Example #1
0
def main(options):
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s %(levelname)s: %(message)s  [%(filename)s:%(funcName)s]')
    if not options.verbose:
        logging.disable(logging.DEBUG)

    output_file = os.path.abspath(options.output)
    if output_file:
        if os.path.isdir(output_file):
            log.error('cannot specify a directory as the output location')
            sys.exit(1)
        elif not os.path.isfile(output_file):
            utils.safe_makedirs(os.path.split(output_file)[0])
    else:
        output_file = os.path.join(os.getcwd(), 'iocs.yara')
        log.info('Output not specified. Writing output to [{}]'.format(output_file))

    iocm = YaraIOCManager()
    iocm.insert(options.iocs)
    if len(iocm) < 0:
        log.error('No IOCs inserted into ioc_manager')
        sys.exit(1)
    iocm.emit_yara()
    iocm.write_yara(output_file)

    sys.exit(0)
Example #2
0
    def write_pruned_iocs(self, directory=None, pruned_source=None):
        """
        Writes IOCs to a directory that have been pruned of some or all IOCs.

        :param directory: Directory to write IOCs to.  If not provided, the current working directory is used.
        :param pruned_source: Iterable containing a set of iocids.  Defaults to self.iocs_10.
        :return:
        """
        """
        write_pruned_iocs to a directory

        if directory is None, write the iocs to the current working directory
        """
        if pruned_source is None:
            pruned_source = self.pruned_11_iocs
        if len(pruned_source) < 1:
            log.error('no iocs available to write out')
            return False
        if not directory:
            directory = os.getcwd()
        if os.path.isfile(directory):
            log.error('cannot writes iocs to a directory')
            return False
        utils.safe_makedirs(directory)
        output_dir = os.path.abspath(directory)
        # serialize the iocs
        for iocid in pruned_source:
            ioc_obj = self.iocs_10[iocid]
            ioc_obj.write_ioc_to_file(output_dir=output_dir, force=True)
        return True
Example #3
0
    def write_iocs(self, directory=None, source=None):
        """

        :param directory: Directory to write IOCs to.  If not provided, the current working directory is used.
        :param source:  Dictionary contianing iocid -> IOC mapping.  Defaults to self.iocs_11.
        :return:
        """
        """
        write iocs from self.iocxml to a directory

        if directory is None, write the iocs to the current working directory
        source: allows specifying a different dictionry of elmentTree ioc objects
        """
        if not source:
            source = self.iocs_11
        if len(source) < 1:
            log.error('no iocs available to write out')
            return False
        if not directory:
            directory = os.getcwd()
        if os.path.isfile(directory):
            log.error('cannot writes iocs to a directory')
            return False
        output_dir = os.path.abspath(directory)
        utils.safe_makedirs(output_dir)
        log.info('Writing IOCs to %s' % (str(output_dir)))
        # serialize the iocs
        for iocid in source:
            ioc_obj = source[iocid]
            ioc_obj.write_ioc_to_file(output_dir=output_dir, force=True)
        return True
Example #4
0
def main(options):
    logging.basicConfig(
        level=logging.DEBUG,
        format=
        '%(asctime)s %(levelname)s: %(message)s  [%(filename)s:%(funcName)s]')
    if not options.verbose:
        logging.disable(logging.DEBUG)

    output_file = os.path.abspath(options.output)
    if output_file:
        if os.path.isdir(output_file):
            log.error('cannot specify a directory as the output location')
            sys.exit(1)
        elif not os.path.isfile(output_file):
            utils.safe_makedirs(os.path.split(output_file)[0])
    else:
        output_file = os.path.join(os.getcwd(), 'iocs.yara')
        log.info(
            'Output not specified. Writing output to [{}]'.format(output_file))

    iocm = YaraIOCManager()
    iocm.insert(options.iocs)
    if len(iocm) < 0:
        log.error('No IOCs inserted into ioc_manager')
        sys.exit(1)
    iocm.emit_yara()
    iocm.write_yara(output_file)

    sys.exit(0)
Example #5
0
    def write_pruned_iocs(self, directory=None, pruned_source=None):
        """
        Writes IOCs to a directory that have been pruned of some or all IOCs.

