def convert_indicator(indicator20): indicator1x = Indicator(id_=convert_id20(indicator20["id"]), timestamp=text_type(indicator20["modified"])) if "name" in indicator20: indicator1x.title = indicator20["name"] if "description" in indicator20: indicator1x.add_description(indicator20["description"]) indicator1x.indicator_types = convert_open_vocabs_to_controlled_vocabs( indicator20["labels"], INDICATOR_LABEL_MAP) indicator1x.add_valid_time_position( convert_to_valid_time( text_type(indicator20["valid_from"]), text_type(indicator20["valid_until"]) if "valid_until" in indicator20 else None)) indicator1x.add_observable( create_pattern_object( indicator20["pattern"]).toSTIX1x(id20=indicator20["id"])) if "kill_chain_phases" in indicator20: process_kill_chain_phases(indicator20["kill_chain_phases"], indicator1x) if "object_marking_refs" in indicator20: for m_id in indicator20["object_marking_refs"]: ms = create_marking_specification(m_id) if ms: CONTAINER.add_marking(indicator1x, ms, descendants=True) if "granular_markings" in indicator20: error( "Granular Markings present in '%s' are not supported by stix2slider", 604, indicator20["id"]) record_id_object_mapping(indicator20["id"], indicator1x) return indicator1x
def generate_indicators(self, count): '''Generate a list of STIX Indicators''' indicators = [] for i in range(0, count): indicator = Indicator(title='Multiple indicator types') indicator.set_producer_identity(Identity(name='Secret Source')) indicator.set_produced_time(datetime.today()) indicator.add_indicator_type(choice(['Malware Artifacts', 'C2', 'Exfiltration'])) indicator.add_short_description('Short description...') indicator.add_description('Long description...') indicator.confidence = Confidence(choice(['High', 'Medium', 'Low', 'None', 'Unknown'])) kill_chain_phase = choice(LMCO_KILL_CHAIN_PHASES) indicator.kill_chain_phases = KillChainPhasesReference( [KillChainPhaseReference(name=kill_chain_phase.name)]) ips = self.gen_ips(randint(0, 5)) for ip in ips: indicator.add_observable(ip) # user_agents = self.gen_user_agents(randint(0, 5)) # for ua in user_agents: # indicator.add_observable(ua) # fqnds = self.gen_fqdns(randint(0, 5)) # for f in fqnds: # indicator.add_observable(f) # urls = self.gen_urls(randint(0, 5)) # for u in urls: # indicator.add_observable(u) indicators.append(indicator) return indicators