def get_last_sync(self, src, dest, direction=None,):
doc = self.collection.find_one({'src': src,
'dest': dest,
'direction': direction})
if doc and 'timestamp' in doc.keys():
return(doc['timestamp'].replace(tzinfo=pytz.utc))
else:
return(util.epoch_start().replace(tzinfo=pytz.utc))
def get_last_sync(
self,
src,
dest,
direction=None,
):
doc = self.collection.find_one({
'src': src,
'dest': dest,
'direction': direction
})
if doc and 'timestamp' in doc.keys():
return (doc['timestamp'].replace(tzinfo=pytz.utc))
else:
return (util.epoch_start().replace(tzinfo=pytz.utc))
def taxii_poll(config, src, dest, timestamp=None):
"""pull stix from edge via taxii"""
client = tc.HttpClient()
client.setUseHttps(config["edge"]["sites"][src]["taxii"]["ssl"])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{
"username": config["edge"]["sites"][src]["taxii"]["user"],
"password": config["edge"]["sites"][src]["taxii"]["pass"],
}
)
if not timestamp:
earliest = util.epoch_start()
else:
earliest = timestamp
latest = util.nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=config["edge"]["sites"][src]["taxii"]["collection"],
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11],
)
http_response = client.callTaxiiService2(
config["edge"]["sites"][src]["host"],
config["edge"]["sites"][src]["taxii"]["path"],
t.VID_TAXII_XML_10,
poll_request.to_xml(),
port=config["edge"]["sites"][src]["taxii"]["port"],
)
taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
config["logger"].error(log.log_messages["polling_error"].format(type_="taxii", error=taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
incidents = dict()
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(incidents_, indicators_, observables_) = process_taxii_content_blocks(config, content_block)
incidents.update(incidents_)
indicators.update(indicators_)
observables.update(observables_)
return (latest, incidents, indicators, observables)
def taxii_poll(host=None, port=None, endpoint=None, collection=None, user=None, passwd=None, use_ssl=None, attempt_validation=None):
'''poll cti via taxii'''
client = tc.HttpClient()
client.setUseHttps(use_ssl)
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username': user,
'password': passwd})
earliest = epoch_start()
latest = nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=collection,
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
host, endpoint,
t.VID_TAXII_XML_10, poll_request.to_xml(),
port=port)
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
print('''TAXII connection error! Exiting...
%s''' % (taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
cooked_stix_objs = {'campaigns': set(), 'courses_of_action': set(), \
'exploit_targets': set(), 'incidents': set(), \
'indicators': set(), 'threat_actors': set(), \
'ttps': set()}
cooked_cybox_objs = dict()
for content_block in taxii_message.content_blocks:
stix_package = taxii_content_block_to_stix(content_block)
(raw_stix_objs, raw_cybox_objs) = \
process_stix_pkg(stix_package)
for k in raw_stix_objs.keys():
cooked_stix_objs[k].update(raw_stix_objs[k])
for k in raw_cybox_objs.keys():
if not k in cooked_cybox_objs.keys():
cooked_cybox_objs[k] = set()
cooked_cybox_objs[k].update(raw_cybox_objs[k])
return(cooked_stix_objs, cooked_cybox_objs)
def taxii_poll(config, src, dest, timestamp=None):
'''pull stix from edge via taxii'''
client = tc.HttpClient()
client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl'])
client.setAuthType(client.AUTH_BASIC)
client.setAuthCredentials(
{'username': config['edge']['sites'][src]['taxii']['user'],
'password': config['edge']['sites'][src]['taxii']['pass']})
if not timestamp:
earliest = util.epoch_start()
else:
earliest = timestamp
latest = util.nowutc()
poll_request = tm10.PollRequest(
message_id=tm10.generate_message_id(),
feed_name=config['edge']['sites'][src]['taxii']['collection'],
exclusive_begin_timestamp_label=earliest,
inclusive_end_timestamp_label=latest,
content_bindings=[t.CB_STIX_XML_11])
http_response = client.callTaxiiService2(
config['edge']['sites'][src]['host'],
config['edge']['sites'][src]['taxii']['path'],
t.VID_TAXII_XML_10, poll_request.to_xml(),
port=config['edge']['sites'][src]['taxii']['port'])
taxii_message = t.get_message_from_http_response(http_response,
poll_request.message_id)
if isinstance(taxii_message, tm10.StatusMessage):
config['logger'].error(log.log_messages['polling_error'].format(
type_='taxii', error=taxii_message.message))
elif isinstance(taxii_message, tm10.PollResponse):
incidents = dict()
indicators = dict()
observables = dict()
for content_block in taxii_message.content_blocks:
(incidents_, indicators_, observables_) = \
process_taxii_content_blocks(config, content_block)
incidents.update(incidents_)
indicators.update(indicators_)
observables.update(observables_)
return(latest, incidents, indicators, observables)