def parse(xml_file): # create binding object from xml file observables_obj = cybox_core_binding.parse(xml_file) # convert binding object into python-cybox object observables = Observables.from_obj(observables_obj) return observables
def parse(xml_file): obs_obj = cybox_core_binding.parse(xml_file) # create binding object from xml file obs = Observables.from_obj(obs_obj) # convert binding object into python-cybox object #pro = process_binding.parse(xml_file) #p = Process.from_obj(pro) #print p.pid return obs
def generate_oval(self): #Basic input file checking if os.path.isfile(self.infilename): #Parse the cybox file observables = cybox.parse(self.infilename) try: sys.stdout.write('Generating ' + self.outfilename + ' from ' + self.infilename + '...') print normal_observables = [] obscomp_observables = [] #Parse the observables and create their corresponding OVAL #Two bins: one for observables with observable compositions, and one for those without #This is to ensure that we account for referenced observables correctly for observable in observables.Observable: if not observable.Observable_Composition: normal_observables.append(observable) elif observable.Observable_Composition: obscomp_observables.append(observable) self.process_observables(obscomp_observables, normal_observables) #Build up the OVAL document from the parsed data and corresponding objects self.__build_oval_document() #Export to the output file outfile = open(self.outfilename, 'w') self.ovaldefroot.export( outfile, 0, namespacedef_= 'xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows http://oval.mitre.org/language/version5.7/ovaldefinition/complete/windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-common-schema.xsd"' ) sys.stdout.write('Done') if self.verbose_mode: for observable in self.skipped_observables: print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes' except Exception, err: print('\nError: %s\n' % str(err)) if self.verbose_mode: traceback.print_exc() for observable in self.skipped_observables: print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'
def read_cybox(input_file, isJson): if not isJson: cybox_obj = cybox_core_binding.parse(input_file) cybox_observables = Observables.from_obj(cybox_obj) cybox_data = cybox_observables.to_dict() else: with open(input_file, 'r') as f: cybox_data = json.load(input_file) # TODO: Add other indicator types indicator_data = {'ip_addresses': [], 'hostnames': [] } # TODO: Support additional logic (build parse tree or similar?) for each in cybox_data['observables']: if each['object']['properties']['category'] == 'ipv4-addr': indicator_data['ip_addresses'].append(each['object']['properties']['address_value']) return indicator_data
def __get_email_cybox_object(self, email_sha256, log, config=None): if not config: return None, None, None mail_path = os.path.join(config['emailpath'], email_sha256[0:2], email_sha256[2:4], email_sha256) email_path = os.path.join(mail_path, 'cybox-%s-message.xml' % (email_sha256)) email_stix_path = os.path.join(mail_path, 'stix-%s-email-message.xml' % (email_sha256)) email_stix_filename = 'stix-%s-email-message.xml' % (email_sha256) if os.path.exists(mail_path) and os.path.exists(email_path): try: observables_obj = cybox_core_binding.parse(email_path) obs = Observables.from_obj(observables_obj) email_observables = obs.observables[1:] email_object = Object.from_obj(obs.observables[0].to_obj().Object) return email_object._properties, email_observables, (email_stix_path, email_stix_filename) except StandardError as e: log.error("failed extracting cybox email observable: %s" % (e)) return None, None, None log.warning("no cybox report or email found for given hash: %s" % (email_path)) return None, None, None
def alta_informacion(request): #""" #When in GET method return all the Content Blocks. #When in POST method, given a content binding id, a title, description and content we create a Content Block. #""" logger = logging.getLogger('TAXIIApplication.rest.views.alta_informacion') logger.debug('Entering alta_informacion') logger.debug(request.method) if request.method == 'GET': content = ContentBlock.objects.all() serializer = ContentBlockSerializer(content, many=True) return Response(serializer.data) elif request.method == 'POST': cont = request.DATA.get('content') c = StringIO.StringIO(cont) logger.debug(request.DATA.get('content_binding')) observables_obj = cybox_core_binding.parse(c) observables = Observables.from_obj(observables_obj) logger.debug(str(observables)) stix_package = STIXPackage() stix_header = STIXHeader() stix_header.description = request.DATA.get('description') stix_header.title = request.DATA.get('title') stix_package.stix_header = stix_header stix_package.add_observable(observables) content_binding = ContentBindingId.objects.get(id=1) cb = ContentBlock(title=request.DATA.get('title'), description=request.DATA.get('description') ,content_binding=content_binding, content=stix_package.to_xml()) cb.save() df = DataFeed.objects.get(name='default') df.content_blocks.add(cb) return Response(status=status.HTTP_201_CREATED)
def generate_oval(self): #Basic input file checking if os.path.isfile(self.infilename): #Parse the cybox file observables = cybox.parse(self.infilename) try: sys.stdout.write('Generating ' + self.outfilename + ' from ' + self.infilename + '...') print normal_observables = [] obscomp_observables = [] #Parse the observables and create their corresponding OVAL #Two bins: one for observables with observable compositions, and one for those without #This is to ensure that we account for referenced observables correctly for observable in observables.Observable: if not observable.Observable_Composition: normal_observables.append(observable) elif observable.Observable_Composition: obscomp_observables.append(observable) self.process_observables(obscomp_observables, normal_observables) #Build up the OVAL document from the parsed data and corresponding objects self.__build_oval_document() #Export to the output file outfile = open(self.outfilename, 'w') self.ovaldefroot.export(outfile, 0, namespacedef_='xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows http://oval.mitre.org/language/version5.7/ovaldefinition/complete/windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 http://oval.mitre.org/language/version5.7/ovaldefinition/complete/oval-common-schema.xsd"') sys.stdout.write('Done') if self.verbose_mode: for observable in self.skipped_observables: print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes' except Exception, err: print('\nError: %s\n' % str(err)) if self.verbose_mode: traceback.print_exc() for observable in self.skipped_observables: print 'Observable ' + observable + ' skipped; incompatible object type or missing object attributes'
def from_file(filename): cybox_obj = core_binding.parse(os.path.abspath(filename)) return Observables.from_obj(cybox_obj)
def parse(filepath): xml = open(filepath,"r") par = cybox_core_binding.parse(xml) obs = Observables.from_obj(par) return obs