Python TLPLevel 예제들

예제 #1

파일: family.py 프로젝트: chubbymaggie/polichombr

    def export_detection_openioc(family, tlp_level):
        """
            Exports the detection OPENIOC items.

            TODO: move openioc generation to a new file.
        """
        generated_output = "<?xml version=\"1.0\" encoding=\"us-ascii\"?>\n"
        for item in family.detection_items:
            if item.TLP_sensibility <= tlp_level:
                if item.item_type == DetectionType.OPENIOC:
                    generated_output += '<ioc xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="polichombr-' + \
                        str(family.id) + '-' + str(item.id) + '">\n'
                    generated_output += '<short_description>' + family.name + \
                        ' custom IOC #' + str(item.id) + \
                        '</short_description>\n'
                    generated_output += '<description>Custom IOC for ' + \
                        family.name + ' samples family</description>\n'
                    generated_output += '<tlp_sensibility>' + \
                        TLPLevel.tostring(
                            item.TLP_sensibility) + '</tlp_sensibility>'
                    generated_output += '<authored_date>Polichombr</authored_date>\n'
                    generated_output += '<links />\n'
                    generated_output += '<definition>\n'
                    generated_output += item.abstract + '\n'
                    generated_output += '</definition>\n</ioc>\n\n\n'
        generated_output += "</ioc>"
        return generated_output

예제 #2

    def generate_samples_zip_file(family, tlp_level):
        """
            Generates a sample ZIP file.
            We actually store it in the storage under a
            unique filename : family-tlp_level-sha256(samples sha256).
            By doing this we may avoid losing time generating already
            generated files.
        """
        if TLPLevel.tostring(int(tlp_level)) == "":
            return None
        zipname = ""
        for sample in family.samples:
            if sample.TLP_sensibility <= tlp_level:
                zipname += sample.sha256
        zip_fname = family.name + "-" + \
            str(tlp_level) + "-" + sha256(zipname.encode("utf-8")).hexdigest()
        zip_fname += ".tar.gz"

        zip_path = os.path.join(app.config['STORAGE_PATH'], zip_fname)
        if os.path.exists(zip_path):
            return zip_path

        with tarfile.open(zip_path, "w:gz") as tarf:
            for x in family.samples:
                if x.TLP_sensibility <= tlp_level:
                    if os.path.exists(x.storage_file):
                        tarf.add(x.storage_file, arcname=x.sha256)
        return zip_path

예제 #3

    def export_detection_openioc(family, tlp_level):
        """
            Exports the detection OPENIOC items.

            TODO: move openioc generation to a new file.
        """
        generated_output = "<?xml version=\"1.0\" encoding=\"us-ascii\"?>\n"
        for item in family.detection_items:
            if item.TLP_sensibility <= tlp_level:
                if item.item_type == DetectionType.OPENIOC:
                    generated_output += '<ioc xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="polichombr-' + \
                        str(family.id) + '-' + str(item.id) + '">\n'
                    generated_output += '<short_description>' + family.name + \
                        ' custom IOC #' + str(item.id) + \
                        '</short_description>\n'
                    generated_output += '<description>Custom IOC for ' + \
                        family.name + ' samples family</description>\n'
                    generated_output += '<tlp_sensibility>' + \
                        TLPLevel.tostring(
                            item.TLP_sensibility) + '</tlp_sensibility>'
                    generated_output += '<authored_date>Polichombr</authored_date>\n'
                    generated_output += '<links />\n'
                    generated_output += '<definition>\n'
                    generated_output += item.abstract + '\n'
                    generated_output += '</definition>\n</ioc>\n\n\n'
        generated_output += "</ioc>"
        return generated_output

예제 #4

파일: family.py 프로젝트: chubbymaggie/polichombr

    def generate_samples_zip_file(family, tlp_level):
        """
            Generates a sample ZIP file.
            We actually store it in the storage under a
            unique filename : family-tlp_level-sha256(samples sha256).
            By doing this we may avoid losing time generating already
            generated files.
        """
        if TLPLevel.tostring(int(tlp_level)) == "":
            return None
        zipname = ""
        for sample in family.samples:
            if sample.TLP_sensibility <= tlp_level:
                zipname += sample.sha256
        zip_fname = family.name + "-" + \
            str(tlp_level) + "-" + sha256(zipname.encode("utf-8")).hexdigest()
        zip_fname += ".tar.gz"

        zip_path = os.path.join(app.config['STORAGE_PATH'], zip_fname)
        if os.path.exists(zip_path):
            return zip_path

        with tarfile.open(zip_path, "w:gz") as tarf:
            for x in family.samples:
                if x.TLP_sensibility <= tlp_level:
                    if os.path.exists(x.storage_file):
                        tarf.add(x.storage_file, arcname=x.sha256)
        return zip_path

