new_uuid = str(uuid.uuid1())
return stix_type + "--" + new_uuid
@CustomObservable(
"x-opencti-simple-observable",
[
("key", properties.StringProperty(required=True)),
("value", properties.StringProperty(required=True)),
("description", properties.StringProperty()),
(
"created_by_ref",
properties.ReferenceProperty(valid_types="identity",
spec_version="2.1"),
),
("x_opencti_score", properties.IntegerProperty()),
("x_opencti_create_indicator", properties.BooleanProperty()),
("labels", properties.ListProperty(properties.StringProperty)),
("external_references", properties.ListProperty(ExternalReference)),
(
"object_marking_refs",
properties.ListProperty(
properties.ReferenceProperty(valid_types="marking-definition",
spec_version="2.1")),
),
],
)
class SimpleObservable:
pass
"""
Copyright 2019 Pacific Gas and Electric Company
ALL RIGHTS RESERVED
"""
import logging
import os
import sys
from typing import List, Union
from stix2 import NetworkTraffic, properties, CustomExtension
@CustomExtension(
NetworkTraffic, 'x-dnp3-header',
[('addr', properties.IntegerProperty()),
('al_2bit', properties.IntegerProperty()),
('al_aiq_b0', properties.BooleanProperty()),
('al_aiq_b1', properties.BooleanProperty()),
('al_aiq_b2', properties.BooleanProperty()),
('al_aiq_b3', properties.BooleanProperty()),
('al_aiq_b4', properties.BooleanProperty()),
('al_aiq_b5', properties.BooleanProperty()),
('al_aiq_b6', properties.BooleanProperty()),
('al_aiq_b7', properties.BooleanProperty()),
('al_ana', properties.IntegerProperty()),
('al_ana_double', properties.FloatProperty()),
('al_ana_float', properties.FloatProperty()),
('al_ana_int', properties.IntegerProperty()),
('al_anaout', properties.IntegerProperty()),
('al_anaout_double', properties.FloatProperty()),
'cip_path_segment': '0x00000091',
'cip_path_segment_type': '4',
'cip_data_segment_type': '17',
'cip_symbol': 'HMI_XYO_Bkr_ML3',
'level': 2
}
"""
plc_hmi = "ip.addr==192.168.1.150 && ip.addr==192.168.1.151"
attacker_plc = "ip.addr==192.168.1.151 && ip.addr==192.168.1.200"
@CustomExtension(NetworkTraffic, 'x-enip-header',
[('command', properties.IntegerProperty(required=True)),
('length', properties.IntegerProperty(required=True)),
('session', properties.IntegerProperty(required=True)),
('status', properties.IntegerProperty(required=True)),
('context', properties.HexProperty(required=True)),
('options', properties.IntegerProperty(required=True)),
('rs_version', properties.IntegerProperty()),
('rs_flags', properties.IntegerProperty()),
('level', properties.IntegerProperty()),
('srrd_iface', properties.IntegerProperty()),
('timeout', properties.IntegerProperty()),
('cpf_itemcount', properties.IntegerProperty()),
('cpf.:ype_id', properties.IntegerProperty()),
('cpf_length', properties.IntegerProperty()),
('cpf_typeid', properties.IntegerProperty()),
('cpf_cai_connid', properties.IntegerProperty()),