def _make_stix_package(self, origin_feed, post, creator=None): # package ID作成 package_id = self.generator.create_id(prefix='Package') # package作成 stix_package = STIXPackage(id_=package_id) stix_package.timestamp = datetime.datetime.now(tz=pytz.timezone(origin_feed.user.timezone)) # header格納 stix_package.stix_header = self._get_stix_header(origin_feed, post, creator) # Comment元の Feed の Package ID を Related Package に追加する stix_package.add_related_package(origin_feed.package_id) return stix_package
def _make_stix_package(self, feed, indicators=[], ttps=[], tas=[]): user_timezone = pytz.timezone(feed.user.timezone) # package ID作成 package_id = self.generator.create_id(prefix='Package') # package作成 stix_package = STIXPackage(id_=package_id) stix_package.timestamp = datetime.datetime.now(tz=user_timezone) # header格納 stix_package.stix_header = self._get_stix_header(feed) # indicators 格納 # web 画面から取得した indicators (json) から stix indicators 作成する stix_indicators = Indicators() for indicator_json in indicators: indicator = CommonExtractor.get_indicator_from_json( indicator_json, user_timezone) if indicator is not None: stix_indicators.append(indicator) stix_package.indicators = stix_indicators # ExploitTargets格納 stix_exploit_targets = ExploitTargets() for ttp_json in ttps: et = CommonExtractor.get_exploit_target_from_json(ttp_json) if et is not None: stix_exploit_targets.append(et) stix_package.exploit_targets = stix_exploit_targets # ThreatActors 格納 for ta_json in tas: value = ta_json['value'] if SNSConfig.get_cs_custid( ) is not None and SNSConfig.get_cs_custkey() is not None: ta = self.get_ta_from_crowd_strike(value) if ta is None: # ATT&CK から ThreatActor 取得する ta = self.get_ta_from_attck(value) else: ta = self.get_ta_from_attck(value) stix_package.add_threat_actor(ta) # 添付ファイル用の STIX 作成する for file_ in feed.files.all(): attach_file_stix_package = self._make_stix_package_for_attached_file( file_, feed) self.attachment_files.append(attach_file_stix_package) # 添付ファイル用の STIX を Related Pacakge に追加する stix_package.add_related_package(attach_file_stix_package.id_) return stix_package