def test_feed_information_response1(self): push_method1 = tm10.PushMethod( push_protocol=t.VID_TAXII_HTTP_10, # Required push_message_bindings=[t.VID_TAXII_XML_10]) # Required polling_service1 = tm10.PollingServiceInstance( poll_protocol=t.VID_TAXII_HTTP_10, # Required poll_address='http://example.com/PollService/', # Required poll_message_bindings=[t.VID_TAXII_XML_10]) # Required subscription_service1 = tm10.SubscriptionMethod( subscription_protocol=t.VID_TAXII_HTTP_10, # Required subscription_address='http://example.com/SubsService/', # Required subscription_message_bindings=[t.VID_TAXII_XML_10]) # Required feed1 = tm10.FeedInformation( feed_name='Feed1', # Required feed_description='Description of a feed', # Required supported_contents=[t.CB_STIX_XML_10], # Required. List of supported content binding IDs available=True, # Optional. Defaults to None (aka Unknown) push_methods=[push_method1], # Required if there are no polling_services. Optional otherwise polling_service_instances=[polling_service1], # Required if there are no push_methods. Optional otherwise. subscription_methods=[subscription_service1]) # Optional feed_information_response1 = tm10.FeedInformationResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request feed_informations=[feed1]) # Optional round_trip_message(feed_information_response1)
def test_feed_information_response1(self): push_method1 = tm10.FeedInformationResponse.FeedInformation.PushMethod( push_protocol=t.VID_TAXII_HTTP_10, # Required push_message_bindings=[t.VID_TAXII_XML_10]) # Required polling_service1 = tm10.FeedInformationResponse.FeedInformation.PollingServiceInstance( poll_protocol=t.VID_TAXII_HTTP_10, # Required poll_address='http://example.com/PollService/', # Required poll_message_bindings=[t.VID_TAXII_XML_10]) # Required subscription_service1 = tm10.FeedInformationResponse.FeedInformation.SubscriptionMethod( subscription_protocol=t.VID_TAXII_HTTP_10, # Required subscription_address='http://example.com/SubsService/', # Required subscription_message_bindings=[t.VID_TAXII_XML_10]) # Required feed1 = tm10.FeedInformationResponse.FeedInformation( feed_name='Feed1', # Required feed_description='Description of a feed', # Required supported_contents=[t.CB_STIX_XML_10], # Required. List of supported content binding IDs available=True, # Optional. Defaults to None (aka Unknown) push_methods=[push_method1], # Required if there are no polling_services. Optional otherwise polling_service_instances=[polling_service1], # Required if there are no push_methods. Optional otherwise. subscription_methods=[subscription_service1]) # Optional feed_information_response1 = tm10.FeedInformationResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request feed_informations=[feed1]) # Optional round_trip_message(feed_information_response1)
def test_feed_information_response_deprecated(self): # Test nested-class forms: # FeedInformationResponse.FeedInformation # FeedInformationResponse.FeedInformation.PushMethod # FeedInformationResponse.FeedInformation.PollingServiceInstance # FeedInformationResponse.FeedInformation.SubscriptionMethod push_method1 = tm10.FeedInformationResponse.FeedInformation.PushMethod( push_protocol=t.VID_TAXII_HTTP_10, push_message_bindings=[t.VID_TAXII_XML_10]) polling_service1 = tm10.FeedInformationResponse.FeedInformation.PollingServiceInstance( poll_protocol=t.VID_TAXII_HTTP_10, poll_address='http://example.com/PollService/', poll_message_bindings=[t.VID_TAXII_XML_10]) subscription_service1 = tm10.FeedInformationResponse.FeedInformation.SubscriptionMethod( subscription_protocol=t.VID_TAXII_HTTP_10, subscription_address='http://example.com/SubsService/', subscription_message_bindings=[t.VID_TAXII_XML_10]) feed1 = tm10.FeedInformationResponse.FeedInformation( feed_name='Feed1', feed_description='Description of a feed', supported_contents=[t.CB_STIX_XML_10], push_methods=[push_method1], polling_service_instances=[polling_service1], subscription_methods=[subscription_service1]) feed_information_response1 = tm10.FeedInformationResponse( message_id=tm10.generate_message_id(), in_response_to=tm10.generate_message_id(), feed_informations=[feed1]) round_trip_message(feed_information_response1)
