def retrieve_attack_as_list():
server = Server("https://cti-taxii.mitre.org/taxii/")
api_root = server.api_roots[0]
for collection in api_root.collections:
logging.info(collection.title + ":" + collection.id)
attack = {}
collection = Collection(
"https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/"
)
tc_source = TAXIICollectionSource(collection)
filter_objs = {
"techniques": Filter("type", "=", "attack-pattern"),
"mitigations": Filter("type", "=", "course-of-action"),
"groups": Filter("type", "=", "intrusion-set"),
"malware": Filter("type", "=", "malware"),
"tools": Filter("type", "=", "tool"),
"relationships": Filter("type", "=", "relationship")
}
techniques = tc_source.query(filter_objs['techniques'])
all_keys = gather_keys(techniques)
parsed_techniques = []
for technique in techniques:
parsed_technique = flatten_technique(technique, all_keys)
parsed_techniques = parsed_techniques + parsed_technique
return parsed_techniques
def main():
#DEBUGGING -- using the taxii2client instead of cabby.
server = Server('http://otx.alienvault.com/taxii/discovery', 'emf65',
'password')
#DEBUGGING -- print server information to console
print(server.title)
def connect_server(self, url=None):
"""
Allow user to specify what url to use
:param url:
:return:
"""
server_url = MITRE_URL if url is None else url
self.attack_server = Server(server_url)
api_root = self.attack_server.api_roots[0]
for collection in api_root.collections:
self.collection_dict[collection.title] = collection
def connect_server(self, url=None):
"""
Allow user to specify what url to use
:param url:
:return:
"""
server_url = MITRE_TAXII_URL if url is None else url
self.attack_server = Server(server_url)
api_root = self.attack_server.api_roots[0]
# CompositeSource to query all the collections at once
c_sources = [
TAXIICollectionSource(collection)
for collection in api_root.collections
]
self.composite_ds = CompositeDataSource()
self.composite_ds.add_data_sources(c_sources)
def _get_collection_url(server_url):
server = Server(server_url)
api_root = server.api_roots[0]
collections = list(api_root.collections)
print('{0:s} has {1:d} collections: '.format(server_url, len(collections)))
for index, collection in enumerate(collections):
print("[{0:d}] {1:s}: {2:s}".format(index, collection.title, collection.id))
collection_url = None
while not collection_url:
choice = input('Pick one: ')
try:
collection_url = collections[int(choice)].url
except (ValueError, IndexError):
print('Please specify a number from 0 to {0:d}'.format(len(collections)))
return collection_url
def get_taxii_collection_source(cls):
# あらかじめ ATT&CK の TAXIICOllectionSourceを取得する
try:
proxies = System.get_request_proxies()
attck_txs = Server("%s/taxii/" % (cls.ATT_CK_TAXII_SERVER),
proxies=proxies)
api_root = attck_txs.api_roots[0]
for collection in api_root.collections:
if collection.title == cls.COLLCETION_TITLE:
collection = Collection(
"%s/stix/collections/%s/" %
(cls.ATT_CK_TAXII_SERVER, collection.id),
proxies=proxies)
return TAXIICollectionSource(collection)
return None
except Exception:
import traceback
traceback.print_exc()
return None
def __init__(self, source='taxii', local=None):
"""
Initialization - Creates a matrix generator object
:param server: Source to utilize (taxii or local)
:param local: string path to local cache of stix data
"""
self.convert_data = {}
if source.lower() not in ['taxii', 'local']:
print(
'[MatrixGen] - Unable to generate matrix, source {} is not one of "taxii" or "local"'
.format(source))
raise ValueError
if source.lower() == 'taxii':
self.server = Server('https://cti-taxii.mitre.org/taxii')
self.api_root = self.server.api_roots[0]
self.collections = dict()
for collection in self.api_root.collections:
if collection.title != "PRE-ATT&CK":
tc = Collection(
'https://cti-taxii.mitre.org/stix/collections/' +
collection.id)
self.collections[collection.title.split(' ')
[0].lower()] = TAXIICollectionSource(tc)
elif source.lower() == 'local':
if local is not None:
hd = MemoryStore()
if 'mobile' in local.lower():
self.collections['mobile'] = hd.load_from_file(local)
else:
self.collections['enterprise'] = hd.load_from_file(local)
else:
print(
'[MatrixGen] - "local" source specified, but path to local source not provided'
)
raise ValueError
self.matrix = {}
self._build_matrix()
from stix2 import TAXIICollectionSource, Filter
from taxii2client import Server, Collection
# Instantiate server and get API Root
taxi_server = Server("https://cti-taxii.mitre.org/taxii/")
api_root = taxi_server.api_roots[0]
