class ObservableComposition(RestBase): def __init__(self): RestBase.__init__(self) self.properties = Properties('0') self.operator = 'OR' self.observables = list() def to_dict(self, complete=True, inflated=False, set_identifier=False): observables = list() for observable in self.observables: observables.append(observable.to_dict(complete, inflated)) observables_count = len(self.observables) return {'identifier': self.convert_value(self.identifier), 'operator': self.convert_value(self.operator), 'observables': observables, 'observables_count': observables_count, 'properties': self.properties.to_dict() } def populate(self, json): self.identifier = json.get('identifier', None) self.operator = json.get('operator', 'OR') self.properties.populate(json.get('properties', Properties('0'))) observables = json.get('observables', None) if observables: for observable in observables: obs = Observable() obs.populate(observable) self.observables.append(obs)
def __init__(self): ExtendedLogingInformations.__init__(self) self.definition_id = None self.definition = None self.value = None self.properties = Properties('0') self.report_id = None self.report = None
def __init__(self): ExtendedLogingInformations.__init__(self) self.properties = Properties('0') self.references = list() self.related_reports = list() self.title = None self.description = None self.short_description = None
def __init__(self): self.observables = list() self.title = None self.description = None self.short_description = None self.confidence = None self.type_ = list() self.operator = 'OR' self.properties = Properties('0')
def __init__(self): ExtendedLogingInformations.__init__(self) self.attributes = list() self.properties = Properties('0') self.definition_id = None self.definition = None self.related_objects = list() self.observable_id = None self.modifier = None
def __init__(self): ExtendedLogingInformations.__init__(self) self.definition_id = None self.definition = None self.is_ioc = None self.value = None self.condition = None self.properties = Properties('0') self.modifier = None self.object_id = None
def __init__(self): ExtendedLogingInformations.__init__(self) self.properties = Properties('0') self.object = None self.description = None self.observable_composition = list() self.related_observables = list() self.modifier = None self.event_id = None self.title = None self.version = None
def __init__(self): ExtendedLogingInformations.__init__(self) self.title = None self.description = None self.last_publish_date = None self.published = None self.modified_on = None self.first_seen = None self.last_seen = None self.observables = list() self.observables_count = None self.comments = list() self.groups = list() self.properties = Properties('0') self.reports = list() self.originating_group = None self.indicators = list()
class Indicator(ExtendedLogingInformations): def __init__(self): self.observables = list() self.title = None self.description = None self.short_description = None self.confidence = None self.type_ = list() self.operator = 'OR' self.properties = Properties('0') def to_dict(self, complete=True, inflated=False): type_ = None if self.type_: type_ = list() for item in self.type_: type_.append(item.to_dict(True)) if inflated: obs = list() for observable in self.observables: obs.append(observable.to_dict(complete, inflated)) len_obs = len(obs) return {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'description': self.convert_value(self.description), 'short_description': self.convert_value(self.short_description), 'confidence': self.convert_value(self.confidence), 'type': type_, 'operator': self.convert_value(self.operator), 'observables': obs, 'observables_count': len_obs, 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'properties': self.properties.to_dict() } else: return {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'description': self.convert_value(self.description), 'short_description': self.convert_value(self.short_description), 'confidence': self.convert_value(self.confidence), 'type': type_, 'operator': self.convert_value(self.operator), 'observables': None, 'observables_count': -1, 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'properties': self.properties.to_dict() } def populate(self, json): self.identifier = json.get('identifier', None) self.title = json.get('title', None) self.description = json.get('description', None) self.short_description = json.get('short_description', None) self.confidence = json.get('confidence', None) modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance originating_group = json.get('originating_group', None) if originating_group: cg_instance = Group() cg_instance.populate(originating_group) self.originating_group = cg_instance creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on) self.operator = json.get('operator', 'OR') self.properties.populate(json.get('properties', Properties('0'))) observables = json.get('observables', list()) if observables: for observable in observables: obs = Observable() obs.populate(observable) self.observables.append(obs)
