def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Set the namespace to be used in the STIX Package
stix.utils.set_id_namespace({"https://github.com/STIXProject/openioc-to-stix":"openiocToSTIX"})
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
# Add the OpenIOC namespace
input_namespaces = {"http://openioc.org/":"openioc"}
stix_package.__input_namespaces__ = input_namespaces
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
# Ignore any warnings - temporary fix for no schemaLocation w/ namespace
with warnings.catch_warnings():
warnings.simplefilter("ignore")
outfile.write(stix_package.to_xml())
warnings.resetwarnings()
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(
openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{
'name': 'OpenIOC to STIX Utility',
'version': str(__VERSION__)
}]
indicator_dict['producer'] = producer_dict
indicator_dict[
'title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
outfile.write(stix_package.to_xml())
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def test_observables_property_standard(self):
f = File()
f.file_name = "README.txt"
obs = Observable(f)
ind = Indicator()
ind.observable = obs
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([obs.to_dict()],
[x.to_dict() for x in ind2.observables])
def test_observables_property_standard(self):
f = File()
f.file_name = "README.txt"
obs = Observable(f)
ind = Indicator()
ind.observable = obs
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([obs.to_dict()],
[x.to_dict() for x in ind2.observables])
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
outfile.write(stix_package.to_xml())
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def test_observables_property_composition(self):
f1 = File()
f1.file_name = "README.txt"
f2 = File()
f2.file_name = "README2.txt"
obs1 = Observable(f1)
obs2 = Observable(f2)
comp = Observable(ObservableComposition('AND', [obs1, obs2]))
ind = Indicator()
ind.observable = comp
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([obs1.to_dict(), obs2.to_dict()],
[x.to_dict() for x in ind2.observables])
def test_observables_property_composition(self):
f1 = File()
f1.file_name = "README.txt"
f2 = File()
f2.file_name = "README2.txt"
obs1 = Observable(f1)
obs2 = Observable(f2)
comp = Observable(ObservableComposition('AND', [obs1, obs2]))
ind = Indicator()
ind.observable = comp
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([obs1.to_dict(), obs2.to_dict()],
[x.to_dict() for x in ind2.observables])
def from_dict(cls, dict_repr, return_obj=None):
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id', None)
return_obj.idref_ = dict_repr.get('idref', None)
return_obj.version = dict_repr.get('version', None)
header_dict = dict_repr.get('stix_header', None)
return_obj.stix_header = STIXHeader.from_dict(header_dict)
indicators = dict_repr.get('indicators', [])
for indicator_dict in indicators:
return_obj.add_indicator(Indicator.from_dict(indicator_dict))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id', None)
return_obj.idref_ = dict_repr.get('idref', None)
return_obj.version = dict_repr.get('version', None)
header_dict = dict_repr.get('stix_header', None)
return_obj.stix_header = STIXHeader.from_dict(header_dict)
indicators = dict_repr.get('indicators', [])
for indicator_dict in indicators:
return_obj.add_indicator(Indicator.from_dict(indicator_dict))
observables_dict = dict_repr.get('observables')
return_obj.observables = Observables.from_dict(observables_dict)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id', None)
return_obj.idref = dict_repr.get('idref', None)
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.stix_header = STIXHeader.from_dict(dict_repr.get('stix_header', None))
return_obj.campaigns = [Campaign.from_dict(x) for x in dict_repr.get('campaigns', [])]
return_obj.courses_of_action = [CourseOfAction.from_dict(x) for x in dict_repr.get('courses_of_action', [])]
return_obj.exploit_targets = [ExploitTarget.from_dict(x) for x in dict_repr.get('exploit_targets', [])]
return_obj.indicators = [Indicator.from_dict(x) for x in dict_repr.get('indicators', [])]
return_obj.observables = Observables.from_dict(dict_repr.get('observables'))
return_obj.incidents = [Incident.from_dict(x) for x in dict_repr.get('incidents', [])]