# Print name and ID of all ATT&CK technology-domains available as collections
for collection in api_root.collections:
print(collection.title + ": " + collection.id)
# Initialize dictionary to hold Enterprise ATT&CK content
attack_dict = {}
attack_stix_root_url = "https://cti-taxii.mitre.org/stix/collections/"
attack_enterprise = attack_stix_root_url + api_root.collections[0].id
print(attack_enterprise)
#Establish TAXII2 Collection instance for Enterprise ATT&CK collection
collection = Collection(attack_enterprise)
#Supply the collection to TAXIICollection
from taxii2client import Server
from stix2 import CustomObject, properties, TAXIICollectionSource
from taxii2client import Collection
from stix2 import Filter
import sys
discovery_url = sys.argv[1]
poll_url = sys.argv[2]
#descovery
server = Server(discovery_url, 'user1', 'Password1')
print(server.title)
#poll
collection = Collection(poll_url, 'user1', 'Password1')
tc_source = TAXIICollectionSource(collection)
f1 = Filter("type", "=", "indicator")
indicators = tc_source.query([f1])
for indicator in indicators:
print(indicator)
#!/usr/bin/env python3 import json from taxii2client import Server discovery="http://taxii.digitalside.it/taxii" username="******" password="******" server = Server(discovery, user=username, password=password) api_root = server.api_roots[0] collection = api_root.collections[0] test = collection.get_objects() print(json.dumps(test, indent=4, sort_keys=True))
def get_server(self):
server_url = urljoin(self.base_url, '/taxii/')
self.server = Server(server_url,
verify=self.verify,
proxies=self.proxies)
# https://medium.com/mitre-attack/att-ck-content-available-in-stix-2-0-via-public-taxii-2-0-server-317e5c41e214
#
# Need pip install stix2
# pip install taxii2-client
#
#
# Debugging tool to list out all the items
# Example:
# python list
from stix2 import TAXIICollectionSource, Filter
from taxii2client import Server
from proxies import get_proxies
server = Server("https://cti-taxii.mitre.org/taxii/", proxies=get_proxies())
api_root = server.api_roots[0]
#
# Three collections: Enterprise ATT&CK, PRE-ATT&CK, MOBILE
#
for collection in api_root.collections:
print(collection.title + ": " + collection.id)
#collection = Collection("https://cti-taxii.mitre.org/stix/collections/95ecc380-afe9-11e4-9b6c-751b66dd541e/")
# Supply the collection to TAXIICollection
tc_source = TAXIICollectionSource(collection)
# Create filters to retrieve content from Enterprise ATT&CK
filter_objs = {
def server():
"""Default server object for example.com"""
return Server(DISCOVERY_URL)
import os
import requests
import re
from shutil import rmtree
from taxii2client import Server
FEEDS = ["CVE", "CWE", "CAPEC", "MISP", "ATTACK"]
MITRE_STIX = "https://cti-taxii.mitre.org/stix/collections/"
MITRE_TAXII = Server("https://cti-taxii.mitre.org/taxii/")
API_ROOT = MITRE_TAXII.api_roots[0]
NVD_FEED = 'https://nvd.nist.gov/vuln/data-feeds#JSON_FEED'
NVD_REGEX = 'nvdcve-1.1-[0-9]*\.json\.zip'
NVD = 'https://nvd.nist.gov/feeds/json/cve/1.1/'
CWE = 'https://cwe.mitre.org/data/xml/views/'
CAPEC = 'https://capec.mitre.org/data/xml/views/'
CIRCL_API = 'https://cve.circl.lu/api/'
MISP_GALAXY = 'https://raw.githubusercontent.com/MISP/misp-galaxy/master/clusters/'
MISP_THREAT_ACTOR = 'threat-actor.json'
ATTACK_TEACHER = 'https://raw.githubusercontent.com/TravisFSmith/mitre_attack/master/teaching/All.json'
RED = '#fc3b3b'
ORANGE = '#fd8d3c'
YELLOW = '#fce93b'
GREEN = '#31a354'
BLUE = '#3182bd'
def make_limo_taxii_client():
s = Server("https://limo.anomali.com/api/v1/taxii2/taxii/",
user='******',
password='******')
return s
def make_mitre_taxii_client():
s = Server("https://cti-taxii.mitre.org/taxii/")
return s
def server():
"""Default server object for example.com"""
return Server(DISCOVERY_URL, user="******", password="******")
from taxii2client import Server, Collection, ApiRoot, Status
import json
from datetime import datetime
import dateutil.parser
def manifest_find_object_by_id(manifest, id):
for obj in manifest['objects']:
if id in obj['id']:
return obj
return None
if __name__ == "__main__":
server = Server('http://localhost:8090/taxii',
user='******',
password='******')
print("Server title : %s" % server.title)
collection = Collection(
'http://localhost:8090/demo_api/collections/7d9a78b8-46f6-4b88-98c5-595f54251e21',
user='******',
password='******')
print('Description : %s' % collection.description)
with open('apt1.json', encoding='utf-8') as json_file:
stix_bundle = json.load(json_file)
print('JSON file :')
print('description : %s' % stix_bundle['type'])
print('Objects included : %d' % len(stix_bundle['objects']))