예제 #5

파일: yara_rule.py 프로젝트: chubbymaggie/polichombr

 def set_tlp_level(tlp_level, yar):
     """
     Change TLP level.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     yar.TLP_sensibility = tlp_level
     db.session.commit()
     return True

예제 #6

 def set_tlp_level(tlp_level, yar):
     """
     Change TLP level.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     yar.TLP_sensibility = tlp_level
     db.session.commit()
     return True

예제 #7

파일: sample.py 프로젝트: chubbymaggie/polichombr

 def set_tlp_level(sample, tlp_level):
     """
         Change file's TLP level.
     """
     if TLPLevel.tostring(tlp_level) == "":
         return False
     for family in sample.families:
         if family.TLP_sensibility > tlp_level:
             return False
     sample.TLP_sensibility = tlp_level
     db.session.commit()
     return True

예제 #8

 def set_tlp_level(sample, tlp_level):
     """
         Change file's TLP level.
     """
     if TLPLevel.tostring(tlp_level) == "":
         return False
     for family in sample.families:
         if family.TLP_sensibility > tlp_level:
             return False
     sample.TLP_sensibility = tlp_level
     db.session.commit()
     return True

예제 #9

파일: family.py 프로젝트: chubbymaggie/polichombr

 def export_detection_snort(family, tlp_level):
     """
         Exports the yara detection SNORT rules.
     """
     generated_output = "# SNORT ruleset for family " + family.name + "\n\n"
     for item in family.detection_items:
         if item.TLP_sensibility <= tlp_level:
             if item.item_type == DetectionType.SNORT:
                 generated_output += "# rule internal name: " + \
                     item.name + "\n"
                 generated_output += "# rule TLP sensibility: " + \
                     TLPLevel.tostring(item.TLP_sensibility) + "\n"
                 generated_output += item.abstract + "\n\n"
     return generated_output

예제 #10

파일: family.py 프로젝트: chubbymaggie/polichombr

 def export_detection_custom(family, tlp_level):
     """
         Exports the yara detection CUSTOM items.
     """
     generated_output = "Custom detection items for family " + \
         family.name + "\n\n"
     for item in family.detection_items:
         if item.TLP_sensibility <= tlp_level:
             if item.item_type == DetectionType.CUSTOM:
                 generated_output += "Name: " + item.name + "\n"
                 generated_output += "TLP sensibility: " + \
                     TLPLevel.tostring(item.TLP_sensibility) + "\n"
                 generated_output += "Content:\n" + item.abstract + "\n\n"
     return generated_output

예제 #11

 def export_detection_custom(family, tlp_level):
     """
         Exports the yara detection CUSTOM items.
     """
     generated_output = "Custom detection items for family " + \
         family.name + "\n\n"
     for item in family.detection_items:
         if item.TLP_sensibility <= tlp_level:
             if item.item_type == DetectionType.CUSTOM:
                 generated_output += "Name: " + item.name + "\n"
                 generated_output += "TLP sensibility: " + \
                     TLPLevel.tostring(item.TLP_sensibility) + "\n"
                 generated_output += "Content:\n" + item.abstract + "\n\n"
     return generated_output

예제 #12

 def export_detection_snort(family, tlp_level):
     """
         Exports the yara detection SNORT rules.
     """
     generated_output = "# SNORT ruleset for family " + family.name + "\n\n"
     for item in family.detection_items:
         if item.TLP_sensibility <= tlp_level:
             if item.item_type == DetectionType.SNORT:
                 generated_output += "# rule internal name: " + \
                     item.name + "\n"
                 generated_output += "# rule TLP sensibility: " + \
                     TLPLevel.tostring(item.TLP_sensibility) + "\n"
                 generated_output += item.abstract + "\n\n"
     return generated_output

예제 #13

 def export_yara_ruleset(family, tlp_level):
     """
         Exports the yara rules.
     """
     generated_output = "/* Polichombr ruleset export */\n/* Family: " + \
         family.name + " */\n\n"
     for yar in family.yaras:
         if yar.TLP_sensibility <= tlp_level:
             generated_output += "/* Internal name: " + yar.name + " */\n"
             generated_output += "/* TLP level: " + \
                 TLPLevel.tostring(yar.TLP_sensibility) + " */\n"
             generated_output += "/* Creation date: " + \
                 str(yar.creation_date) + " */\n"
             generated_output += yar.raw_rule + "\n\n"
     return generated_output

