def get_preattack_objects():
server = Server('https://cti-taxii.mitre.org/taxii')
api_root = server.api_roots[0]
collection = api_root.collections[1]
objects = collection.get_objects()
return prepare_response({'data': objects["objects"]})
def server_connect(discovery, username, password):
try:
server = Server(discovery, user=username, password=password)
return server
except exceptions.ConnectionError:
logging.info(exceptions.ConnectionError())
return None
def get_objects():
server = Server('https://limo.anomali.com/api/v1/taxii2/taxii/',
user='******',
password='******')
api_root = server.api_roots[0]
collection = api_root.collections[0]
objects = collection.get_objects()
return prepare_response({'data': objects["objects"]})
def server(self):
"""
Returns a copy of the Mitre server object.
"""
if self._server:
return self._server
self._server = Server(self.DEFAULT_SERVER)
self._api_root = self._server.api_roots[0]
return self._server
def table_view(request):
server = Server('https://limo.anomali.com/api/v1/taxii2/taxii/',
user='******',
password='******')
api_root = server.api_roots[0]
collection = api_root.collections[0]
objects = collection.get_objects()
return render(request, 'table-basic.html', {'data': objects["objects"]})
def dashboard_view(request):
server = Server("https://cti-taxii.mitre.org/taxii")
api_root = server.api_roots[0]
collection = api_root.collections[0]
collection.get_objects()
# Print name and ID of all ATT&CK domains available as collections
# for collection in api_root.collections:
# print(collection.title + ": " + collection.id)
return render(request, 'dashindex.html', {})
def connect_server(self, url=None):
"""
Allow user to specify what url to use
:param url:
:return:
"""
server_url = MITRE_TAXII_URL if url is None else url
self.attack_server = Server(server_url, proxies=self.proxies)
api_root = self.attack_server.api_roots[0]
# CompositeSource to query all the collections at once
c_sources = [
TAXIICollectionSource(collection)
for collection in api_root.collections
]
self.composite_ds = CompositeDataSource()
self.composite_ds.add_data_sources(c_sources)
def __init__(self, api_key, verify):
"""Implements class for Unit 42 feed.
Args:
api_key: unit42 API Key.
verify: boolean, if *false* feed HTTPS server certificate is verified. Default: *false*
"""
super().__init__(base_url='https://stix2.unit42.org/taxii',
verify=verify,
proxy=argToBoolean(demisto.params().get('proxy')
or 'false'))
self._api_key = api_key
self._proxies = handle_proxy()
self.objects_data = {}
self.server = Server(url=self._base_url,
auth=TokenAuth(key=self._api_key),
verify=self._verify,
proxies=self._proxies)
def get_taxii_collection_source(cls):
# あらかじめ ATT&CK の TAXIICOllectionSourceを取得する
try:
proxies = System.get_request_proxies()
attck_txs = Server("%s/taxii/" % (cls.ATT_CK_TAXII_SERVER),
proxies=proxies)
print('>>> attck_txs: ' + str(attck_txs))
api_root = attck_txs.api_roots[0]
for collection in api_root.collections:
if collection.title == cls.COLLCETION_TITLE:
collection = Collection(
"%s/stix/collections/%s/" %
(cls.ATT_CK_TAXII_SERVER, collection.id),
proxies=proxies)
return TAXIICollectionSource(collection)
return None
except Exception:
import traceback
traceback.print_exc()
return None
def fetch_stix_objects_from_api(self, test: bool = False, **kwargs):
"""Retrieves all entries from the feed.
Args:
test: Whether it was called during clicking the test button or not - designed to save time.
"""
data = []
server = Server(url=self._base_url, auth=TokenAuth(key=self._api_key), verify=self._verify,
proxies=self._proxies)
for api_root in server.api_roots:
for collection in api_root.collections:
for bundle in as_pages(collection.get_objects, per_request=100, **kwargs):
data.extend(bundle.get('objects'))
if test:
return data
self.objects_data[kwargs.get('type')] = data
def poll_all_roots(self, coll_title):
"""
Polls all API roots for the specified collections
Args:
coll_title (str): The Name of a Collection
"""
server = Server(self.discovery_url,
user=self.username,
password=self.password)
for root in server.api_roots:
if coll_title == "*":
self.poll_entire_root(root.title)
else:
try:
self.poll(root.title, coll_title)
except TAXIIServiceException as err:
msg = (f"Error trying to poll Collection {coll_title} "
f"in API Root {root.title}. Skipping")
self.helper.log_error(msg)
self.helper.log_error(err)
def get_collection_src():
"""
Get collection src from collections objects provided by TAXII_SERVER
:return: collection source object
"""
global CS
server = Server(TAXII_SERVER)
collections = [
c for c in server.api_roots[0].collections
if c._title not in EXCLUDE_COLLECTIONS
]
if CS.get_all_data_sources():
print("Reusing collections")
return CS
else:
print("Creating new collections")
for collection in collections:
print("Adding collection %s %s" %
(collection._title, collection.id))
CS.add_data_source(TAXIICollectionSource(collection))
return CS
def get_stix_objects(self, test: bool = False) -> list:
"""Retrieves all entries from the feed.
