def main():
campaign = Campaign(title="Campaign against ICS")
ttp = TTP(title="DrownedRat")
alpha_report = Report()
alpha_report.header = Header()
alpha_report.header.title = "Report on Adversary Alpha's Campaign against the Industrial Control Sector"
alpha_report.header.descriptions = "Adversary Alpha has a campaign against the ICS sector!"
alpha_report.header.intents = "Campaign Characterization"
alpha_report.add_campaign(Campaign(idref=campaign.id_))
rat_report = Report()
rat_report.header = Header()
rat_report.header.title = "Indicators for Malware DrownedRat"
rat_report.header.intents = "Indicators - Malware Artifacts"
rat_report.add_ttp(TTP(idref=ttp.id_))
wrapper = STIXPackage()
info_src = InformationSource()
info_src.identity = Identity(name="Government Sharing Program - GSP")
wrapper.stix_header = STIXHeader(information_source=info_src)
wrapper.add_report(alpha_report)
wrapper.add_report(rat_report)
wrapper.add_campaign(campaign)
wrapper.add_ttp(ttp)
print(wrapper.to_xml())
def main():
campaign = Campaign(title="Campaign against ICS")
ttp = TTP(title="DrownedRat")
alpha_report = Report()
alpha_report.header = Header()
alpha_report.header.title = "Report on Adversary Alpha's Campaign against the Industrial Control Sector"
alpha_report.header.descriptions = "Adversary Alpha has a campaign against the ICS sector!"
alpha_report.header.intents = "Campaign Characterization"
alpha_report.add_campaign(Campaign(idref=campaign._id))
rat_report = Report()
rat_report.header = Header()
rat_report.header.title = "Indicators for Malware DrownedRat"
rat_report.header.intents = "Indicators - Malware Artifacts"
rat_report.add_ttp(TTP(idref=ttp._id))
wrapper = STIXPackage()
info_src = InformationSource()
info_src.identity = Identity(name="Government Sharing Program - GSP")
wrapper.stix_header = STIXHeader(information_source=info_src)
wrapper.add_report(alpha_report)
wrapper.add_report(rat_report)
wrapper.add_campaign(campaign)
wrapper.add_ttp(ttp)
print wrapper.to_xml()
def create_report(source=None, intent=None):
report = Report()
header = Header()
header.information_source = InformationSource(source)
header.add_intent("Indicators")
report.header = header
return report
def convert_report(r20):
r1x = Report(id_=convert_id20(r20["id"]),
timestamp=text_type(r20["modified"]))
r1x.header = Header()
if "name" in r20:
r1x.header.title = r20["name"]
if "description" in r20:
r1x.header.add_description(r20["description"])
intents = convert_open_vocabs_to_controlled_vocabs(r20["labels"],
REPORT_LABELS_MAP)
for i in intents:
r1x.header.add_intent(i)
if "published" in r20:
add_missing_property_to_description(r1x.header, "published",
r20["published"])
for ref in r20["object_refs"]:
ref_type = get_type_from_id(ref)
ref1x = convert_id20(ref)
if ref_type == "attack-pattern":
r1x.add_ttp(TTP(idref=ref1x))
elif ref_type == "campaign":
r1x.add_campaign(Campaign(idref=ref1x))
elif ref_type == 'course-of-action':
r1x.add_course_of_action(CourseOfAction(idref=ref1x))
elif ref_type == "indicator":
r1x.add_indicator(Indicator(idref=ref1x))
elif ref_type == "observed-data":
r1x.add_observable(Observable(idref=ref1x))
elif ref_type == "malware":
r1x.add_ttp(TTP(idref=ref1x))
elif ref_type == "threat-actor":
r1x.add_threat_actor(ThreatActor(idref=ref1x))
elif ref_type == "tool":
r1x.add_ttp(TTP(idref=ref1x))
elif ref_type == "vulnerability":
r1x.add_exploit_target(ExploitTarget(idref=ref1x))
elif ref_type == "identity" or ref_type == "relationship":
warn("%s in %s is not explicitly a member of a STIX 1.x report",
703, ref, r20["id"])
elif ref_type == "intrusion-set":
warn("%s in %s cannot be represented in STIX 1.x", 612, ref,
r20["id"])
else:
warn("ref type %s in %s is not known", 0, ref_type, r20["id"])
if "object_marking_refs" in r20:
for m_id in r20["object_marking_refs"]:
ms = create_marking_specification(m_id)
if ms:
CONTAINER.add_marking(r1x, ms, descendants=True)
if "granular_markings" in r20:
error(
"Granular Markings present in '%s' are not supported by stix2slider",
604, r20["id"])
return r1x
from stix.core import STIXPackage from stix.report import Report from stix.report.header import Header stix_package = STIXPackage() stix_report = Report() stix_report.header = Header() stix_report.header.description = "Getting Started" stix_package.add(stix_report) print(stix_package.to_xml())
#!/usr/bin/env python # Copyright (c) 2017, The MITRE Corporation. All rights reserved. # See LICENSE.txt for complete terms. """ Description: Build a STIX Indicator document containing a File observable with an associated hash. """ from stix.core import STIXPackage# Imporet the STIX Package API from stix.report import Report# Import the STIX Report API from stix.report.header import Header# Import the STIX Report Header API stix_package = STIXPackage()# Create an instance of STIX stix_report = Report()# Create a Report instance stix_report.header = Header()# Create a header for the report stix_report.header.description = "Getting Started!"# Set the description stix_package.add(stix_report)# Add the report to our STIX Package print(stix_package.to_xml())
