def main(): infilename = '' outfilename = '' #Get the command-line arguments args = sys.argv[1:] if len(args) < 4: usage() sys.exit(1) for i in range(0,len(args)): if args[i] == '-i': infilename = args[i+1] elif args[i] == '-o': outfilename = args[i+1] if os.path.isfile(infilename): try: # Perform the translation using the methods from the OpenIOC to CybOX Script openioc_indicators = openioc.parse(infilename) observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True) observables_cls = Observables.from_obj(observables_obj) # Set the namespace to be used in the STIX Package stix.utils.set_id_namespace({"https://github.com/STIXProject/openioc-to-stix":"openiocToSTIX"}) # Wrap the created Observables in a STIX Package/Indicator stix_package = STIXPackage() # Add the OpenIOC namespace input_namespaces = {"http://openioc.org/":"openioc"} stix_package.__input_namespaces__ = input_namespaces for observable in observables_cls.observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}] indicator_dict['producer'] = producer_dict indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(observables_cls.observables[0]) stix_package.add_indicator(indicator) # Create and write the STIX Header stix_header = STIXHeader() stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File" stix_package.stix_header = stix_header # Write the generated STIX Package as XML to the output file outfile = open(outfilename, 'w') # Ignore any warnings - temporary fix for no schemaLocation w/ namespace with warnings.catch_warnings(): warnings.simplefilter("ignore") outfile.write(stix_package.to_xml()) warnings.resetwarnings() outfile.flush() outfile.close() except Exception, err: print('\nError: %s\n' % str(err)) traceback.print_exc()
def main(): infilename = '' outfilename = '' #Get the command-line arguments args = sys.argv[1:] if len(args) < 4: usage() sys.exit(1) for i in range(0, len(args)): if args[i] == '-i': infilename = args[i + 1] elif args[i] == '-o': outfilename = args[i + 1] if os.path.isfile(infilename): try: # Perform the translation using the methods from the OpenIOC to CybOX Script openioc_indicators = openioc.parse(infilename) observables_obj = openioc_to_cybox.generate_cybox( openioc_indicators, infilename, True) observables_cls = Observables.from_obj(observables_obj) # Wrap the created Observables in a STIX Package/Indicator stix_package = STIXPackage() for observable in observables_cls.observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{ 'name': 'OpenIOC to STIX Utility', 'version': str(__VERSION__) }] indicator_dict['producer'] = producer_dict indicator_dict[ 'title'] = "CybOX-represented Indicator Created from OpenIOC File" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(observables_cls.observables[0]) stix_package.add_indicator(indicator) # Create and write the STIX Header stix_header = STIXHeader() stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File" stix_package.stix_header = stix_header # Write the generated STIX Package as XML to the output file outfile = open(outfilename, 'w') outfile.write(stix_package.to_xml()) outfile.flush() outfile.close() except Exception, err: print('\nError: %s\n' % str(err)) traceback.print_exc()
def test_observables_property_standard(self): f = File() f.file_name = "README.txt" obs = Observable(f) ind = Indicator() ind.observable = obs ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([obs.to_dict()], [x.to_dict() for x in ind2.observables])
def test_observables_property_standard(self): f = File() f.file_name = "README.txt" obs = Observable(f) ind = Indicator() ind.observable = obs ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([obs.to_dict()], [x.to_dict() for x in ind2.observables])
def main(): infilename = '' outfilename = '' #Get the command-line arguments args = sys.argv[1:] if len(args) < 4: usage() sys.exit(1) for i in range(0,len(args)): if args[i] == '-i': infilename = args[i+1] elif args[i] == '-o': outfilename = args[i+1] if os.path.isfile(infilename): try: # Perform the translation using the methods from the OpenIOC to CybOX Script openioc_indicators = openioc.parse(infilename) observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True) observables_cls = Observables.from_obj(observables_obj) # Wrap the created Observables in a STIX Package/Indicator stix_package = STIXPackage() for observable in observables_cls.observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}] indicator_dict['producer'] = producer_dict indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(observables_cls.observables[0]) stix_package.add_indicator(indicator) # Create and write the STIX Header stix_header = STIXHeader() stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File" stix_package.stix_header = stix_header # Write the generated STIX Package as XML to the output file outfile = open(outfilename, 'w') outfile.write(stix_package.to_xml()) outfile.flush() outfile.close() except Exception, err: print('\nError: %s\n' % str(err)) traceback.print_exc()
def test_observables_property_composition(self): f1 = File() f1.file_name = "README.txt" f2 = File() f2.file_name = "README2.txt" obs1 = Observable(f1) obs2 = Observable(f2) comp = Observable(ObservableComposition('AND', [obs1, obs2])) ind = Indicator() ind.observable = comp ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([obs1.to_dict(), obs2.to_dict()], [x.to_dict() for x in ind2.observables])
def test_observables_property_composition(self): f1 = File() f1.file_name = "README.txt" f2 = File() f2.file_name = "README2.txt" obs1 = Observable(f1) obs2 = Observable(f2) comp = Observable(ObservableComposition('AND', [obs1, obs2])) ind = Indicator() ind.observable = comp ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([obs1.to_dict(), obs2.to_dict()], [x.to_dict() for x in ind2.observables])