def test_discovery_response(self): service_instance1 = tm10.ServiceInstance( service_type=SVC_INBOX, # Required services_version=VID_TAXII_SERVICES_10, # Required protocol_binding=VID_TAXII_HTTP_10, # Required service_address='http://example.com/inboxservice/', # Required message_bindings=[ VID_TAXII_XML_10 ], # Required, must have at least one value in the list inbox_service_accepted_content=[ CB_STIX_XML_10 ], # Optional for service_type=SVC_INBOX, prohibited otherwise # If this is absent and service_type=SVC_INBOX, # It means the inbox service accepts all content available=True, # Optional - defaults to None, which means 'Unknown' message='This is a message.') # Optional # Create the discovery response discovery_response1 = tm10.DiscoveryResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id( ), # Required. This should be the ID of the corresponding request service_instances=[service_instance1]) # Optional. round_trip_message(discovery_response1)
def test_status_message(self): status_message1 = tm10.StatusMessage( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required. Should be the ID of the corresponding request status_type=tm10.ST_SUCCESS, # Required status_detail='Machine-processable info here!', # May be optional or not allowed, depending on status_type message='This is a message.') # Optional round_trip_message(status_message1)
def test_poll_response1(self): poll_response2 = tm10.PollResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required - this should be the ID of the corresponding request feed_name='FeedName', # Required inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Required inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional subscription_id='SubsId001', # Optional message='This is a message.', # Optional content_blocks=[string_content_block1]) # Optional round_trip_message(poll_response2)
def test_discovery_request(self): discovery_request1 = tm10.DiscoveryRequest( message_id=tm10.generate_message_id(), # Required extended_headers={'ext_header1': 'value1', 'ext_header2': 'value2'}) # Optional. #Extended headers are optional for every message type, but only demonstrated here round_trip_message(discovery_request1)
def create_request_message(self, args): try: if args.begin_ts: begin_ts = dateutil.parser.parse(args.begin_ts) if not begin_ts.tzinfo: raise ValueError else: begin_ts = None if args.end_ts: end_ts = dateutil.parser.parse(args.end_ts) if not end_ts.tzinfo: raise ValueError else: end_ts = None except ValueError: print("Unable to parse timestamp value. Timestamp should include both date and time information along " \ "with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll.") sys.exit() poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(), feed_name=args.feed, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts, subscription_id=args.subs_id) return poll_req
def test_discovery_request(self): discovery_request1 = tm10.DiscoveryRequest( message_id=tm10.generate_message_id(), # Required # Extended headers are optional for every message type, but only demonstrated here extended_headers={'ext_header1': 'value1', 'ext_header2': 'value2'}) # Optional. round_trip_message(discovery_request1)
def test_discovery_response_deprecated(self): # Test nested-class form: # DiscoveryResponse.ServiceInstance service_instance1 = tm10.DiscoveryResponse.ServiceInstance( service_type=tm10.SVC_INBOX, services_version=t.VID_TAXII_SERVICES_10, protocol_binding=t.VID_TAXII_HTTP_10, service_address='http://example.com/inboxservice/', message_bindings=[t.VID_TAXII_XML_10]) discovery_response1 = tm10.DiscoveryResponse( message_id=tm10.generate_message_id(), in_response_to=tm10.generate_message_id(), service_instances=[service_instance1]) round_trip_message(discovery_response1)