class Reference(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.definition_id = None self.definition = None self.value = None self.properties = Properties('0') self.report_id = None self.report = None def to_dict(self, complete=True, inflated=False): if isinstance(self.value, ReferenceFile): value = self.value.to_dict() else: value = self.convert_value(self.value) creator = None if self.creator_group: creator = self.creator_group.to_dict(False, False) modifier = None if self.modifier: modifier = self.modifier.to_dict(False, False) return {'identifier': self.convert_value(self.identifier), 'definition_id': self.convert_value(self.definition_id), 'definition': self.definition.to_dict(complete, inflated), 'value': value, 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'creator_group': creator, 'modifier_group': modifier, 'properties': self.properties.to_dict() } def populate(self, json): definition_id = json.get('definition_id', None) if definition_id: self.definition_id = definition_id definition = json.get('definition', None) if definition: definitin_instance = ReferenceDefinition() definitin_instance.populate(definition) self.definition = definitin_instance if self.definition_id and self.definition: if self.definition.identifier and self.definition_id != self.definition.identifier: raise ValueException(u'Reference definitions cannot be updated') self.value = json.get('value', None) self.identifier = json.get('identifier', None) self.properties.populate(json.get('properties', None)) creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on)
class Report(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.properties = Properties('0') self.references = list() self.related_reports = list() self.title = None self.description = None self.short_description = None def to_dict(self, complete=True, inflated=False): references = list() related_reports = list() for reference in self.references: references.append(reference.to_dict(complete, inflated)) references_count = len(self.references) if inflated: for related_report in self.related_reports: related_reports.append(related_report.to_dict(complete, inflated)) related_count = len(self.related_reports) creator = None if self.creator_group: creator = self.creator_group.to_dict(False, False) modifier = None if self.modifier: modifier = self.modifier.to_dict(False, False) if complete: return {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'description': self.convert_value(self.description), 'short_description': self.convert_value(self.short_description), 'references': references, 'references_count': references_count, 'properties': self.properties.to_dict(), 'related_reports': related_reports, 'related_reports_count': related_count, 'creator_group': creator, 'modifier_group': modifier, } else: return {'identifier': self.identifier, 'title': self.title } def populate(self, json): self.title = json.get('title', None) self.description = json.get('description', None) self.properties.populate(json.get('properties', None)) self.short_description = json.get('short_description', None) self.identifier = json.get('identifier', None) self.properties.populate(json.get('properties', None)) creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on) references = json.get('references', None) if references: for reference in references: ref = Reference() ref.populate(reference) self.references.append(ref)
class Attribute(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.definition_id = None self.definition = None self.is_ioc = None self.value = None self.condition = None self.properties = Properties('0') self.modifier = None self.object_id = None def to_dict(self, complete=True, inflated=False): cond = self.condition if cond: cond = self.condition.to_dict(complete, inflated) else: cond = None return {'identifier': self.convert_value(self.identifier), 'definition_id': self.convert_value(self.definition_id), 'definition': self.definition.to_dict(complete, False), 'ioc': self.is_ioc, 'value': self.convert_value(self.value), 'condition': cond, 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'properties': self.properties.to_dict() } def populate(self, json): self.identifier = json.get('identifier', None) definition_id = json.get('definition_id', None) if definition_id: self.definition_id = definition_id definition = json.get('definition', None) if definition: definitin_instance = AttributeDefinition() definitin_instance.populate(definition) self.definition = definitin_instance if self.definition_id and self.definition: if self.definition.identifier and self.definition_id != self.definition.identifier: raise ValueException(u'Attribute definitions cannot be updated') if not (self.definition_id or self.definition): raise ValueException(u'Attribute definition or definition_id must be set') condition_id = json.get('condition_id', None) if not condition_id: condition = json.get('condition', None) if condition: condition_id = condition.get('identifier', None) if condition_id: self.condition_id = condition_id self.is_ioc = json.get('ioc', 0) self.value = json.get('value', None) self.properties.populate(json.get('properties', None)) creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on)