예제 #14

파일: family.py 프로젝트: chubbymaggie/polichombr

 def export_yara_ruleset(family, tlp_level):
     """
         Exports the yara rules.
     """
     generated_output = "/* Polichombr ruleset export */\n/* Family: " + \
         family.name + " */\n\n"
     for yar in family.yaras:
         if yar.TLP_sensibility <= tlp_level:
             generated_output += "/* Internal name: " + yar.name + " */\n"
             generated_output += "/* TLP level: " + \
                 TLPLevel.tostring(yar.TLP_sensibility) + " */\n"
             generated_output += "/* Creation date: " + \
                 str(yar.creation_date) + " */\n"
             generated_output += yar.raw_rule + "\n\n"
     return generated_output

예제 #15

 def add_file(filedata, filename, description, tlp_level, family):
     """
         Creates an attached file.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     storage_file_name = md5(str(int(time.time()))).hexdigest() + ".bin"
     stored_path = os.path.join(app.config['STORAGE_PATH'],
                                storage_file_name)
     open(stored_path, 'wb').write(filedata)
     x = FamilyDataFile()
     x.filepath = stored_path
     x.filename = filename
     x.description = description
     x.TLP_sensibility = tlp_level
     family.associated_files.append(x)
     db.session.add(x)
     db.session.commit()
     return True

예제 #16

파일: family.py 프로젝트: chubbymaggie/polichombr

 def add_file(filedata, filename, description, tlp_level, family):
     """
         Creates an attached file.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     storage_file_name = md5(str(int(time.time()))).hexdigest() + ".bin"
     stored_path = os.path.join(
         app.config['STORAGE_PATH'],
         storage_file_name)
     open(stored_path, 'wb').write(filedata)
     x = FamilyDataFile()
     x.filepath = stored_path
     x.filename = filename
     x.description = description
     x.TLP_sensibility = tlp_level
     family.associated_files.append(x)
     db.session.add(x)
     db.session.commit()
     return True

예제 #17

파일: family.py 프로젝트: chubbymaggie/polichombr

    def create_detection_item(abstract, name, tlp_level, item_type, family):
        """
            Creates a detection item.
        """
        if DetectionType.tostring(item_type) == "":
            return False
        if TLPLevel.tostring(tlp_level) is None:
            return False
        if family.TLP_sensibility > tlp_level:
            tlp_level = family.TLP_sensibility

        item = DetectionElement()
        item.abstract = abstract
        item.name = name
        item.TLP_sensibility = tlp_level
        item.item_type = item_type

        family.detection_items.append(item)
        db.session.add(item)
        db.session.commit()
        return True

예제 #18

    def create_detection_item(abstract, name, tlp_level, item_type, family):
        """
            Creates a detection item.
        """
        if DetectionType.tostring(item_type) == "":
            return False
        if TLPLevel.tostring(tlp_level) is None:
            return False
        if family.TLP_sensibility > tlp_level:
            tlp_level = family.TLP_sensibility

        item = DetectionElement()
        item.abstract = abstract
        item.name = name
        item.TLP_sensibility = tlp_level
        item.item_type = item_type

        family.detection_items.append(item)
        db.session.add(item)
        db.session.commit()
        return True

예제 #19

 def create(self, name, raw_data, tlp_level):
     """
     Creates a new rule.
     Checks the rule before insertion, and executes it on
     any database sample.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     if YaraRule.query.filter_by(name=name).count() != 0:
         app.logger.error("This rule already exists")
         return False
     try:
         yara.compile(source=raw_data)
     except yara.SyntaxError as error:
         app.logger.error("Failed to compile rule %s", name)
         app.logger.exception(error)
         return False
     yar = YaraRule(name, raw_data, tlp_level)
     yar.version = 1
     db.session.add(yar)
     db.session.commit()
     for sample in Sample.query.all():
         self.execute_on_sample(sample, yar)
     return yar

예제 #20

파일: yara_rule.py 프로젝트: chubbymaggie/polichombr

 def create(self, name, raw_data, tlp_level):
     """
     Creates a new rule.
     Checks the rule before insertion, and executes it on
     any database sample.
     """
     if TLPLevel.tostring(tlp_level) is None:
         return False
     if YaraRule.query.filter_by(name=name).count() != 0:
         app.logger.error("This rule already exists")
         return False
     try:
         yara.compile(source=raw_data)
     except yara.SyntaxError as error:
         app.logger.error("Failed to compile rule %s", name)
         app.logger.exception(error)
         return False
     yar = YaraRule(name, raw_data, tlp_level)
     yar.version = 1
     db.session.add(yar)
     db.session.commit()
     for sample in Sample.query.all():
         self.execute_on_sample(sample, yar)
     return yar