def test_inbox_message2(self): inbox_message2 = tm10.InboxMessage( message_id=tm10.generate_message_id(), # Required message='This is a message.', # Optional subscription_information=self.subscription_information1, # Optional content_blocks=[string_content_block1]) # Optional round_trip_message(inbox_message2)
def test_feed_subscription_request(self): manage_feed_subscription_request1 = tm10.ManageFeedSubscriptionRequest( message_id=tm10.generate_message_id(), # Required feed_name='SomeFeedName', # Required action=tm10.ACT_UNSUBSCRIBE, # Required subscription_id='SubsId056', # Required for unsubscribe, prohibited otherwise delivery_parameters=delivery_parameters1) # Required round_trip_message(manage_feed_subscription_request1)
def test_manage_feed_subscription_response(self): poll_instance1 = tm10.PollInstance( poll_protocol=t.VID_TAXII_HTTP_10, # Required poll_address='http://example.com/poll', # Required poll_message_bindings=[t.VID_TAXII_XML_10]) # Required subscription_instance1 = tm10.SubscriptionInstance( subscription_id='SubsId234', # required delivery_parameters=delivery_parameters1, # Required if message is responding to a status action. Optional otherwise poll_instances=[poll_instance1]) # Required if action was polling subscription. Optional otherwise manage_feed_subscription_response1 = tm10.ManageFeedSubscriptionResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required - Should be the ID of the corresponding request feed_name='Feed001', # Required message='This is a message', # Optional subscription_instances=[subscription_instance1]) # Required round_trip_message(manage_feed_subscription_response1)
def test_manage_feed_subscription_response(self): poll_instance1 = tm10.ManageFeedSubscriptionResponse.PollInstance( poll_protocol=t.VID_TAXII_HTTP_10, # Required poll_address='http://example.com/poll', # Required poll_message_bindings=[t.VID_TAXII_XML_10]) # Required subscription_instance1 = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance( subscription_id='SubsId234', # required delivery_parameters=[delivery_parameters1], # Required if message is responding to a status action. Optional otherwise poll_instances=[poll_instance1]) # Required if action was polling subscription. Optional otherwise manage_feed_subscription_response1 = tm10.ManageFeedSubscriptionResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required - Should be the ID of the corresponding request feed_name='Feed001', # Required message='This is a message', # Optional subscription_instances=[subscription_instance1]) # Required round_trip_message(manage_feed_subscription_response1)
def test_poll_request1(self): poll_request1 = tm10.PollRequest( message_id=tm10.generate_message_id(), # Required feed_name='TheFeedToPoll', # Required subscription_id='SubsId002', # Optional exclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no lower bound' inclusive_end_timestamp_label=datetime.datetime.now(tzutc()), # Optional - Absence means 'no upper bound' content_bindings=[t.CB_STIX_XML_10]) # Optional - defaults to accepting all content bindings round_trip_message(poll_request1)
def test_discovery_response(self): service_instance1 = tm10.DiscoveryResponse.ServiceInstance( service_type=tm10.SVC_INBOX, # Required services_version=t.VID_TAXII_SERVICES_10, # Required protocol_binding=t.VID_TAXII_HTTP_10, # Required service_address='http://example.com/inboxservice/', # Required message_bindings=[t.VID_TAXII_XML_10], # Required, must have at least one value in the list inbox_service_accepted_content=[t.CB_STIX_XML_10], # Optional for service_type=SVC_INBOX, prohibited otherwise #If this is absent and service_type=SVC_INBOX, #It means the inbox service accepts all content available=True, # Optional - defaults to None, which means 'Unknown' message='This is a message.') # Optional #Create the discovery response discovery_response1 = tm10.DiscoveryResponse( message_id=tm10.generate_message_id(), # Required in_response_to=tm10.generate_message_id(), # Required. This should be the ID of the corresponding request service_instances=[service_instance1]) # Optional. round_trip_message(discovery_response1)