class Event(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.title = None self.description = None self.last_publish_date = None self.published = None self.modified_on = None self.first_seen = None self.last_seen = None self.observables = list() self.observables_count = None self.comments = list() self.groups = list() self.properties = Properties('0') self.reports = list() self.originating_group = None self.indicators = list() @property def status(self): """ returns the status :returns: String """ return Status.get_by_id(self.status_id) @status.setter def status(self, status_text): """ returns the status :returns: String """ self.status_id = Status.get_by_value(status_text) @property def risk(self): """ returns the status :returns: String """ return Risk.get_by_id(self.risk_id) @risk.setter def risk(self, risk_text): """ returns the status :returns: String """ self.risk_id = Risk.get_by_value(risk_text) @property def analysis(self): """ returns the status :returns: String """ return Analysis.get_by_id(self.analysis_id) @analysis.setter def analysis(self, text): """ returns the status :returns: String """ self.analysis_id = Analysis.get_by_value(text) @property def tlp(self): """ returns the tlp level :returns: String """ return TLP.get_by_id(self.tlp_level_id) @tlp.setter def tlp(self, text): """ returns the status :returns: String """ self.tlp_level_id = TLP.get_by_value(text) def to_dict(self, complete=True, inflated=False, owner=False): if inflated: observables = list() for observable in self.observables: observables.append(observable.to_dict(complete, inflated)) observables_count = len(observables) reports = list() for report in self.reports: reports.append(report.to_dict(complete, inflated)) reports_count = len(reports) indicators = list() for indicator in self.indicators: indicators.append(indicator.to_dict(complete, inflated)) indicators_length = len(indicators) else: indicators = None indicators_length = -1 observables = None # observables_count = self.observables_count_for_permissions(event_permissions) observables_count = -1 reports = None # reports_count = self.reports_count_for_permissions(event_permissions) reports_count = -1 if complete: comments = list() if owner: for comment in self.comments: comments.append(comment.to_dict()) groups = list() for group in self.groups: groups.append(group.to_dict(complete, False)) result = {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'description': self.convert_value(self.description), 'last_publish_date': self.convert_value(self.last_publish_date), 'risk': self.convert_value(self.risk), 'status': self.convert_value(self.status), 'tlp': self.convert_value(self.tlp), 'analysis': self.convert_value(self.analysis), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'created_at': self.convert_value(self.created_at), 'published': self.convert_value(self.properties.is_shareable), 'modified_on': self.convert_value(self.modified_on), 'originating_group': self.originating_group.to_dict(complete, False), # TODO: add first and last seen 'reports': reports, 'reports_count': reports_count, 'first_seen': self.convert_value(self.first_seen), 'last_seen': self.convert_value(self.last_seen), 'observables': observables, 'observables_count': observables_count, 'comments': comments, 'properties': self.properties.to_dict(), 'indicators': indicators, 'indicators_count': indicators_length, 'groups': groups } else: result = {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'created_at': self.convert_value(self.created_at), 'published': self.convert_value(self.properties.is_shareable), 'modified_on': self.convert_value(self.modified_on), 'originating_group': self.originating_group.to_dict(complete, False), # TODO: add first and last seen 'first_seen': self.convert_value(self.first_seen), 'last_seen': self.convert_value(self.last_seen), 'observables': observables, 'observables_count': observables_count, 'reports': reports, 'reports_count': reports_count, 'risk': self.convert_value(self.risk), 'status': self.convert_value(self.status), 'tlp': self.convert_value(self.tlp), 'analysis': self.convert_value(self.analysis), 'comments': None, 'indicators': indicators, 'indicators_count': 0, 'properties': self.properties.to_dict() } return result def populate(self, json): self.identifier = json.get('identifier', None) self.title = json.get('title', None) self.description = json.get('description', None) self.risk = json.get('risk', 'Undefined').title() self.status = json.get('status', 'Draft').title() self.tlp = json.get('tlp', 'Amber').title() self.analysis = json.get('analysis', 'Unknown').title() self.properties.populate(json.get('properties', Properties('0'))) published = json.get('published', False) if published: if published == '1' or published == 1: published = True elif published == '0' or published == 0: published = True self.properties.is_shareable = published observables = json.get('observables', list()) if observables: for observable in observables: obs = Observable() obs.populate(observable) self.observables.append(obs) indicators = json.get('indicators', list()) if indicators: for indicator in indicators: ind = Indicator() ind.populate(indicator) self.indicators.append(ind) modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance originating_group = json.get('originating_group', None) if originating_group: cg_instance = Group() cg_instance.populate(originating_group) self.originating_group = cg_instance creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on) first_seen = json.get('first_seen', None) if first_seen: self.first_seen = strings.stringToDateTime(first_seen) last_seen = json.get('last_seen', None) if last_seen: self.last_seen = strings.stringToDateTime(last_seen) reports = json.get('reports', None) if reports: for report in reports: report_instacne = Report() report_instacne.populate(report) self.reports.append(report_instacne) comments = json.get('comments', None) if comments: for comment in comments: comment_instacne = Comment() comment_instacne.populate(comment) self.comments.append(comment_instacne) permissions = json.get('groups', None) if permissions: for permission in permissions: event_permission = EventGroupPermission() event_permission.populate(permission)
