Python Indicator.add_short_description Exemples

Exemple #1

    def generate_indicators(self, count):
        '''Generate a list of STIX Indicators'''
        indicators = []
        for i in range(0, count):
            indicator = Indicator(title='Multiple indicator types')
            indicator.set_producer_identity(Identity(name='Secret Source'))
            indicator.set_produced_time(datetime.today())
            indicator.add_indicator_type(choice(['Malware Artifacts', 'C2', 'Exfiltration']))
            indicator.add_short_description('Short description...')
            indicator.add_description('Long description...')
            indicator.confidence = Confidence(choice(['High', 'Medium', 'Low', 'None', 'Unknown']))
            kill_chain_phase = choice(LMCO_KILL_CHAIN_PHASES)
            indicator.kill_chain_phases = KillChainPhasesReference(
                [KillChainPhaseReference(name=kill_chain_phase.name)])
            ips = self.gen_ips(randint(0, 5))
            for ip in ips:
                indicator.add_observable(ip)

            # user_agents = self.gen_user_agents(randint(0, 5))
            # for ua in user_agents:
            #     indicator.add_observable(ua)

            # fqnds = self.gen_fqdns(randint(0, 5))
            # for f in fqnds:
            #     indicator.add_observable(f)

            # urls = self.gen_urls(randint(0, 5))
            # for u in urls:
            #     indicator.add_observable(u)

            indicators.append(indicator)

        return indicators

Exemple #2

c.close()
response = buffer.getvalue().decode("utf-8")
response = response.strip('OK:')
response = response.strip('\r\n')
stxf = File()
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = "Malicious File Hash Indicator"
stix_package.stix_header = stix_header
indicator = Indicator()
indicator.title = "File Observable"
indicator.description = (
    "An indicator containing a File observable with an associated hash")

root = ElementTree.fromstring(response)
for child in root:
    for child2 in child:
        for child3 in child2:
            for filenames in child3.iter('fileJoined.filename'):
                indicator.add_short_description(filenames.text)
            for hashes in child3.iter('fileJoined.md5'):
                stxf.add_hash(hashes.text)

indicator.set_producer_identity("McAfee LLC.")
indicator.set_produced_time(utils.dates.now())
indicator.add_object(stxf)
stix_package.add(indicator)
stxout = open(stixfilename, "wb")
stxout.write(stix_package.to_xml())
stxout.close()