def main(): parser = t.scripts.get_base_parser("TAXII 1.0 Poll Client (Deprecated)", path="/services/poll/") parser.add_argument("--feed", dest="feed", default="default", help="Data Collection to poll. Defaults to 'default'.") parser.add_argument("--begin_timestamp", dest="begin_ts", default=None, help="The begin timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.") parser.add_argument("--end_timestamp", dest="end_ts", default=None, help="The end timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.") parser.add_argument("--subscription-id", dest="subs_id", default=None, help="The subscription ID to use. Defaults to None") args = parser.parse_args() try: if args.begin_ts: begin_ts = dateutil.parser.parse(args.begin_ts) if not begin_ts.tzinfo: raise ValueError else: begin_ts = None if args.end_ts: end_ts = dateutil.parser.parse(args.end_ts) if not end_ts.tzinfo: raise ValueError else: end_ts = None except ValueError: print "Unable to parse timestamp value. Timestamp should include both date and time information along with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll." sys.exit() poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(), feed_name=args.feed, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts, subscription_id=args.subs_id) poll_req_xml = poll_req.to_xml(pretty_print=True) print "Poll Request: \r\n", poll_req_xml client = tc.HttpClient() client.setUseHttps(args.https) client.setProxy(args.proxy) tls = (args.cert is not None and args.key is not None) basic = (args.username is not None and args.password is not None) if tls and basic: client.setAuthType(tc.HttpClient.AUTH_CERT_BASIC) client.setAuthCredentials({'key_file': args.key, 'cert_file': args.cert, 'username': args.username, 'password': args.password}) elif tls: client.setAuthType(tc.HttpClient.AUTH_CERT) client.setAuthCredentials({'key_file': args.key, 'cert_file': args.cert}) elif basic: client.setAuthType(tc.HttpClient.AUTH_BASIC) client.setAuthCredentials({'username': args.username, 'password': args.password}) resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_10, poll_req_xml, args.port) response_message = t.get_message_from_http_response(resp, '0') print "Response Message: \r\n", response_message.to_xml(pretty_print=True)
def test_manage_feed_subscription_response_deprecated(self): # Test nested-class forms: # ManageFeedSubscriptionResponse.PollInstance # ManageFeedSubscriptionResponse.SubscriptionInstance poll = tm10.ManageFeedSubscriptionResponse.PollInstance( poll_protocol=t.VID_TAXII_HTTP_10, poll_address='http://example.com/poll', poll_message_bindings=[t.VID_TAXII_XML_10]) subscription = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance( subscription_id='SubsId234', delivery_parameters=[delivery_parameters1], poll_instances=[poll]) response = tm10.ManageFeedSubscriptionResponse( message_id=tm10.generate_message_id(), in_response_to=tm10.generate_message_id(), feed_name='Feed001', subscription_instances=[subscription]) round_trip_message(response)
def test_manage_feed_subscription_response_deprecated(self): # Test nested-class forms: # ManageFeedSubscriptionResponse.PollInstance # ManageFeedSubscriptionResponse.SubscriptionInstance poll = tm10.ManageFeedSubscriptionResponse.PollInstance( poll_protocol=t.VID_TAXII_HTTP_10, poll_address='http://example.com/poll', poll_message_bindings=[t.VID_TAXII_XML_10]) subscription = tm10.ManageFeedSubscriptionResponse.SubscriptionInstance( subscription_id='SubsId234', delivery_parameters=delivery_parameters1, poll_instances=[poll]) response = tm10.ManageFeedSubscriptionResponse( message_id=tm10.generate_message_id(), in_response_to=tm10.generate_message_id(), feed_name='Feed001', subscription_instances=[subscription]) round_trip_message(response)
def test_inbox_message_deprecated(self): # Test nested-class form: # InboxMessage.SubscriptionInformation sub_info = tm10.InboxMessage.SubscriptionInformation( feed_name='SomeFeedName', subscription_id='SubsId021', inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), inclusive_end_timestamp_label=datetime.datetime.now(tzutc())) inbox_msg = tm10.InboxMessage(message_id=tm10.generate_message_id(), subscription_information=sub_info, content_blocks=[xml_content_block1]) round_trip_message(inbox_msg)
