def export_stix(iocs):
"""
Export the tagged items in STIX format.
BROKE!
"""
observables_doc = None
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = filename
stix_package.stix_header = stix_header
for ioc in iocs['md5']:
observable = cybox_helper.create_file_hash_observable('', value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
if t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
observable = cybox_helper.create_domain_name_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
if len(observables) > 0:
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
stix_xml = stix_package.to_xml()
f.write(stix_xml)
def main():
'''Build a CybOX Observables document and write it to stdout'''
domain = helper.create_domain_name_observable('www.example.com')
url = helper.create_url_observable('http://www.example.com')
ipv4 = helper.create_ipv4_observable('127.0.0.1')
email = helper.create_email_address_observable('*****@*****.**')
file_ = helper.create_file_hash_observable('foo.bar',
'94f93e00fd122466d68a6ae3b8c7f908')
observables_doc = Observables([
domain,
ipv4,
url,
email,
file_,
])
print(observables_doc.to_xml())
pprint(observables_doc.to_dict())
def main():
'''Build a CybOX Observables document and write it to stdout'''
domain = helper.create_domain_name_observable('www.example.com')
url = helper.create_url_observable('http://www.example.com')
ipv4 = helper.create_ipv4_observable('127.0.0.1')
email = helper.create_email_address_observable('*****@*****.**')
file_ = helper.create_file_hash_observable('foo.bar',
'94f93e00fd122466d68a6ae3b8c7f908')
observables_doc = Observables([
domain,
ipv4,
url,
email,
file_,
])
print(observables_doc.to_xml(encoding=None))
pprint(observables_doc.to_dict())
def export_cybox():
"""
Export the tagged items in CybOX format.
This prompts the user to determine which file they want the CybOX saved
out too.
"""
filename = asksaveasfilename(title="Save As", filetypes=[("xml file",".xml"),("All files",".*")])
observables_doc = None
if filename:
observables = []
for t in tags:
indicators = []
myhighlights = text.tag_ranges(t)
mystart = 0
for h in myhighlights:
if mystart == 0:
mystart = h
else:
mystop = h
value = text.get(mystart,mystop).replace('[.]','.').replace('[@]','@')
if t == 'md5':
value = value.upper()
if value not in indicators:
observable = cybox_helper.create_file_hash_observable('', value)
observables.append(observable)
indicators.append(value)
elif t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(value)
observables.append(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
# CybOX 2.0 contains a schema bug that prevents the use of this function.
# The workaround is to not declare a @type attribute for the URI object
#observable = cybox_helper.create_domain_name_observable(value)
uri_obj = URI(value=value)
uri_obs = Observable(item=uri_obj)
observables.append(uri_obs)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(value)
observables.append(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(value)
observables.append(observable)
indicators.append(value)
mystart = 0
# end if
# end for
# end for
if len(observables) > 0:
NS = cybox.utils.Namespace("http://example.com/", "example")
cybox.utils.set_id_namespace(NS)
observables_doc = Observables(observables=observables)
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
cybox_xml = observables_doc.to_xml(namespace_dict={NS.name: NS.prefix})
f.write(cybox_xml)
def export_cybox():
"""
Export the tagged items in CybOX format.
This prompts the user to determine which file they want the CybOX saved
out too.
"""
filename = asksaveasfilename(title="Save As",
filetypes=[("xml file", ".xml"),
("All files", ".*")])
observables_doc = None
if filename:
observables = []
for t in tags:
indicators = []
myhighlights = text.tag_ranges(t)
mystart = 0
for h in myhighlights:
if mystart == 0:
mystart = h
else:
mystop = h
value = text.get(mystart,
mystop).replace('[.]',
'.').replace('[@]', '@')
if t == 'md5':
value = value.upper()
if value not in indicators:
observable = cybox_helper.create_file_hash_observable(
'', value)
observables.append(observable)
indicators.append(value)
elif t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
observable = cybox_helper.create_domain_name_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(
value)
observables.append(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(
value)
observables.append(observable)
indicators.append(value)
mystart = 0
# end if
# end for
# end for
if len(observables) > 0:
NS = cybox.utils.Namespace("http://example.com/", "example")
cybox.utils.set_id_namespace(NS)
observables_doc = Observables(observables=observables)
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
cybox_xml = observables_doc.to_xml()
f.write(cybox_xml)
def export_stix():
"""
Export the tagged items in STIX format.
This prompts the user to determine which file they want the STIX saved
out too.
"""
filename = asksaveasfilename(title="Save As", filetypes=[("xml file",".xml"),("All files",".*")])
observables_doc = None
stix_package = STIXPackage()
stix_header = STIXHeader()
stix_header.description = filename
stix_package.stix_header = stix_header
if filename:
observables = []
for t in tags:
indicators = []
myhighlights = text.tag_ranges(t)
mystart = 0
for h in myhighlights:
if mystart == 0:
mystart = h
else:
mystop = h
value = text.get(mystart,mystop).replace('[.]','.').replace('[@]','@')
if t == 'md5':
value = value.upper()
if value not in indicators:
observable = cybox_helper.create_file_hash_observable('', value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'ipv4':
if not value in indicators:
observable = cybox_helper.create_ipv4_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'domain':
if not value in indicators:
observable = cybox_helper.create_domain_name_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'url':
if not value in indicators:
observable = cybox_helper.create_url_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
elif t == 'email':
if not value in indicators:
observable = cybox_helper.create_email_address_observable(value)
observables.append(observable)
stix_package.add_observable(observable)
indicators.append(value)
mystart = 0
# end if
# end for
# end for
if len(observables) > 0:
if not filename.endswith('.xml'):
filename = "%s.xml" % filename #add .xml extension if missing
# end if
with open(filename, "wb") as f:
stix_xml = stix_package.to_xml()
f.write(stix_xml)