class InternalImportConnector: def __init__(self, config_file_path: str, api_client: OpenCTIApiClient, data: Dict): # set OPENCTI settings from fixture os.environ["OPENCTI_URL"] = api_client.api_url os.environ["OPENCTI_TOKEN"] = api_client.api_token os.environ["OPENCTI_SSL_VERIFY"] = str(api_client.ssl_verify) config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.data = data def _process_message(self, data: Dict) -> str: file_fetch = data["file_fetch"] file_uri = self.helper.opencti_url + file_fetch # Downloading and saving file to connector self.helper.log_info("Importing the file " + file_uri) observable = SimpleObservable( id=OpenCTIStix2Utils.generate_random_stix_id( "x-opencti-simple-observable"), key=self.data["simple_observable_key"], value=self.data["simple_observable_value"], ) bundle_objects = [observable] entity_id = data.get("entity_id", None) report = self.helper.api.report.read(id=entity_id) report = Report( id=report["standard_id"], name=report["name"], description=report["description"], published=self.helper.api.stix2.format_date(report["published"]), report_types=report["report_types"], object_refs=bundle_objects, ) bundle_objects.append(report) # create stix bundle bundle = Bundle(objects=bundle_objects).serialize() # send data self.helper.send_stix2_bundle(bundle=bundle) return "foo" def stop(self): self.helper.stop() def start(self): try: self.helper.listen(self._process_message) except pika.exceptions.AMQPConnectionError: self.stop() raise ValueError( "Connector was not able to establish the connection to RabbitMQ" )
class ExternalImportConnector: def __init__(self, config_file_path: str, api_client: OpenCTIApiClient, data: Dict): # set OPENCTI settings from fixture os.environ["OPENCTI_URL"] = api_client.api_url os.environ["OPENCTI_TOKEN"] = api_client.api_token os.environ["OPENCTI_SSL_VERIFY"] = str(api_client.ssl_verify) os.environ["OPENCTI_JSON_LOGGING"] = "true" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.interval = get_config_variable("INTERVAL", ["test", "interval"], config, True) self.data = data def get_interval(self): return int(self.interval) def run(self): now = datetime.utcfromtimestamp(time.time()) now_time = now.strftime("%Y-%m-%d %H:%M:%S") friendly_name = f"{self.helper.connect_name} run @ {now_time}" work_id = self.helper.api.work.initiate_work(self.helper.connect_id, friendly_name) bundle_objects = [] for elem in self.data: sdo = elem["class"]( id=elem["id"], name=elem["name"], description=elem["description"], ) bundle_objects.append(sdo) # create stix bundle bundle = Bundle(objects=bundle_objects).serialize() # send data self.helper.send_stix2_bundle( bundle=bundle, entities_types=self.helper.connect_scope, update=True, work_id=work_id, ) message = "Connector successfully run, storing last_run as " + str( now_time) self.helper.api.work.to_processed(work_id, message) return "Foo" def stop(self): self.helper.stop() def start(self): try: self.run() except pika.exceptions.AMQPConnectionError: self.stop() raise ValueError( "Connector was not able to establish the connection to RabbitMQ" )
class InternalEnrichmentConnector: def __init__(self, config_file_path: str, api_client: OpenCTIApiClient, data: Dict): # set OPENCTI settings from fixture os.environ["OPENCTI_URL"] = api_client.api_url os.environ["OPENCTI_TOKEN"] = api_client.api_token os.environ["OPENCTI_SSL_VERIFY"] = str(api_client.ssl_verify) config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) def _process_message(self, data: Dict) -> str: # set score to 100 entity_id = data["entity_id"] observable = self.helper.api.stix_cyber_observable.read(id=entity_id) self.helper.api.stix_cyber_observable.update_field( id=observable["standard_id"], input={ "key": "x_opencti_score", "value": ["100"] }, ) # now = datetime.utcfromtimestamp(time.time()) # now_time = now.strftime("%Y-%m-%d %H:%M:%S") # friendly_name = f"{self.helper.connect_name} run @ {now_time}" # work_id = self.helper.api.work.initiate_work( # self.helper.connect_id, friendly_name # ) # # # set score to 100 # entity_id = data["entity_id"] # observable = self.helper.api.stix_cyber_observable.read(id=entity_id) # # stix_observable = SimpleObservable( # id=OpenCTIStix2Utils.generate_random_stix_id("x-opencti-simple-observable"), # key="IPv4-Addr.value", # value=observable['value'], # x_opencti_score=100 # ) # bundle_objects = [stix_observable] # # create stix bundle # bundle = Bundle(objects=bundle_objects).serialize() # # send data # self.helper.send_stix2_bundle( # bundle=bundle, # update=True, # ) # # message = "Connector successfully run, storing last_run as " + str(now_time) # self.helper.api.work.to_processed(work_id, message) return "Finished" def stop(self): self.helper.stop() def start(self): try: self.helper.listen(self._process_message) except pika.exceptions.AMQPConnectionError: self.stop() raise ValueError( "Connector was not able to establish the connection to RabbitMQ" )