def test_inbox_message_deprecated(self): # Test nested-class form: # InboxMessage.SubscriptionInformation sub_info = tm10.InboxMessage.SubscriptionInformation( feed_name='SomeFeedName', subscription_id='SubsId021', inclusive_begin_timestamp_label=datetime.datetime.now(tzutc()), inclusive_end_timestamp_label=datetime.datetime.now(tzutc())) inbox_msg = tm10.InboxMessage( message_id=tm10.generate_message_id(), subscription_information=sub_info, content_blocks=[xml_content_block1]) round_trip_message(inbox_msg)
def taxii_poll(src_feed, is_ssl_enabled, username, feed_path=common.TAXII_DATA, site_url="127.0.0.1", timestamp=None): """ pull stix from edge via taxii, currently requires trust_localhost enabled in taxii server :param site_url: :param src_feed: :param is_ssl_enabled: :param feed_path: :param timestamp: :return: """ client = tc.HttpClient() client.setUseHttps(is_ssl_enabled) # NOTE: IMPORTANT: ASSUMES TAXII CLIENT USES TRUST_LOCALHOST client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials({'username': username, 'password': ''}) if not timestamp: earliest = epoch_start() else: earliest = timestamp latest = nowutc() poll_request = tm10.PollRequest( message_id=tm10.generate_message_id(), feed_name=src_feed, inclusive_end_timestamp_label=latest, content_bindings=[t.CB_STIX_XML_11]) http_response = client.callTaxiiService2( site_url, feed_path, t.VID_TAXII_XML_10, poll_request.to_xml()) taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id) if isinstance(taxii_message, tm10.StatusMessage): pass elif isinstance(taxii_message, tm10.PollResponse): indicators = dict() observables = dict() for content_block in taxii_message.content_blocks: (indicators_, observables_) = \ process_taxii_content_blocks(content_block) indicators.update(indicators_) observables.update(observables_) return latest, indicators, observables
def taxii_poll(config, src, dest, timestamp=None): """pull stix from edge via taxii""" client = tc.HttpClient() client.setUseHttps(config["edge"]["sites"][src]["taxii"]["ssl"]) client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials( { "username": config["edge"]["sites"][src]["taxii"]["user"], "password": config["edge"]["sites"][src]["taxii"]["pass"], } ) if not timestamp: earliest = util.epoch_start() else: earliest = timestamp latest = util.nowutc() poll_request = tm10.PollRequest( message_id=tm10.generate_message_id(), feed_name=config["edge"]["sites"][src]["taxii"]["collection"], exclusive_begin_timestamp_label=earliest, inclusive_end_timestamp_label=latest, content_bindings=[t.CB_STIX_XML_11], ) http_response = client.callTaxiiService2( config["edge"]["sites"][src]["host"], config["edge"]["sites"][src]["taxii"]["path"], t.VID_TAXII_XML_10, poll_request.to_xml(), port=config["edge"]["sites"][src]["taxii"]["port"], ) taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id) if isinstance(taxii_message, tm10.StatusMessage): config["logger"].error(log.log_messages["polling_error"].format(type_="taxii", error=taxii_message.message)) elif isinstance(taxii_message, tm10.PollResponse): incidents = dict() indicators = dict() observables = dict() for content_block in taxii_message.content_blocks: (incidents_, indicators_, observables_) = process_taxii_content_blocks(config, content_block) incidents.update(incidents_) indicators.update(indicators_) observables.update(observables_) return (latest, incidents, indicators, observables)