Args:
test: Whether it was called during clicking the test button or not - designed to save time.
Returns:
A list of stix objects, containing the indicators.
"""
data = []
server = Server(url=self._base_url,
auth=TokenAuth(key=self._api_key),
verify=self._verify,
proxies=self._proxies)
for api_root in server.api_roots:
for collection in api_root.collections:
for bundle in as_pages(collection.get_objects,
per_request=100):
data.extend(bundle.get('objects'))
if test:
break
return data
def __init__(self, source='taxii', local=None):
"""
Initialization - Creates a matrix generator object
:param server: Source to utilize (taxii or local)
:param local: string path to local cache of stix data
"""
self.convert_data = {}
if source.lower() not in ['taxii', 'local']:
print(
'[MatrixGen] - Unable to generate matrix, source {} is not one of "taxii" or "local"'
.format(source))
raise ValueError
if source.lower() == 'taxii':
self.server = Server('https://cti-taxii.mitre.org/taxii')
self.api_root = self.server.api_roots[0]
self.collections = dict()
for collection in self.api_root.collections:
if collection.title != "PRE-ATT&CK":
tc = Collection(
'https://cti-taxii.mitre.org/stix/collections/' +
collection.id)
self.collections[collection.title.split(' ')
[0].lower()] = TAXIICollectionSource(tc)
elif source.lower() == 'local':
if local is not None:
hd = MemoryStore()
if 'mobile' in local.lower():
self.collections['mobile'] = hd.load_from_file(local)
else:
self.collections['enterprise'] = hd.load_from_file(local)
else:
print(
'[MatrixGen] - "local" source specified, but path to local source not provided'
)
raise ValueError
self.matrix = {}
self._build_matrix()
def get_server(self):
server_url = urljoin(self.base_url, '/taxii/')
self.server = Server(server_url, verify=self.verify, proxies=self.proxies)
from taxii2client.v20 import Server
from taxii2client.v20 import Collection
import json
server = Server("https://cti-taxii.mitre.org/taxii/")
api_root = server.api_roots[0]
collection = api_root.collections[0]
print(json.dumps(collection.get_objects()))
from taxii2client.v20 import Server
server = Server('https://limo.anomali.com/api/v1/taxii2/taxii/',
user='******',
password='******')
api_root = server.api_roots[0]
collection = api_root.collections[0]
objects = collection.get_objects()
def __init__(self, source='taxii', resource=None):
"""
Initialization - Creates a matrix generator object
:param source: Source to utilize (taxii, remote, or local)
:param resource: string path to local cache of stix data (local) or url of an ATT&CK Workbench (remote)
"""
self.convert_data = {}
self.collections = dict()
if source.lower() not in ['taxii', 'local', 'remote']:
print(
'[MatrixGen] - Unable to generate matrix, source {} is not one of "taxii", "remote" or '
'"local"'.format(source))
raise ValueError
if source.lower() == 'taxii':
self.server = Server('https://cti-taxii.mitre.org/taxii')
self.api_root = self.server.api_roots[0]
for collection in self.api_root.collections:
if collection.title != "PRE-ATT&CK":
tc = Collection(
'https://cti-taxii.mitre.org/stix/collections/' +
collection.id)
self.collections[collection.title.split(' ')
[0].lower()] = TAXIICollectionSource(tc)
elif source.lower() == 'local':
if resource is not None:
hd = MemoryStore()
hd.load_from_file(resource)
if 'mobile' in resource.lower():
self.collections['mobile'] = hd
else:
self.collections['enterprise'] = hd
else:
print(
'[MatrixGen] - "local" source specified, but path to local source not provided'
)
raise ValueError
elif source.lower() == 'remote':
if resource is not None:
if ':' not in resource[6:]:
print(
'[MatrixGen] - "remote" source missing port; assuming ":3000"'
)
resource += ":3000"
if not resource.startswith('http'):
resource = 'http://' + resource
for dataset in ['enterprise', 'mobile']:
hd = MemoryStore()
response = requests.get(
f"{resource}/api/stix-bundles?domain={dataset}-"
f"attack&includeRevoked=true&includeDeprecated=true")
response.raise_for_status(
) # ensure we notice bad responses
_add(hd, json.loads(response.text), True, None)
self.collections[dataset] = hd
else:
print(
f'[MatrixGen] - WARNING: "remote" selected without providing a "resource" url. The use of '
f'"remote" requires the inclusion of a "resource" url to an ATT&CK Workbench instance. No matrix '
f'will be generated...')
self.matrix = {}
self._build_matrix()
def server():
"""Default server object for example.com"""
return Server(DISCOVERY_URL, user="******", password="******")
from taxii2client.v20 import Server
server = Server('http://hailataxii.com/taxii-discovery-service',
user='******',
password='******')
print(server.title)
# api_root = server.api_roots[0]
# for collection in api_root.collections[]
# print(collection.title)
# print(collection.description)
# # print(collection.can_read)