def _create_report(
self,
report: Report,
author: Identity,
object_refs: List[STIXDomainObject],
object_marking_refs: List[MarkingDefinition],
files: List[Mapping[str, str]],
) -> STIXReport:
# Create external references.
external_references = []
report_url = report.url
if report_url is not None and report_url:
external_reference = create_external_reference(
self.source_name, str(report.id), report_url)
external_references.append(external_reference)
# Create tags.
tags = []
report_tags = report.tags
if report_tags is not None:
tags = create_tags(report_tags, self.source_name)
return create_stix2_report_from_report(
report,
author,
object_refs,
external_references,
object_marking_refs,
self.indicator_report_status,
self.indicator_report_type,
self.confidence_level,
tags,
files,
)
def _create_intrusion_sets(self) -> List[IntrusionSet]:
report_actors = self.report.actors
if report_actors is None:
return []
primary_motivation = None
secondary_motivation = None
intrusion_sets = []
for actor in report_actors:
actor_external_references = []
actor_url = actor.url
if actor_url:
actor_external_reference = create_external_reference(
self.source_name, str(actor.id), actor_url
)
actor_external_references.append(actor_external_reference)
intrusion_set = create_intrusion_set_from_actor(
actor,
self.author,
primary_motivation,
secondary_motivation,
actor_external_references,
self.object_marking_refs,
)
intrusion_sets.append(intrusion_set)
return intrusion_sets
def _create_external_references(self) -> List[ExternalReference]:
external_references = []
actor_url = self.actor.url
if actor_url:
external_reference = create_external_reference(
self.source_name, str(self.actor.id), actor_url)
external_references.append(external_reference)
return external_references
def _create_external_references(self) -> List[ExternalReference]:
external_references = []
report_url = self.report.url
if report_url:
external_reference = create_external_reference(
self.source_name, str(self.report.id), report_url
)
external_references.append(external_reference)
return external_references
def _create_vulnerability(
vulnerability_name: str,
author: Identity,
object_marking_refs: List[MarkingDefinition],
):
external_references = []
if vulnerability_name.startswith("CVE-"):
external_reference = create_external_reference(
"NIST NVD",
vulnerability_name,
f"https://nvd.nist.gov/vuln/detail/{vulnerability_name}",
)
external_references.append(external_reference)
return create_vulnerability(vulnerability_name, author,
external_references, object_marking_refs)
def _create_external_reference(
self, external_id: str, url: str
) -> ExternalReference:
return create_external_reference(self.source_name, external_id, url)