def taxii_poll(host=None, port=None, endpoint=None, collection=None, user=None, passwd=None, use_ssl=None, attempt_validation=None): '''poll cti via taxii''' client = tc.HttpClient() client.setUseHttps(use_ssl) client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials( {'username': user, 'password': passwd}) earliest = epoch_start() latest = nowutc() poll_request = tm10.PollRequest( message_id=tm10.generate_message_id(), feed_name=collection, exclusive_begin_timestamp_label=earliest, inclusive_end_timestamp_label=latest, content_bindings=[t.CB_STIX_XML_11]) http_response = client.callTaxiiService2( host, endpoint, t.VID_TAXII_XML_10, poll_request.to_xml(), port=port) taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id) if isinstance(taxii_message, tm10.StatusMessage): print('''TAXII connection error! Exiting... %s''' % (taxii_message.message)) elif isinstance(taxii_message, tm10.PollResponse): cooked_stix_objs = {'campaigns': set(), 'courses_of_action': set(), \ 'exploit_targets': set(), 'incidents': set(), \ 'indicators': set(), 'threat_actors': set(), \ 'ttps': set()} cooked_cybox_objs = dict() for content_block in taxii_message.content_blocks: stix_package = taxii_content_block_to_stix(content_block) (raw_stix_objs, raw_cybox_objs) = \ process_stix_pkg(stix_package) for k in raw_stix_objs.keys(): cooked_stix_objs[k].update(raw_stix_objs[k]) for k in raw_cybox_objs.keys(): if not k in cooked_cybox_objs.keys(): cooked_cybox_objs[k] = set() cooked_cybox_objs[k].update(raw_cybox_objs[k]) return(cooked_stix_objs, cooked_cybox_objs)
def taxii_poll(config, src, dest, timestamp=None): '''pull stix from edge via taxii''' client = tc.HttpClient() client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl']) client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials( {'username': config['edge']['sites'][src]['taxii']['user'], 'password': config['edge']['sites'][src]['taxii']['pass']}) if not timestamp: earliest = util_.epoch_start() else: earliest = timestamp latest = util_.nowutc() poll_request = tm10.PollRequest( message_id=tm10.generate_message_id(), feed_name=config['edge']['sites'][src]['taxii']['collection'], exclusive_begin_timestamp_label=earliest, inclusive_end_timestamp_label=latest, content_bindings=[t.CB_STIX_XML_11]) http_response = client.callTaxiiService2( config['edge']['sites'][src]['host'], config['edge']['sites'][src]['taxii']['path'], t.VID_TAXII_XML_10, poll_request.to_xml(), port=config['edge']['sites'][src]['taxii']['port']) taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id) if isinstance(taxii_message, tm10.StatusMessage): config['logger'].error(log_.log_messages['polling_error'].format( type_='taxii', error=taxii_message.message)) elif isinstance(taxii_message, tm10.PollResponse): incidents = dict() indicators = dict() observables = dict() for content_block in taxii_message.content_blocks: (incidents_, indicators_, observables_) = \ process_taxii_content_blocks(config, content_block) incidents.update(incidents_) indicators.update(indicators_) observables.update(observables_) return(latest, incidents, indicators, observables)
def taxii_poll(config, src, dest, timestamp=None): '''pull stix from edge via taxii''' client = tc.HttpClient() client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl']) client.setAuthType(client.AUTH_BASIC) client.setAuthCredentials( {'username': config['edge']['sites'][src]['taxii']['user'], 'password': config['edge']['sites'][src]['taxii']['pass']}) if not timestamp: earliest = util.epoch_start() else: earliest = timestamp latest = util.nowutc() poll_request = tm10.PollRequest( message_id=tm10.generate_message_id(), feed_name=config['edge']['sites'][src]['taxii']['collection'], exclusive_begin_timestamp_label=earliest, inclusive_end_timestamp_label=latest, content_bindings=[t.CB_STIX_XML_11]) http_response = client.callTaxiiService2( config['edge']['sites'][src]['host'], config['edge']['sites'][src]['taxii']['path'], t.VID_TAXII_XML_10, poll_request.to_xml(), port=config['edge']['sites'][src]['taxii']['port']) taxii_message = t.get_message_from_http_response(http_response, poll_request.message_id) if isinstance(taxii_message, tm10.StatusMessage): config['logger'].error(log.log_messages['polling_error'].format( type_='taxii', error=taxii_message.message)) elif isinstance(taxii_message, tm10.PollResponse): incidents = dict() indicators = dict() observables = dict() for content_block in taxii_message.content_blocks: (incidents_, indicators_, observables_) = \ process_taxii_content_blocks(config, content_block) incidents.update(incidents_) indicators.update(indicators_) observables.update(observables_) return(latest, incidents, indicators, observables)