        :param directory: Directory to write IOCs to.  If not provided, the current working directory is used.
        :param pruned_source: Iterable containing a set of iocids.  Defaults to self.iocs_10.
        :return:
        """
        """
        write_pruned_iocs to a directory

        if directory is None, write the iocs to the current working directory
        """
        if pruned_source is None:
            pruned_source = self.pruned_11_iocs
        if len(pruned_source) < 1:
            log.error('no iocs available to write out')
            return False
        if not directory:
            directory = os.getcwd()
        if os.path.isfile(directory):
            log.error('cannot writes iocs to a directory')
            return False
        utils.safe_makedirs(directory)
        output_dir = os.path.abspath(directory)
        # serialize the iocs
        for iocid in pruned_source:
            ioc_obj = self.iocs_10[iocid]
            ioc_obj.write_ioc_to_file(output_dir=output_dir, force=True)
        return True
Example #6
0
    def write_iocs(self, directory=None, source=None):
        """
        Serializes IOCs to a directory.

        :param directory: Directory to write IOCs to.  If not provided, the current working directory is used.
        :param source: Dictionary contianing iocid -> IOC mapping.  Defaults to self.iocs_10. This is not normally modifed by a user for this class.
        :return:
        """
        """


        if directory is None, write the iocs to the current working directory
        source: allows specifying a different dictionry of elmentTree ioc objects
        """
        if not source:
            source = self.iocs_10
        if len(source) < 1:
            log.error('no iocs available to write out')
            return False
        if not directory:
            directory = os.getcwd()
        if os.path.isfile(directory):
            log.error('cannot writes iocs to a directory')
            return False
        source_iocs = set(source.keys())
        source_iocs = source_iocs.difference(self.pruned_11_iocs)
        source_iocs = source_iocs.difference(self.null_pruned_iocs)
        if not source_iocs:
            log.error(
                'no iocs available to write out after removing pruned/null iocs'
            )
            return False
        utils.safe_makedirs(directory)
        output_dir = os.path.abspath(directory)
        log.info('Writing IOCs to %s' % (str(output_dir)))
        # serialize the iocs
        for iocid in source_iocs:
            ioc_obj = source[iocid]
            ioc_obj.write_ioc_to_file(output_dir=output_dir, force=True)
        return True
Example #7
0
    def write_iocs(self, directory=None, source=None):
        """
        Serializes IOCs to a directory.

        :param directory: Directory to write IOCs to.  If not provided, the current working directory is used.
        :param source: Dictionary contianing iocid -> IOC mapping.  Defaults to self.iocs_10. This is not normally modifed by a user for this class.
        :return:
        """
        """


        if directory is None, write the iocs to the current working directory
        source: allows specifying a different dictionry of elmentTree ioc objects
        """
        if not source:
            source = self.iocs_10
        if len(source) < 1:
            log.error('no iocs available to write out')
            return False
        if not directory:
            directory = os.getcwd()
        if os.path.isfile(directory):
            log.error('cannot writes iocs to a directory')
            return False
        source_iocs = set(source.keys())
        source_iocs = source_iocs.difference(self.pruned_11_iocs)
        source_iocs = source_iocs.difference(self.null_pruned_iocs)
        if not source_iocs:
            log.error('no iocs available to write out after removing pruned/null iocs')
            return False
        utils.safe_makedirs(directory)
        output_dir = os.path.abspath(directory)
        log.info('Writing IOCs to %s' % (str(output_dir)))
        # serialize the iocs
        for iocid in source_iocs:
            ioc_obj = source[iocid]
            ioc_obj.write_ioc_to_file(output_dir=output_dir, force=True)
        return True