def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
if isinstance(cybox_obj, Address):
o.datatype = "string"
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = str(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, URI):
o.datatype = "string"
o.object_type = "URI"
o.name = str(cybox_obj.type_)
o.value = str(cybox_obj.value)
return o
else:
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
if isinstance(cybox_obj, Address):
o.datatype = "string"
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = str(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, URI):
o.datatype = "string"
o.object_type = "URI"
o.name = str(cybox_obj.type_)
o.value = str(cybox_obj.value)
return o
else:
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = "Account"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = "API"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Artifact):
o.object_type = "Artifact"
o.value = [cybox_obj.data]
if cybox_obj.type_ == Artifact.TYPE_GENERIC:
o.name = "Data Region"
return o
elif cybox_obj.type_ == Artifact.TYPE_FILE_SYSTEM:
o.name = "FileSystem Fragment"
return o
elif cybox_obj.type_ == Artifact.TYPE_MEMORY:
o.name = "Memory Region"
return o
elif isinstance(cybox_obj, Code):
o.object_type = "Code"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.code_segment)
return o
elif isinstance(cybox_obj, Custom):
if cybox_obj.custom_name == "crits:String":
if cybox_obj.custom_properties[0].name == "value":
o.object_type = "String"
o.value = [cybox_obj.custom_properties[0].value]
return o
elif isinstance(cybox_obj, Disk):
o.object_type = "Disk"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.disk_name)
return o
elif isinstance(cybox_obj, DiskPartition):
o.object_type = "Disk Partition"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.device_name)
return o
elif isinstance(cybox_obj, DNSQuery):
o.object_type = "DNS Query"
o.value = get_object_values(cybox_obj.question.qname)
return o
elif isinstance(cybox_obj, DNSRecord):
o.object_type = "DNS Record"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = "URI - Domain Name"
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, EmailMessage):
o.object_type = "Email Message"
o.value = [cybox_obj.raw_body]
return o
elif isinstance(cybox_obj, GUIDialogbox):
o.object_type = "GUI Dialogbox"
o.value = get_object_values(cybox_obj.box_text)
return o
elif isinstance(cybox_obj, GUIWindow):
o.object_type = "GUI Window"
o.value = get_object_values(cybox_obj.window_display_name)
return o
elif isinstance(cybox_obj, Library):
o.object_type = "Library"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Memory):
o.object_type = "Memory"
o.value = get_object_values(cybox_obj.memory_source)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = "Mutex"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, NetworkConnection):
o.object_type = "Network Connection"
o.value = get_object_values(cybox_obj.layer7_protocol)
return o
elif isinstance(cybox_obj, Pipe):
o.object_type = "Pipe"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Port):
o.object_type = "Port"
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = "Process"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, System):
o.object_type = "System"
o.value = get_object_values(cybox_obj.hostname)
return o
elif isinstance(cybox_obj, URI):
o.object_type = "URI - URL"
o.name = cybox_obj.type_
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, UserAccount):
o.object_type = "User Account"
o.value = get_object_values(cybox_obj.username)
return o
elif isinstance(cybox_obj, Volume):
o.object_type = "Volume"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinDriver):
o.object_type = "Win Driver"
o.value = get_object_values(cybox_obj.driver_name)
return o
elif isinstance(cybox_obj, WinEventLog):
o.object_type = "Win Event Log"
o.value = get_object_values(cybox_obj.log)
return o
elif isinstance(cybox_obj, WinEvent):
o.object_type = "Win Event"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinHandle):
o.object_type = "Win Handle"
o.name = str(cybox_obj.type_)
o.value = get_object_values(cybox_obj.object_address)
return o
elif isinstance(cybox_obj, WinKernelHook):
o.object_type = "Win Kernel Hook"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, WinMailslot):
o.object_type = "Win Mailslot"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinNetworkShare):
o.object_type = "Win Network Share"
o.value = get_object_values(cybox_obj.local_path)
return o
elif isinstance(cybox_obj, WinProcess):
o.object_type = "Win Process"
o.value = get_object_values(cybox_obj.window_title)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = "Win Registry Key"
o.value = get_object_values(cybox_obj.key)
return o
elif isinstance(cybox_obj, WinService):
o.object_type = "Win Service"
o.value = get_object_values(cybox_obj.service_name)
return o
elif isinstance(cybox_obj, WinSystem):
o.object_type = "Win System"
o.value = get_object_values(cybox_obj.product_name)
return o
elif isinstance(cybox_obj, WinTask):
o.object_type = "Win Task"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinUser):
o.object_type = "Win User Account"
