Python Indicator.idref Examples

Programming Language: Python

Namespace/Package Name: stix.indicator

Class/Type: Indicator

Method/Function: idref

Examples at hotexamples.com: 1

Python Indicator.idref - 1 examples found. These are the top rated real world Python examples of stix.indicator.Indicator.idref extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

Indicator(30)

set_produced_time(30)

add_indicator_type(30)

add_observable(30)

title(30)

description(30)

set_producer_identity(26)

confidence(23)

add_object(22)

observables(11)

observable_composition_operator(11)

id_(10)

set_received_time(10)

observable(9)

from_dict(8)

producer(7)

short_description(6)

test_mechanisms(6)

timestamp(6)

add_valid_time_position(5)

add_indicated_ttp(4)

from_obj(3)

to_dict(3)

add_related_campaign(3)

composite_indicator_expression(2)

add_description(2)

add_kill_chain_phase(2)

indicator_types(2)

likely_impact(2)

kill_chain_phases(2)

alternative_id(2)

add_related_indicator(2)

add_short_description(2)

type(1)

to_xml(1)

idref(1)

short_descriptions(1)

related_indicators(1)

indicator_type(1)

add_alternative_id(1)

id(1)

descriptions(1)

decode(1)

valid_time_positions(1)

Example #1

Show file

def genObject_Indicator(data):
    from stix.indicator import Indicator

    try:

        sTitle = "phishTank.com id:" + data[
            'phish_id'] + " with malicious URL:" + data['url']
        sTitle = sTitle[:70] + "..."
    except:
        sTitle = "phishTank.com id:" + data[
            'phish_id'] + " with malicious URL:--[URL Not Displayed - Due to encoding issue]--"

    # try:
    #     sDscrpt = "This URL:[" + escape(unicode(srcDict[item]['url'])) + "] was identified by phishtank.com as part of a phishing email"
    # except:
    #     sDscrpt = "This URL:--[URL Not Displayed - Due to encoding issue]--  was identified by phishtank.com as part of a phishing email"
    sDscrpt = "This URL:[" + escape(
        data['url']
    ) + "] was identified by phishtank.com as part of a phishing email"

    if data['target'] and not data['target'] == 'Other':
        sDscrpt += " which appears to be targeting " + data['target']
    else:
        sDscrpt += "."
    if data['online'] == 'yes':
        sDscrpt += " This URL appears to still be online as of " + data[
            'verification_time']
    elif data['online'] == 'no':
        sDscrpt += " This URL appears to offline as of " + data[
            'verification_time']
    sDscrpt += ". More detailed infomation can be found at " + data[
        'phish_detail_url']

    objIndicator = Indicator()
    objIndicator.idref = None

    objIndicator.title = sTitle
    objIndicator.description = "<![CDATA[" + sDscrpt + "]]>"
    objIndicator.short_description = "<![CDATA[" + sTitle + "]]>"
    if data['verified'] == 'yes':
        objIndicator.confidence = 'High'
    else:
        objIndicator.confidence = 'Low'

    objIndicator.test_mechanisms = None
    objIndicator.alternative_id = None
    objIndicator.composite_indicator_expression = None
    objIndicator.valid_time_positions = None
    objIndicator.related_indicators = None

    # objIndicator.suggested_coas = SuggestedCOAs()
    # objIndicator.kill_chain_phases = KillChainPhasesReference()
    # objIndicator.likely_impact = None

    ### Used/Defined Outside this funtion
    # objIndicator.indicator_types = ["URL Watchlist"]
    # objIndicator.observable_composition_operator = "OR"
    # objIndicator.producer = None
    # objIndicator.observables = obsList
    # objIndicator.handling = objMarking
    # objIndicator.sightings = None
    # objIndicator.set_received_time

    return (objIndicator)