def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
class SearchResult(RestBase):
def __init__(self):
RestBase.__init__(self)
self.event = None
self.object = None
self.observable = None
self.attribute = None
self.report = None
self.reference = None
def populate(self, json):
item = json['event']
self.event = Event()
self.event.populate(item)
# Check if not a report
if json.get('report', None) or json.get('reference', None):
item = json.get('report', None)
if item:
self.report = Report()
self.report.populate(item)
item = json.get('reference', None)
if item:
self.reference = Reference()
self.reference.populate(item)
else:
item = json.get('observable', None)
if item:
self.observable = Observable()
self.observable.populate(item)
item = json.get('object', None)
if item:
self.object = Object()
self.object.populate(item)
item = json.get('attribute', None)
if item:
self.attribute = Attribute()
self.attribute.populate(item)
def populate(self, json):
self.identifier = json.get('identifier', None)
self.title = json.get('title', None)
self.description = json.get('description', None)
self.short_description = json.get('short_description', None)
self.confidence = json.get('confidence', None)
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
originating_group = json.get('originating_group', None)
if originating_group:
cg_instance = Group()
cg_instance.populate(originating_group)
self.originating_group = cg_instance
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
self.operator = json.get('operator', 'OR')
self.properties.populate(json.get('properties', Properties('0')))
observables = json.get('observables', list())
if observables:
for observable in observables:
obs = Observable()
obs.populate(observable)
self.observables.append(obs)
def make_observable(self, event, comment, shared):
result_observable = Observable()
result_observable.identifier = uuid4()
# The creator of the result_observable is the creator of the object
self.set_extended_logging(result_observable, event)
result_observable.event_id = event.identifier
if comment is None:
result_observable.description = ''
else:
result_observable.description = comment
self.set_properties(result_observable, shared)
result_observable.created_at = datetime.utcnow()
result_observable.modified_on = datetime.utcnow()
return result_observable
def populate(self, json):
self.identifier = json.get('identifier', None)
self.title = json.get('title', None)
self.description = json.get('description', None)
self.risk = json.get('risk', 'Undefined').title()
self.status = json.get('status', 'Draft').title()
self.tlp = json.get('tlp', 'Amber').title()
self.analysis = json.get('analysis', 'Unknown').title()
self.properties.populate(json.get('properties', Properties('0')))
published = json.get('published', False)
if published:
if published == '1' or published == 1:
published = True
elif published == '0' or published == 0:
published = True
self.properties.is_shareable = published
observables = json.get('observables', list())
if observables:
for observable in observables:
obs = Observable()
obs.populate(observable)
self.observables.append(obs)
indicators = json.get('indicators', list())
if indicators:
for indicator in indicators:
ind = Indicator()
ind.populate(indicator)
self.indicators.append(ind)
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
originating_group = json.get('originating_group', None)
if originating_group:
cg_instance = Group()
cg_instance.populate(originating_group)
self.originating_group = cg_instance
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
first_seen = json.get('first_seen', None)
if first_seen:
self.first_seen = strings.stringToDateTime(first_seen)
last_seen = json.get('last_seen', None)
if last_seen:
self.last_seen = strings.stringToDateTime(last_seen)
reports = json.get('reports', None)
if reports:
for report in reports:
report_instacne = Report()
report_instacne.populate(report)
self.reports.append(report_instacne)
comments = json.get('comments', None)
if comments:
for comment in comments:
comment_instacne = Comment()
comment_instacne.populate(comment)
self.comments.append(comment_instacne)
permissions = json.get('groups', None)
if permissions:
for permission in permissions:
event_permission = EventGroupPermission()
event_permission.populate(permission)
