_header.information_source.identity:
self.information_source = stix_header.information_source.identity.name
if self.information_source:
info_src = "STIX Source: %s" % self.information_source
if not reference:
reference = ''
else:
reference += ", "
reference += info_src
if does_source_exist(source):
self.source.name = source
elif does_source_exist(self.information_source):
self.source.name = self.information_source
else:
raise STIXParserException("No source to attribute data to.")
self.source_instance.reference = reference
self.source.instances.append(self.source_instance)
if make_event:
event = Event.from_stix(stix_package=self.package,
source=[self.source])
try:
event.save(username=self.source_instance.analyst)
self.imported.append((Event._meta['crits_type'], event))
except Exception, e:
self.failed.append(
(e.message, type(event).__name__, event.id_))
def parse_stix(self, reference=None, make_event=False, source=''):
"""
Parse the document.
:param reference: The reference to the data.
:type reference: str
:param make_event: Whether or not to create an Event for this document.
:type make_event: bool
:param source: The source of this document.
:type source: str
:raises: :class:`crits.standards.parsers.STIXParserException`
Until we have a way to map source strings in a STIX document to
a source in CRITs, we are being safe and using the source provided
as the true source.
"""
f = StringIO(self.data)
self.package = STIXPackage.from_xml(f)
f.close()
if not self.package:
raise STIXParserException("STIX package failure")
stix_header = self.package.stix_header
if stix_header and stix_header.information_source and stix_header.information_source.identity:
self.information_source = stix_header.information_source.identity.name
if self.information_source:
info_src = "STIX Source: %s" % self.information_source
if not reference:
reference = ''
else:
reference += ", "
reference += info_src
if does_source_exist(source):
self.source.name = source
elif does_source_exist(self.information_source):
self.source.name = self.information_source
else:
raise STIXParserException("No source to attribute data to.")
self.source_instance.reference = reference
self.source.instances.append(self.source_instance)
if make_event:
event = Event.from_stix(stix_package=self.package)
try:
event.add_source(self.source)
event.save(username=self.source_instance.analyst)
self.imported.append((Event._meta['crits_type'], event))
except Exception, e:
self.failed.append((e.message, type(event).__name__, event.id_))
def parse_stix(self, reference=None, make_event=False, source=''):
"""
Parse the document.
:param reference: The reference to the data.
:type reference: str
:param make_event: Whether or not to create an Event for this document.
:type make_event: bool
:param source: The source of this document.
:type source: str
:raises: :class:`crits.standards.parsers.STIXParserException`
Until we have a way to map source strings in a STIX document to
a source in CRITs, we are being safe and using the source provided
as the true source.
"""
f = StringIO(self.data)
(self.package, self.binding) = STIXPackage.from_xml(f)
f.close()
if not self.package and not self.binding:
raise STIXParserException("STIX package failure")
stix_header = self.package.stix_header
if stix_header and stix_header.information_source and stix_header.information_source.identity:
self.information_source = stix_header.information_source.identity.name
if self.information_source:
info_src = "STIX Source: %s" % self.information_source
if not reference:
reference = ''
else:
reference += ", "
reference += info_src
if does_source_exist(source):
self.source.name = source
self.source_instance.reference = reference
self.source.instances.append(self.source_instance)
if make_event:
event = Event.from_stix(stix_package=self.package,
source=[self.source])
event.save(username=self.source_instance.analyst)
self.events.append(('Event', str(event.id)))
# Walk STIX indicators and pull out CybOX observables.
# stix.(indicators|observables) is a list of CybOX observables
if self.package.indicators:
for indicator in self.package.indicators:
if not indicator:
continue
for observable in indicator.observables:
self.__parse_observable(observable)
# Also walk STIX observables and pull out CybOX observables.
# At some point the standard will allow stix_package.observables to be
# an iterable object and we can collapse this with indicators.
if self.package.observables:
if self.package.observables.observables:
for observable in self.package.observables.observables:
if not observable:
continue
self.__parse_observable(observable)
def parse_stix(self, reference=None, make_event=False, source=''):
"""
Parse the document.
:param reference: The reference to the data.
:type reference: str
:param make_event: Whether or not to create an Event for this document.
:type make_event: bool
:param source: The source of this document.
:type source: str
:raises: :class:`crits.standards.parsers.STIXParserException`
Until we have a way to map source strings in a STIX document to
a source in CRITs, we are being safe and using the source provided
as the true source.
"""
f = StringIO(self.data)
(self.package, self.binding) = STIXPackage.from_xml(f)
f.close()
if not self.package and not self.binding:
raise STIXParserException("STIX package failure")
stix_header = self.package.stix_header
if stix_header and stix_header.information_source and stix_header.information_source.identity:
self.information_source = stix_header.information_source.identity.name
if self.information_source:
info_src = "STIX Source: %s" % self.information_source
if not reference:
reference = ''
else:
reference += ", "
reference += info_src
if does_source_exist(source):
self.source.name = source
self.source_instance.reference = reference
self.source.instances.append(self.source_instance)
if make_event:
event = Event.from_stix(stix_package=self.package, source=[self.source])
event.save(username=self.source_instance.analyst)
self.events.append(('Event', str(event.id)))
# Walk STIX indicators and pull out CybOX observables.
# stix.(indicators|observables) is a list of CybOX observables
if self.package.indicators:
for indicator in self.package.indicators:
if not indicator:
continue
for observable in indicator.observables:
self.__parse_observable(observable)
# Also walk STIX observables and pull out CybOX observables.
# At some point the standard will allow stix_package.observables to be
# an iterable object and we can collapse this with indicators.
if self.package.observables:
if self.package.observables.observables:
for observable in self.package.observables.observables:
if not observable:
continue
self.__parse_observable(observable)