def create_maec(inputfile, outpath, verbose_error_mode): stat_actions = 0 if os.path.isfile(inputfile): #Create the main parser object parser = teparser.parser() try: open_file = parser.open_file(inputfile) if not open_file: print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.') return #Parse the file to get the actions and processes parser.parse_document() #Create the MAEC Package package = Package() #Add the analysis for subject in parser.maec_subjects: package.add_malware_subject(subject) #Finally, Export the results package.to_xml_file(outpath, {"https://github.com/MAECProject/threatexpert-to-maec":"ThreatExpertToMAEC"}) print "Wrote to " + outpath except Exception, err: print('\nError: %s\n' % str(err)) if verbose_error_mode: traceback.print_exc()
def generate_package_from_report_filepath(input_path, options=None): """Take a file path to a ThreatExpert report and return a MAEC package object.""" parser = teparser.parser() open_file = parser.open_file(input_path) if not open_file: print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.') return return generate_package_from_parser(parser, options, False)
def create_maec(inputfile, outputfile, verbose_error_mode, stat_mode): stat_actions = 0 if os.path.isfile(inputfile): #Create the main parser object parser = teparser.parser() try: open_file = parser.open_file(inputfile) if not open_file: print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.') return #Parse the file to get the actions and processes parser.parse_document() #Create the MAEC bundle bundle = maec_helper.maec_bundle(parser.generator, 2.1) #Add the analysis for analysis in parser.maec_analyses: bundle.add_analysis(analysis) #Add all applicable actions to the bundle for key, value in parser.actions.items(): for action in value: bundle.add_action(action, key) stat_actions += 1 bundle.build_maec_bundle() #Finally, Export the results bundle.export(outputfile) if stat_mode: print '\n---- Statistics ----' print str(stat_actions) + ' actions converted' #print str(converter.stat_behaviors) + ' behaviors extracted' except Exception, err: print('\nError: %s\n' % str(err)) if verbose_error_mode: traceback.print_exc()
def generate_package_from_report_string(input_string, options=None, from_md5=False): """Take a ThreatExpert report as a string and return a MAEC package object.""" parser = teparser.parser() parser.use_input_string(input_string) return generate_package_from_parser(parser, options, from_md5)
def main(): verbose_error_mode = 0 stat_mode = 0 stat_actions = 0 stat_objects = 0 infilename = '' outfilename = '' #Get the command-line arguments args = sys.argv[1:] if len(args) < 4: usage() sys.exit(1) for i in range(0,len(args)): if args[i] == '-v': verbose_error_mode = 1 elif args[i] == '-i': infilename = args[i+1] elif args[i] == '-o': outfilename = args[i+1] elif args[i] == '-s': stat_mode = 1 #Basic input file checking if os.path.isfile(infilename): #Create the main parser object parser = teparser.parser() try: parser.open_file(infilename) #Parse the file to get the actions and processes print '\nParsing input file and generating MAEC objects...\n' parser.parse_document() #Create the MAEC bundle bundle = maec_types.maec_bundle(parser.generator, 1.1) #Add the analysis bundle.add_analysis(parser.maec_analysis) #Add all applicable actions to the bundle for key, value in parser.actions.items(): for action in value: bundle.add_action(action, key) stat_actions += 1 #Add all applicable objects to the bundle for key, value in parser.objects.items(): for object in value: bundle.add_object(object, key) stat_objects += 1 bundle.build_maec_bundle() ##Finally, Export the results bundle.export(outfilename) if stat_mode: print '\n---- Statistics ----' print str(stat_actions) + ' actions converted' print str(stat_objects) + ' objects generated' #print str(converter.stat_behaviors) + ' behaviors extracted' except Exception, err: print('\nError: %s\n' % str(err)) if verbose_error_mode: traceback.print_exc()
def main(): verbose_error_mode = 0 stat_mode = 0 stat_actions = 0 stat_objects = 0 infilename = '' outfilename = '' #Get the command-line arguments args = sys.argv[1:] if len(args) < 4: usage() sys.exit(1) for i in range(0, len(args)): if args[i] == '-v': verbose_error_mode = 1 elif args[i] == '-i': infilename = args[i + 1] elif args[i] == '-o': outfilename = args[i + 1] elif args[i] == '-s': stat_mode = 1 #Basic input file checking if os.path.isfile(infilename): #Create the main parser object parser = teparser.parser() try: parser.open_file(infilename) #Parse the file to get the actions and processes print '\nParsing input file and generating MAEC objects...\n' parser.parse_document() #Create the MAEC bundle bundle = maec_types.maec_bundle(parser.generator, 1.1) #Add the analysis bundle.add_analysis(parser.maec_analysis) #Add all applicable actions to the bundle for key, value in parser.actions.items(): for action in value: bundle.add_action(action, key) stat_actions += 1 #Add all applicable objects to the bundle for key, value in parser.objects.items(): for object in value: bundle.add_object(object, key) stat_objects += 1 bundle.build_maec_bundle() ##Finally, Export the results bundle.export(outfilename) if stat_mode: print '\n---- Statistics ----' print str(stat_actions) + ' actions converted' print str(stat_objects) + ' objects generated' #print str(converter.stat_behaviors) + ' behaviors extracted' except Exception, err: print('\nError: %s\n' % str(err)) if verbose_error_mode: traceback.print_exc()