def populate(self, json):
definition_id = json.get('definition_id', None)
if definition_id:
self.definition_id = definition_id
definition = json.get('definition', None)
if definition:
definitin_instance = ReferenceDefinition()
definitin_instance.populate(definition)
self.definition = definitin_instance
if self.definition_id and self.definition:
if self.definition.identifier and self.definition_id != self.definition.identifier:
raise ValueException(u'Reference definitions cannot be updated')
self.value = json.get('value', None)
self.identifier = json.get('identifier', None)
self.properties.populate(json.get('properties', None))
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
def validateDateTime(obj, attributeName, changeAttribute=True):
"""
Validates if the attribute is a date or date time under the
specified formats address.
Note: The actual object is changed internally
:param obj: Object
:type obj: object
:param attributeName: attribute name of the object
:type attributeName: String
:param changeAttribute: If set the given attribute will be changed to a
type of FailedValidation
:type changeAttribute: Boolean
:return Boolean
"""
errorMsg = ('The date is not under the right form as i.e. ' +
'"YYYY-mm-dd - H:M:S" where " - H:M:S" is optional')
value = getattr(obj, attributeName)
if isinstance(value, datetime.datetime):
return True
try:
if ObjectValidator.validateIP(obj, attributeName, False):
return False
stringToDateTime(value)
return True
except InputException:
if changeAttribute:
setattr(obj, attributeName, FailedValidation(value, errorMsg))
return False
def populate(self, json):
self.title = json.get('title', None)
self.description = json.get('description', None)
self.properties.populate(json.get('properties', None))
self.short_description = json.get('short_description', None)
self.identifier = json.get('identifier', None)
self.properties.populate(json.get('properties', None))
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
references = json.get('references', None)
if references:
for reference in references:
ref = Reference()
ref.populate(reference)
self.references.append(ref)
def validateDateTime(obj, attributeName, changeAttribute=True):
"""
Validates if the attribute is a date or date time under the
specified formats address.
Note: The actual object is changed internally
:param obj: Object
:type obj: object
:param attributeName: attribute name of the object
:type attributeName: String
:param changeAttribute: If set the given attribute will be changed to a
type of FailedValidation
:type changeAttribute: Boolean
:return Boolean
"""
errorMsg = ('The date is not under the right form as i.e. ' +
'"YYYY-mm-dd - H:M:S" where " - H:M:S" is optional')
value = getattr(obj, attributeName)
if isinstance(value, datetime.datetime):
return True
try:
if ObjectValidator.validateIP(obj, attributeName, False):
return False
stringToDateTime(value)
return True
except InputException:
if changeAttribute:
setattr(obj, attributeName, FailedValidation(value, errorMsg))
return False
def populate(self, json):
self.identifier = json.get('identifier', None)
definition_id = json.get('definition_id', None)
if definition_id:
self.definition_id = definition_id
definition = json.get('definition', None)
if definition:
definitin_instance = ObjectDefinition()
definitin_instance.populate(definition)
self.definition = definitin_instance
if self.definition_id and self.definition:
if self.definition.identifier and self.definition_id != self.definition.identifier:
raise ValueException(u'Object definitions cannot be updated')
if not (self.definition_id or self.definition):
raise ValueException(u'Object definition or definition_id must be set')
self.properties.populate(json.get('properties', Properties('0')))
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
rel_obs = json.get('related_objects', None)
if rel_obs:
for rel_ob in rel_obs:
obj_instance = RelatedObject()
obj_instance.populate(rel_ob)
self.related_objects.append(obj_instance)
attribtues = json.get('attributes', None)
if attribtues:
for attribtue in attribtues:
attribute = Attribute()
attribute.populate(attribtue)
self.attributes.append(attribute)
def populate(self, json):
self.identifier = json.get('identifier', None)
definition_id = json.get('definition_id', None)
if definition_id:
self.definition_id = definition_id
definition = json.get('definition', None)
if definition:
definitin_instance = AttributeDefinition()
definitin_instance.populate(definition)
self.definition = definitin_instance
if self.definition_id and self.definition:
if self.definition.identifier and self.definition_id != self.definition.identifier:
raise ValueException(u'Attribute definitions cannot be updated')
if not (self.definition_id or self.definition):
raise ValueException(u'Attribute definition or definition_id must be set')
condition_id = json.get('condition_id', None)
if not condition_id:
condition = json.get('condition', None)
if condition:
condition_id = condition.get('identifier', None)
if condition_id:
self.condition_id = condition_id
self.is_ioc = json.get('ioc', 0)
self.value = json.get('value', None)
self.properties.populate(json.get('properties', None))
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
def populate(self, json):
self.identifier = json.get('identifier', None)
self.title = json.get('title', None)
self.description = json.get('description', None)
self.version = json.get('version', '')
self.properties.populate(json.get('properties', Properties('0')))
obj = self.title = json.get('object', None)
if obj:
obj_instance = Object()
obj_instance.populate(obj)
self.object = obj_instance
comp = self.title = json.get('observable_composition', None)
if comp:
comp_instance = ObservableComposition()
comp_instance.populate(comp)