def main(): parser = scripts.get_base_parser("Discovery Client", path="/services/discovery/") args = parser.parse_args() discovery_req = tm10.DiscoveryRequest(message_id=tm10.generate_message_id()) print "Request:\n" if args.xml_output is False: print discovery_req.to_text() else: print discovery_req.to_xml(pretty_print=True) client = scripts.create_client(args) resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_11, discovery_req,to_xml(pretty_print=True), args.port) r = t.get_message_from_http_response(resp, '0') print "Response:\n" if args.xml_output is False: print r.to_text() else: print r.to_xml(pretty_print=True)
def test_discovery_exchange(self): """Send a discovery request, look to get a discovery response back.""" req = tm10.DiscoveryRequest(tm10.generate_message_id()) response = self.post(DISCOVERY_PATH, req.to_xml()) self.assertDiscoveryResponse(response)
def create_request_message(self, args): return tm10.FeedInformationRequest(message_id=tm10.generate_message_id())
def test_feed_information_request1(self): feed_information_request1 = tm10.FeedInformationRequest( message_id=tm10.generate_message_id()) # Required round_trip_message(feed_information_request1)
def main(): parser = scripts.get_base_parser("TAXII 1.0 Poll Client (Deprecated)", path="/services/poll/") parser.add_argument("--feed", dest="feed", default="default", help="Data Collection to poll. Defaults to 'default'.") parser.add_argument("--begin_timestamp", dest="begin_ts", default=None, help="The begin timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.") parser.add_argument("--end_timestamp", dest="end_ts", default=None, help="The end timestamp (format: YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm) for the poll request. Defaults to None.") parser.add_argument("--subscription-id", dest="subs_id", default=None, help="The subscription ID to use. Defaults to None") args = parser.parse_args() try: if args.begin_ts: begin_ts = dateutil.parser.parse(args.begin_ts) if not begin_ts.tzinfo: raise ValueError else: begin_ts = None if args.end_ts: end_ts = dateutil.parser.parse(args.end_ts) if not end_ts.tzinfo: raise ValueError else: end_ts = None except ValueError: print "Unable to parse timestamp value. Timestamp should include both date and time information along with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll." sys.exit() poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(), feed_name=args.feed, exclusive_begin_timestamp_label=begin_ts, inclusive_end_timestamp_label=end_ts, subscription_id=args.subs_id) print "Request:\n" if args.xml_output is False: print poll_req.to_text() else: print poll_req.to_xml(pretty_print=True) client = scripts.create_client(args) resp = client.callTaxiiService2(args.host, args.path, t.VID_TAXII_XML_10, poll_req.to_xml(pretty_print=True), args.port) r = t.get_message_from_http_response(resp, '0') print "Response:\n" if args.xml_output is False: print r.to_text() else: print r.to_xml(pretty_print=True) if r.message_type == tm10.MSG_POLL_RESPONSE: for cb in r.content_blocks: if cb.content_binding.binding_id == t.CB_STIX_XML_10: format = '_STIX10_' ext = '.xml' elif cb.content_binding.binding_id == t.CB_STIX_XML_101: format = '_STIX101_' ext = '.xml' elif cb.content_binding.binding_id == t.CB_STIX_XML_11: format = '_STIX11_' ext = '.xml' elif cb.content_binding.binding_id == t.CB_STIX_XML_111: format = '_STIX111_' ext = '.xml' else: # Format and extension are unknown format = '' ext = '' if cb.timestamp_label: date_string = 't' + cb.timestamp_label.isoformat() else: date_string = 's' + datetime.datetime.now().isoformat() filename = (args.dest_dir + r.collection_name + format + date_string + ext).translate(None, '/\\:*?"<>|') f = open(filename, 'w') f.write(cb.content) f.flush() f.close() print "Wrote Content Block to %s" % filename
def create_request_message(self, args): message_id = tm10.generate_message_id() return tm10.FeedInformationRequest(message_id)