def from_dict(cls, dict_repr, return_obj=None): if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id', None) return_obj.idref_ = dict_repr.get('idref', None) return_obj.version = dict_repr.get('version', None) header_dict = dict_repr.get('stix_header', None) return_obj.stix_header = STIXHeader.from_dict(header_dict) indicators = dict_repr.get('indicators', []) for indicator_dict in indicators: return_obj.add_indicator(Indicator.from_dict(indicator_dict)) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id', None) return_obj.idref_ = dict_repr.get('idref', None) return_obj.version = dict_repr.get('version', None) header_dict = dict_repr.get('stix_header', None) return_obj.stix_header = STIXHeader.from_dict(header_dict) indicators = dict_repr.get('indicators', []) for indicator_dict in indicators: return_obj.add_indicator(Indicator.from_dict(indicator_dict)) observables_dict = dict_repr.get('observables') return_obj.observables = Observables.from_dict(observables_dict) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id', None) return_obj.idref = dict_repr.get('idref', None) return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version', cls._version) return_obj.stix_header = STIXHeader.from_dict(dict_repr.get('stix_header', None)) return_obj.campaigns = [Campaign.from_dict(x) for x in dict_repr.get('campaigns', [])] return_obj.courses_of_action = [CourseOfAction.from_dict(x) for x in dict_repr.get('courses_of_action', [])] return_obj.exploit_targets = [ExploitTarget.from_dict(x) for x in dict_repr.get('exploit_targets', [])] return_obj.indicators = [Indicator.from_dict(x) for x in dict_repr.get('indicators', [])] return_obj.observables = Observables.from_dict(dict_repr.get('observables')) return_obj.incidents = [Incident.from_dict(x) for x in dict_repr.get('incidents', [])] return_obj.threat_actors = [ThreatActor.from_dict(x) for x in dict_repr.get('threat_actors', [])] return_obj.ttps = TTPs.from_dict(dict_repr.get('ttps')) return_obj.related_packages = RelatedPackages.from_dict(dict_repr.get('related_packages')) return return_obj
def export_stix(iocs): '''Export to STIX. Adapted from: github.com/STIXProject/openioc-to-stix/blob/master/openioc_to_stix.py ''' cybox_observables = export_cybox(iocs) stix_package = STIXPackage() for obs in cybox_observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{'name':'extract_iocs'}] indicator_dict['producer'] = producer_dict indicator_dict['title'] = "extract_iocs STIX export" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(obs) stix_package.add_indicator(indicator) # Create and write the STIX Header stix_header = STIXHeader() stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = "CybOX-represented Indicators extracted with extract_iocs" stix_package.stix_header = stix_header return stix_package.to_xml()
def export_stix(iocs): '''Export to STIX. Adapted from: github.com/STIXProject/openioc-to-stix/blob/master/openioc_to_stix.py ''' cybox_observables = export_cybox(iocs) stix_package = STIXPackage() for obs in cybox_observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{'name': 'export_iocs'}] indicator_dict['producer'] = producer_dict indicator_dict['title'] = "export_iocs STIX export" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(obs) stix_package.add_indicator(indicator) # Create and write the STIX Header stix_header = STIXHeader() stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = "CybOX-represented Indicators extracted with export_iocs" stix_package.stix_header = stix_header return stix_package.to_xml()
def __make_stix_xml_string(self, filename, open_ioc_xml): # This is actually an adapted version of the openioc_to_stix.py to be compatible with ce1sus try: # save the file base_dir = self.get_dest_folder() open_ioc_filename = base_dir + '/' + filename open_stix_filename = base_dir + '/STIX_of_' + filename open_ioc_file = open(open_ioc_filename, 'w+') open_ioc_file.write(open_ioc_xml) open_ioc_file.close() openioc_indicators = openioc.parse(open_ioc_filename) observables_obj = openioc_to_cybox.generate_cybox( openioc_indicators, open_ioc_filename, True) observables_cls = Observables.from_obj(observables_obj) stix.utils.set_id_namespace({ "https://github.com/STIXProject/openioc-to-stix": "openiocToSTIX" }) stix_package = STIXPackage() stix_package.version = '1.1.1' input_namespaces = {"openioc": "http://openioc.org/"} stix_package.__input_namespaces__ = input_namespaces for observable in observables_cls.observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{ 'name': 'OpenIOC to STIX Utility', 'version': str(__VERSION__) }] indicator_dict['producer'] = producer_dict indicator_dict[ 'title'] = "CybOX-represented Indicator Created from OpenIOC File" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(observables_cls.observables[0]) stix_package.add_indicator(indicator) stix_header = STIXHeader() # set the correct header file_obj = open(open_ioc_filename, 'rb') file_contents = file_obj.read() print file_contents file_obj.close() root = etree.fromstring(file_contents) for child in root: if child.tag.endswith('short_description'): stix_header.short_description = child.text elif child.tag.endswith('description'): stix_header.description = child.text else: if stix_header.description and stix_header.short_description: break stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = '{0}\n\n CybOX-represented Indicators Translated from OpenIOC File'.format( stix_header.description) stix_package.stix_header = stix_header # Write the generated STIX Package as XML to the output file outfile = open(open_stix_filename, 'w') # Ignore any warnings - temporary fix for no schemaLocation w/ namespace with warnings.catch_warnings(): warnings.simplefilter("ignore") outfile.write(stix_package.to_xml()) warnings.resetwarnings() outfile.flush() outfile.close() return base_dir, open_stix_filename except Exception as error: self.logger.error(error) raise cherrypy.HTTPError(500, '{0}'.format(error.message))
def test_observables_property_empty(self): ind = Indicator() ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([], ind2.observables)
def from_dict(cls, dict_repr,return_obj=None, stix_pkg_id = None): print("[PickupIndicator] from_dict....") # Send PickupIndicator() to Indicator.from_dict so that a PickupIndicator is returned. return_obj = Indicator.from_dict(dict_repr, PickupIndicator() ) return_obj.stix_pkg_id = stix_pkg_id return return_obj
def test_observables_property_empty(self): ind = Indicator() ind2 = Indicator.from_dict(ind.to_dict()) self.assertEqual([], ind2.observables)