self.observable_composition = comp_instance
rel_obs = self.title = json.get('related_observables', None)
if rel_obs:
for rel_ob in rel_obs:
obj_instance = RelatedObservable()
obj_instance.populate(rel_ob)
self.related_observables.append(obj_instance)
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
def populate(self, json):
self.identifier = json.get('identifier', None)
self.title = json.get('title', None)
self.description = json.get('description', None)
self.short_description = json.get('short_description', None)
self.confidence = json.get('confidence', None)
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
originating_group = json.get('originating_group', None)
if originating_group:
cg_instance = Group()
cg_instance.populate(originating_group)
self.originating_group = cg_instance
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
self.operator = json.get('operator', 'OR')
self.properties.populate(json.get('properties', Properties('0')))
observables = json.get('observables', list())
if observables:
for observable in observables:
obs = Observable()
obs.populate(observable)
self.observables.append(obs)
def set_date(value):
"""
Returns an DateTime value of the value
Note: If it is not possible to set the value returned value is None
:param value: The value to be set
:type value: DateTime (at least should be)
:returns: DateTime
"""
try:
return strings.stringToDateTime(value)
except Exception as error:
raise ConversionException(error)
def populate_simple_logging(self, instance, json, user, insert=False):
if insert:
# Note the creator
instance.creator_id = user.identifier
instance.creator = user
created_at = json.get('created_at', None)
if created_at:
instance.created_at = strings.stringToDateTime(created_at)
else:
instance.created_at = datetime.utcnow()
instance.modifier_id = user.identifier
instance.modifier = user
instance.modified_on = datetime.utcnow()
def rebuild_relations(self, event_uuid='', from_date=''):
try:
if event_uuid:
if self.verbose:
print '(Re)Creation relations for event {0}'.format(
event_uuid)
try:
event = self.event_controller.get_event_by_uuid(event_uuid)
# drop relations for event
self.relation_controller.remove_relations_for_event(event)
flat_attributes = self.relation_controller.get_flat_attributes_for_event(
event)
self.relation_controller.generate_bulk_attributes_relations(
event, flat_attributes, True)
except ControllerNothingFoundException:
raise MaintenanceException(
'Event with uuid "{0}" cannot be found'.format(
event_uuid))
else:
# drop all relations
self.relation_controller.clear_relations_table()
if from_date:
from_date = stringToDateTime(from_date)
if self.verbose:
print '(Re)Creation all relations for the events created from {0} on'.format(
from_date)
events = self.event_controller.get_all_from(from_date)
else:
if self.verbose:
print '(Re)Creation all relations'
events = self.event_controller.get_all()
for event in events:
if self.verbose:
print 'Rebuild relations for event {0}'.format(
event.identifier)
flat_attributes = self.relation_controller.get_flat_attributes_for_event(
event)
self.relation_controller.generate_bulk_attributes_relations(
event, flat_attributes, False)
self.relation_controller.relation_broker.do_commit(True)
except ControllerException as error:
raise MaintenanceException(error)
def convert_date(string_date): return strings.stringToDateTime(string_date)
def populate(self, json):
self.identifier = json.get('identifier', None)
self.title = json.get('title', None)
self.description = json.get('description', None)
self.risk = json.get('risk', 'Undefined').title()
self.status = json.get('status', 'Draft').title()
self.tlp = json.get('tlp', 'Amber').title()
self.analysis = json.get('analysis', 'Unknown').title()
self.properties.populate(json.get('properties', Properties('0')))
published = json.get('published', False)
if published:
if published == '1' or published == 1:
published = True
elif published == '0' or published == 0:
published = True
self.properties.is_shareable = published
observables = json.get('observables', list())
if observables:
for observable in observables:
obs = Observable()
obs.populate(observable)
self.observables.append(obs)
indicators = json.get('indicators', list())
if indicators:
for indicator in indicators:
ind = Indicator()
ind.populate(indicator)
self.indicators.append(ind)
modifier_group = json.get('modifier_group', None)
if modifier_group:
cg_instance = Group()
cg_instance.populate(modifier_group)
self.modifier = cg_instance
originating_group = json.get('originating_group', None)
if originating_group:
cg_instance = Group()
cg_instance.populate(originating_group)
self.originating_group = cg_instance
creator_group = json.get('creator_group', None)
if creator_group:
cg_instance = Group()
cg_instance.populate(creator_group)
self.creator_group = cg_instance
created_at = json.get('created_at', None)
if created_at:
self.created_at = strings.stringToDateTime(created_at)
modified_on = json.get('modified_on', None)
if modified_on:
self.modified_on = strings.stringToDateTime(modified_on)
first_seen = json.get('first_seen', None)
if first_seen:
self.first_seen = strings.stringToDateTime(first_seen)
last_seen = json.get('last_seen', None)
if last_seen:
self.last_seen = strings.stringToDateTime(last_seen)
reports = json.get('reports', None)
if reports:
for report in reports:
report_instacne = Report()
report_instacne.populate(report)
self.reports.append(report_instacne)
comments = json.get('comments', None)
if comments:
for comment in comments:
comment_instacne = Comment()
comment_instacne.populate(comment)
self.comments.append(comment_instacne)
permissions = json.get('groups', None)
if permissions:
for permission in permissions:
event_permission = EventGroupPermission()
event_permission.populate(permission)
