def createRelation(self, action, src, dst): """Creates a relation between objects. @param action: relation type @param src: relation source @param dst: relation target @return: relation object """ return maec.relationship(id=self.getRelId(), type_=action, source=maec.reference(valueOf_=src), target=maec.reference(valueOf_=dst))
def createFileObject(self, f): """Creates a file object. @param f: file hash representation from cuckoo dict results. @return: file object. """ file = maec.fileObject( id = f["md5"], fileType = [f["type"]], size = f["size"], crc32 = f["crc32"], md5 = f["md5"], sha1 = f["sha1"], sha512 = f["sha512"] ) file.add_extraHash(maec.extraHashType("ssdeep", f["ssdeep"])) # Add related filename prop = maec.objectProperty() prop.add_property(maec.property( type_= "filename", valueOf_ = f["name"] ) ) prop.set_references( maec.reference( valueOf_ = "file[@id='%s']" % f["md5"] ) ) self.properties.add_objectProperty(prop) return file
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject(id=req["uri"], uriString=req["uri"], protocol="http", hostname=req["host"], port=req["port"], path=req["path"], ipProtocol="tcp") # Add details prop = maec.objectProperty() prop.add_property( maec.property(type_="httpMethod", valueOf_=req["method"])) if req["method"] == "POST": prop.add_property( maec.property(type_="postData", valueOf_="<![CDATA[%s]]>" % req["body"])) if "user-agent" in req: prop.add_property( maec.property(type_="userAgent", valueOf_=req["user-agent"])) prop.set_references( maec.reference(valueOf_="uri[@id='%s']" % req["uri"])) self.properties.add_objectProperty(prop) return uri
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject(id=req['uri'], uriString=req['uri'], protocol='http', hostname=req['host'], port=req['port'], path=req['path'], ipProtocol='tcp') # Add details prop = maec.objectProperty() prop.add_property( maec.property(type_='httpMethod', valueOf_=req['method'])) if req['method'] == 'POST': prop.add_property( maec.property(type_='postData', valueOf_="<![CDATA[%s]]>" % req['body'])) if 'user-agent' in req: prop.add_property( maec.property(type_='userAgent', valueOf_=req['user-agent'])) prop.set_references( maec.reference(valueOf_="uri[@id='%s']" % req['uri'])) self.properties.add_objectProperty(prop) return uri
def createRelation(self, action, src, dst): """Creates a relation between objects. @param action: relation type @param src: relation source @param dst: relation target @return: relation object """ return maec.relationship( id = self.getRelId(), type_ = action, source = maec.reference( valueOf_ = src ), target = maec.reference( valueOf_ = dst ) )
def createFileObject(self, f): """Creates a file object. @param f: file hash representation from cuckoo dict results. @return: file object. """ file = maec.fileObject(id=f["md5"], fileType=[f["type"]], size=f["size"], crc32=f["crc32"], md5=f["md5"], sha1=f["sha1"], sha512=f["sha512"]) file.add_extraHash(maec.extraHashType("ssdeep", f["ssdeep"])) # Add related filename prop = maec.objectProperty() prop.add_property(maec.property(type_="filename", valueOf_=f["name"])) prop.set_references( maec.reference(valueOf_="file[@id='%s']" % f["md5"])) self.properties.add_objectProperty(prop) return file
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject( id = req["uri"], uriString = req["uri"], protocol = "http", hostname = req["host"], port = req["port"], path = req["path"], ipProtocol = "tcp" ) # Add details prop = maec.objectProperty() prop.add_property(maec.property( type_= "httpMethod", valueOf_ = req["method"] ) ) if req["method"] == "POST": prop.add_property(maec.property( type_= "postData", valueOf_ = "<![CDATA[%s]]>" % req["body"] ) ) if "user-agent" in req: prop.add_property(maec.property( type_= "userAgent", valueOf_ = req["user-agent"] ) ) prop.set_references( maec.reference( valueOf_ = "uri[@id='%s']" % req["uri"] ) ) self.properties.add_objectProperty(prop) return uri
def createUriObject(self, req): """Creates URI object @param req: HTTP request as described in cuckoo dict @return: created URI object """ uri = maec.uriObject( id = req['uri'], uriString = req['uri'], protocol = 'http', hostname = req['host'], port = req['port'], path = req['path'], ipProtocol = 'tcp' ) # Add details prop = maec.objectProperty() prop.add_property(maec.property( type_= 'httpMethod', valueOf_ = req['method'] ) ) if req['method'] == 'POST': prop.add_property(maec.property( type_= 'postData', valueOf_ = "<![CDATA[%s]]>" % req['body'] ) ) if 'user-agent' in req: prop.add_property(maec.property( type_= 'userAgent', valueOf_ = req['user-agent'] ) ) prop.set_references( maec.reference( valueOf_ = "uri[@id='%s']" % req['uri'] ) ) self.properties.add_objectProperty(prop) return uri