o.value = get_object_values(cybox_obj.security_id)
return o
elif isinstance(cybox_obj, WinVolume):
o.object_type = "Win Volume"
o.value = get_object_values(cybox_obj.drive_letter)
return o
elif isinstance(cybox_obj, X509Certificate):
o.object_type = "X509 Certificate"
o.value = get_object_values(cybox_obj.raw_certificate)
return o
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = "Account"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = "API"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Artifact):
o.object_type = "Artifact"
o.value = [cybox_obj.data]
if cybox_obj.type_ == Artifact.TYPE_GENERIC:
o.name = "Data Region"
return o
elif cybox_obj.type_ == Artifact.TYPE_FILE_SYSTEM:
o.name = "FileSystem Fragment"
return o
elif cybox_obj.type_ == Artifact.TYPE_MEMORY:
o.name = "Memory Region"
return o
elif isinstance(cybox_obj, Code):
o.object_type = "Code"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.code_segment)
return o
elif isinstance(cybox_obj, Custom):
if cybox_obj.custom_name == "crits:String":
if cybox_obj.custom_properties[0].name == "value":
o.object_type = "String"
o.value = [cybox_obj.custom_properties[0].value]
return o
elif isinstance(cybox_obj, Disk):
o.object_type = "Disk"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.disk_name)
return o
elif isinstance(cybox_obj, DiskPartition):
o.object_type = "Disk Partition"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.device_name)
return o
elif isinstance(cybox_obj, DNSQuery):
o.object_type = "DNS Query"
o.value = get_object_values(cybox_obj.question.qname)
return o
elif isinstance(cybox_obj, DNSRecord):
o.object_type = "DNS Record"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = "URI - Domain Name"
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, EmailMessage):
o.object_type = "Email Message"
o.value = [cybox_obj.raw_body]
return o
elif isinstance(cybox_obj, GUIDialogbox):
o.object_type = "GUI Dialogbox"
o.value = get_object_values(cybox_obj.box_text)
return o
elif isinstance(cybox_obj, GUIWindow):
o.object_type = "GUI Window"
o.value = get_object_values(cybox_obj.window_display_name)
return o
elif isinstance(cybox_obj, Library):
o.object_type = "Library"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Memory):
o.object_type = "Memory"
o.value = get_object_values(cybox_obj.memory_source)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = "Mutex"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, NetworkConnection):
o.object_type = "Network Connection"
o.value = get_object_values(cybox_obj.layer7_protocol)
return o
elif isinstance(cybox_obj, Pipe):
o.object_type = "Pipe"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Port):
o.object_type = "Port"
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = "Process"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, System):
o.object_type = "System"
o.value = get_object_values(cybox_obj.hostname)
return o
elif isinstance(cybox_obj, URI):
o.object_type = "URI - URL"
o.name = cybox_obj.type_
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, UserAccount):
o.object_type = "User Account"
o.value = get_object_values(cybox_obj.username)
return o
elif isinstance(cybox_obj, Volume):
o.object_type = "Volume"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinDriver):
o.object_type = "Win Driver"
o.value = get_object_values(cybox_obj.driver_name)
return o
elif isinstance(cybox_obj, WinEventLog):
o.object_type = "Win Event Log"
o.value = get_object_values(cybox_obj.log)
return o
elif isinstance(cybox_obj, WinEvent):
o.object_type = "Win Event"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinHandle):
o.object_type = "Win Handle"
o.name = str(cybox_obj.type_)
o.value = get_object_values(cybox_obj.object_address)
return o
elif isinstance(cybox_obj, WinKernelHook):
o.object_type = "Win Kernel Hook"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, WinMailslot):
o.object_type = "Win Mailslot"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinNetworkShare):
o.object_type = "Win Network Share"
o.value = get_object_values(cybox_obj.local_path)
return o
elif isinstance(cybox_obj, WinProcess):
o.object_type = "Win Process"
o.value = get_object_values(cybox_obj.window_title)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = "Win Registry Key"
o.value = get_object_values(cybox_obj.key)
return o
elif isinstance(cybox_obj, WinService):
o.object_type = "Win Service"
o.value = get_object_values(cybox_obj.service_name)
return o
elif isinstance(cybox_obj, WinSystem):
o.object_type = "Win System"
o.value = get_object_values(cybox_obj.product_name)
return o
elif isinstance(cybox_obj, WinTask):
o.object_type = "Win Task"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinUser):
o.object_type = "Win User Account"
o.value = get_object_values(cybox_obj.security_id)
return o
elif isinstance(cybox_obj, WinVolume):
o.object_type = "Win Volume"
o.value = get_object_values(cybox_obj.drive_letter)
return o
elif isinstance(cybox_obj, X509Certificate):
o.object_type = "X509 Certificate"
o.value = get_object_values(cybox_obj.raw_certificate)
return o
raise UnsupportedCRITsObjectTypeError(cybox_obj)
