Python Indicator.set_received_timeの例

コード例 #1

ファイル: cif-json2stix.py プロジェクト: akreffett/cif_json2stix

def _export_from_json_to_xml(json1):
    import re
    from stix.indicator.indicator import Indicator
    from cybox.core import observable
    from cybox.common import Hash
    from cybox.objects.file_object import File
   
    indicatorIns = Indicator()
    indicDesc = "Additional fields: "
    
    if testMode:
        print "------------New Indicator: Start------------"
        print "--------------check dictionary ----------------"
        if json1["relatedid_restriction"]: print json1["relatedid_restriction"]
        if json1["source"]: print json1["source"]
        if "ardig" in json1 and json1["ardig"]: print str(json1["ardig"])
        if "address" in json1 and json1["address"]:print json1["address"]
        print "--------------check dictionary:END----------------"
    
    #need to be set before setting times producer attributes
    indicatorIns.set_producer_identity("None")
    
    strAddress = ""
    strAsn = ""
    strAsnDesc = ""
    strRir = ""
    strCc = ""
    strPrefix = ""
    strRdata = ""
    strDescShort = ""
    strMalware = ""
    strProtocol = ""
    strPortList = ""
    for item in json1.keys():
        if fieldsList.get(item) is None:
            log_string = log_string + "New field: " + str(json1.get(item)) + "\n"
            
    if json1.get("whois") is not None:
        indicDesc = indicDesc + "whois = " + str(json1["whois"]) + "; "
    
    if json1.get("relatedid_restriction") is not None:
        indicDesc = indicDesc + "relatedid_restriction = " + str(json1["relatedid_restriction"]) + "; "
        
    if json1.get("source") is not None:
        indicatorIns.set_producer_identity(json1["source"])
        
    if json1.get("contact") is not None:
        indicDesc = indicDesc + "contact = " + json1["contact"] + "; "
    
    if json1.get("purpose") is not None:
        indicDesc = indicDesc + "purpose = " + str(json1["purpose"]) + "; "
    
    if json1.get("asn") is not None:
        strAsn = json1["asn"]
          
    if json1.get("asn_desc") is not None:
        strAsnDesc = json1["asn_desc"]
          
    if json1.get("rir") is not None:
        strRir = json1["rir"]
          
    if json1.get("cc") is not None:
        strCc = json1["cc"]
          
    if json1.get("rdata") is not None:
        strRdata = json1["rdata"]
          
    if json1.get("prefix") is not None:
        strPrefix = json1["prefix"]
          
    if json1.get("alternativeid") is not None:
        indicDesc = indicDesc + "alternativeid = " + str(json1["alternativeid"]) + "; "
          
    if json1.get("detecttime") is not None:
        indicatorIns.set_produced_time(json1["detecttime"])
          
    if json1.get("address") is not None:
        strAddress = json1["address"]
        
    if json1.get("alternativeid_restriction") is not None:
        indicDesc = indicDesc + "alternativeid_restriction = " + str(json1["alternativeid_restriction"]) + "; "
        
    if json1.get("id") is not None:
        indicatorIns.id_=json1["id"]
         
    if json1.get("guid") is not None:
        indicDesc = indicDesc + "guid = " + str(json1["guid"]) + "; "
         
    if json1.get("severity") is not None:
        indicDesc = indicDesc + "severity = " + str(json1["severity"]) + "; "
         
    if json1.get("assessment") is not None:
        indicDesc = "Assessment: " + str(json1["assessment"]) + ". " + indicDesc
        
    if json1.get("description") is not None:
        descList = str(json1["description"]).rsplit()
        if len(descList) > 1:
            strDescShort = descList[len(descList)-1]
        else:
            strDescShort = str(json1["description"])
        indicDesc = indicDesc + "description = " + str(json1["description"]) + "; "
        
    if json1.get("relatedid") is not None:
        indicDesc = indicDesc + "relatedid = " + str(json1["relatedid"]) + "; "
         
    if json1.get("reporttime") is not None:
        indicatorIns.set_received_time(json1["reporttime"])
        
    if json1.get("confidence") is not None:
        indicDesc = indicDesc + "confidence = " + json1["confidence"] + "; "
        
    if json1.get("restriction") is not None:
        indicDesc = indicDesc + "restriction = " + json1["restriction"] + "; "
        
    if json1.get("malware_hash") is not None:
        strMalware =json1["malware_hash"]
        
    if json1.get("protocol") is not None:
        strProtocol = str(json1["protocol"])
       
    if json1.get("portlist") is not None:
        strPortList = str(json1["portlist"])
       
    #Address    
    #build address param
    addressParam = {'strAddress':strAddress,'strDescShort':strDescShort,'strAsn':strAsn,'strAsnDesc':strAsnDesc,
                    'strRir':strRir,'strCc':strCc,'strPrefix':strPrefix,'strRdata':strRdata,
                    'strProtocol':strProtocol,'strPortList':strPortList,'indicDesc':indicDesc,}
    if testMode:
        print "Address: " + addressParam["strAddress"]
        print "strDescShort: " + addressParam["strDescShort"]
    
    if strAddress:
        #address
        indicDesc = _build_adderss_obj(addressParam,indicatorIns)
   
    #rdata onlly
    if strAddress is None and strRdata:
        matchRez = re.match("""((25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)\.){3}
                            (25[0-5]|2[0-4]\d|1\d\d|[1-9]\d|\d)""", strRdata)
        if matchRez:
            #address = helper.create_ipv4_observable(strRdata)
            indicatorIns.add_observable(observable.Observable(Address(strRdata,'ipv4-addr')))
        else:
            indicatorIns.add_observable(observable.Observable(URI(strRdata,'Domain Name')))
        
        if testMode:
            print "It's rdata only"
           
    #malware
    if strMalware:
        malFile = File()
        hash_ = Hash(strMalware)
        malFile.add_hash(hash_)
        malware = observable.Observable(malFile)
        indicatorIns.add_observable(malware)
        
        if testMode:
            print "It's malware_hash"
    
    if indicDesc:
        indicatorIns.description = indicDesc
    
    return indicatorIns