def __init__(self, ioc_xml): self.working_xml = copy.deepcopy(ioc_xml) self.orig_xml = copy.deepcopy(ioc_xml) self.attributes = self.working_xml.attrib metadata_root = "TEST" if self.working_xml.nsmap[None] == "http://schemas.mandiant.com/2010/ioc": self.version = "1.0" metadata_root = self.working_xml self.criteria = self.working_xml.find('definition') if self.criteria == None: self.working_xml.append(ioc_et.make_definition_node(ioc_et.make_Indicator_node("OR"))) self.criteria = self.working_xml.find('definition') self.parameters = None elif self.working_xml.nsmap[None] == "http://openioc.org/schemas/OpenIOC_1.1": self.version = "1.1" metadata_root = self.working_xml.find('metadata') if metadata_root == None: self.working_xml.append(ioc_et.make_metadata_node(name = "*Missing*", author = "*Missing*", description = "*Missing*", links=ioc_et.make_links_node())) metadata_root = self.working_xml.find('metadata') self.criteria = self.working_xml.find('criteria') if self.criteria == None: self.working_xml.append(ioc_et.make_criteria_node(ioc_et.make_Indicator_node("OR"))) self.criteria = self.working_xml.find('criteria') self.parameters = self.working_xml.find('parameters') if self.parameters == None: self.working_xml.append(ioc_et.make_parameters_node()) self.parameters = self.working_xml.find('parameters') self.name = metadata_root.find('short_description') if self.name == None: metadata_root.append(ioc_et.make_short_description_node("*Missing*")) self.name = metadata_root.find('short_description') self.desc = metadata_root.find('description') if self.desc == None: metadata_root.append(ioc_et.make_description_node("*Missing*")) self.desc = metadata_root.find('description') self.author = metadata_root.find('authored_by') if self.author == None: metadata_root.append(ioc_et.make_authored_by_node("*Missing*")) self.author = metadata_root.find('authored_by') self.created = metadata_root.find('authored_date') if self.created == None: metadata_root.append(ioc_et.make_authored_date_node()) self.created = metadata_root.find('authored_date') self.links = metadata_root.find('links') if self.links == None: metadata_root.append(ioc_et.make_links_node()) self.links = metadata_root.find('links')
def update_name(self, name): ''' Update the name (short description) of an IOC This creates the short description node if it is not present. input name: Value to set the short description too returns True. ''' short_desc_node = self.metadata.find('short_description') if short_desc_node is None: print 'Could not find short description node for [%s]' % str(self.iocid) print 'Creating & inserting the short description node' short_desc_node = ioc_et.make_short_description_node(name) self.metadata.insert(0, short_desc_node) else: short_desc_node.text = name return True
def update_name(self, name): ''' Update the name (short description) of an IOC This creates the short description node if it is not present. input name: Value to set the short description too returns True. ''' short_desc_node = self.metadata.find('short_description') if short_desc_node is None: print 'Could not find short description node for [%s]' % str( self.iocid) print 'Creating & inserting the short description node' short_desc_node = ioc_et.make_short_description_node(name) self.metadata.insert(0, short_desc_node) else: short_desc_node.text = name return True
def add_ioc(self, author, version): new_ioc_xml = ioc_et.make_IOC_root(version=version) ioc_file = new_ioc_xml.attrib['id'] + ".ioc" full_path = os.path.join(self.working_dir, ioc_file) if version == "1.0": new_ioc_xml.append(ioc_et.make_short_description_node(name = "*New IOC*")) new_ioc_xml.append(ioc_et.make_description_node(text="PyIOCe Generated IOC")) new_ioc_xml.append(ioc_et.make_authored_by_node(author = author)) new_ioc_xml.append(ioc_et.make_authored_date_node()) new_ioc_xml.append(ioc_et.make_links_node()) new_ioc_xml.append(ioc_et.make_definition_node(ioc_et.make_Indicator_node("OR"))) elif version == "1.1": new_ioc_xml.append(ioc_et.make_metadata_node( name = "*New IOC*", author = "PyIOCe", description = "PyIOCe Generated IOC")) new_ioc_xml.append(ioc_et.make_criteria_node(ioc_et.make_Indicator_node("OR"))) new_ioc_xml.append(ioc_et.make_parameters_node()) self.iocs[full_path] = IOC(new_ioc_xml) self.iocs[full_path].orig_xml = et.Element('New') return full_path