return_obj.threat_actors = [ThreatActor.from_dict(x) for x in dict_repr.get('threat_actors', [])]
return_obj.ttps = TTPs.from_dict(dict_repr.get('ttps'))
return_obj.related_packages = RelatedPackages.from_dict(dict_repr.get('related_packages'))
return return_obj
def export_stix(iocs):
'''Export to STIX. Adapted from:
github.com/STIXProject/openioc-to-stix/blob/master/openioc_to_stix.py
'''
cybox_observables = export_cybox(iocs)
stix_package = STIXPackage()
for obs in cybox_observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'extract_iocs'}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "extract_iocs STIX export"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(obs)
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators extracted with extract_iocs"
stix_package.stix_header = stix_header
return stix_package.to_xml()
def export_stix(iocs):
'''Export to STIX. Adapted from:
github.com/STIXProject/openioc-to-stix/blob/master/openioc_to_stix.py
'''
cybox_observables = export_cybox(iocs)
stix_package = STIXPackage()
for obs in cybox_observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name': 'export_iocs'}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "export_iocs STIX export"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(obs)
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators extracted with export_iocs"
stix_package.stix_header = stix_header
return stix_package.to_xml()
def __make_stix_xml_string(self, filename, open_ioc_xml):
# This is actually an adapted version of the openioc_to_stix.py to be compatible with ce1sus
try:
# save the file
base_dir = self.get_dest_folder()
open_ioc_filename = base_dir + '/' + filename
open_stix_filename = base_dir + '/STIX_of_' + filename
open_ioc_file = open(open_ioc_filename, 'w+')
open_ioc_file.write(open_ioc_xml)
open_ioc_file.close()
openioc_indicators = openioc.parse(open_ioc_filename)
observables_obj = openioc_to_cybox.generate_cybox(
openioc_indicators, open_ioc_filename, True)
observables_cls = Observables.from_obj(observables_obj)
stix.utils.set_id_namespace({
"https://github.com/STIXProject/openioc-to-stix":
"openiocToSTIX"
})
stix_package = STIXPackage()
stix_package.version = '1.1.1'
input_namespaces = {"openioc": "http://openioc.org/"}
stix_package.__input_namespaces__ = input_namespaces
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{
'name': 'OpenIOC to STIX Utility',
'version': str(__VERSION__)
}]
indicator_dict['producer'] = producer_dict
indicator_dict[
'title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
stix_header = STIXHeader()
# set the correct header
file_obj = open(open_ioc_filename, 'rb')
file_contents = file_obj.read()
print file_contents
file_obj.close()
root = etree.fromstring(file_contents)
for child in root:
if child.tag.endswith('short_description'):
stix_header.short_description = child.text
elif child.tag.endswith('description'):
stix_header.description = child.text
else:
if stix_header.description and stix_header.short_description:
break
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = '{0}\n\n CybOX-represented Indicators Translated from OpenIOC File'.format(
stix_header.description)
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(open_stix_filename, 'w')
# Ignore any warnings - temporary fix for no schemaLocation w/ namespace
with warnings.catch_warnings():
warnings.simplefilter("ignore")
outfile.write(stix_package.to_xml())
warnings.resetwarnings()
outfile.flush()
outfile.close()
return base_dir, open_stix_filename
except Exception as error:
self.logger.error(error)
raise cherrypy.HTTPError(500, '{0}'.format(error.message))
def test_observables_property_empty(self):
ind = Indicator()
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([], ind2.observables)
def from_dict(cls, dict_repr,return_obj=None, stix_pkg_id = None):
print("[PickupIndicator] from_dict....")
# Send PickupIndicator() to Indicator.from_dict so that a PickupIndicator is returned.
return_obj = Indicator.from_dict(dict_repr, PickupIndicator() )
return_obj.stix_pkg_id = stix_pkg_id
return return_obj
def test_observables_property_empty(self):
ind = Indicator()
ind2 = Indicator.from_dict(ind.to_dict())
self.assertEqual([], ind2.observables)