class Observable(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.properties = Properties('0') self.object = None self.description = None self.observable_composition = list() self.related_observables = list() self.modifier = None self.event_id = None self.title = None self.version = None def to_dict(self, complete=True, inflated=False): obj = self.object if obj: obj = obj.to_dict(complete, inflated) composed = self.observable_composition if composed: composed = composed.to_dict(complete, inflated) related = list() related_count = len(related) if complete: result = {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'description': self.convert_value(self.description), 'object': obj, 'version': self.convert_value(self.version), 'observable_composition': composed, 'related_observables': related, 'related_observables_count': related_count, 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'properties': self.properties.to_dict() } else: result = {'identifier': self.convert_value(self.identifier), 'title': self.convert_value(self.title), 'object': obj, 'observable_composition': composed, 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'properties': self.properties.to_dict() } return result def populate(self, json): self.identifier = json.get('identifier', None) self.title = json.get('title', None) self.description = json.get('description', None) self.version = json.get('version', '') self.properties.populate(json.get('properties', Properties('0'))) obj = self.title = json.get('object', None) if obj: obj_instance = Object() obj_instance.populate(obj) self.object = obj_instance comp = self.title = json.get('observable_composition', None) if comp: comp_instance = ObservableComposition() comp_instance.populate(comp) self.observable_composition = comp_instance rel_obs = self.title = json.get('related_observables', None) if rel_obs: for rel_ob in rel_obs: obj_instance = RelatedObservable() obj_instance.populate(rel_ob) self.related_observables.append(obj_instance) modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on)
def __init__(self): RestBase.__init__(self) self.properties = Properties('0') self.operator = 'OR' self.observables = list()
class Object(ExtendedLogingInformations): def __init__(self): ExtendedLogingInformations.__init__(self) self.attributes = list() self.properties = Properties('0') self.definition_id = None self.definition = None self.related_objects = list() self.observable_id = None self.modifier = None def to_dict(self, complete=True, inflated=False): attributes = list() for attribute in self.attributes: attributes.append(attribute.to_dict(complete, inflated)) related = list() attributes_count = len(self.attributes) if inflated: for related_object in self.related_objects: related.append(related_object.to_dict(complete, inflated)) related_count = len(self.related_objects) return {'identifier': self.convert_value(self.identifier), 'definition_id': self.convert_value(self.definition_id), 'definition': self.definition.to_dict(complete, inflated), 'attributes': attributes, 'attributes_count': attributes_count, 'creator_group': self.creator_group.to_dict(False, False), 'modifier_group': self.modifier.to_dict(False, False), 'created_at': self.convert_value(self.created_at), 'modified_on': self.convert_value(self.modified_on), 'related_objects': related, 'related_objects_count': related_count, 'properties': self.properties.to_dict(), 'observable_id': self.convert_value(self.observable_id) } def populate(self, json): self.identifier = json.get('identifier', None) definition_id = json.get('definition_id', None) if definition_id: self.definition_id = definition_id definition = json.get('definition', None) if definition: definitin_instance = ObjectDefinition() definitin_instance.populate(definition) self.definition = definitin_instance if self.definition_id and self.definition: if self.definition.identifier and self.definition_id != self.definition.identifier: raise ValueException(u'Object definitions cannot be updated') if not (self.definition_id or self.definition): raise ValueException(u'Object definition or definition_id must be set') self.properties.populate(json.get('properties', Properties('0'))) creator_group = json.get('creator_group', None) if creator_group: cg_instance = Group() cg_instance.populate(creator_group) self.creator_group = cg_instance modifier_group = json.get('modifier_group', None) if modifier_group: cg_instance = Group() cg_instance.populate(modifier_group) self.modifier = cg_instance created_at = json.get('created_at', None) if created_at: self.created_at = strings.stringToDateTime(created_at) modified_on = json.get('modified_on', None) if modified_on: self.modified_on = strings.stringToDateTime(modified_on) rel_obs = json.get('related_objects', None) if rel_obs: for rel_ob in rel_obs: obj_instance = RelatedObject() obj_instance.populate(rel_ob) self.related_objects.append(obj_instance) attribtues = json.get('attributes', None) if attribtues: for attribtue in attribtues: attribute = Attribute() attribute.populate(attribtue) self.attributes.append(attribute)