Exemplo n.º 1
0
class ObservableComposition(RestBase):

  def __init__(self):
    RestBase.__init__(self)
    self.properties = Properties('0')
    self.operator = 'OR'
    self.observables = list()

  def to_dict(self, complete=True, inflated=False, set_identifier=False):
    observables = list()
    for observable in self.observables:
      observables.append(observable.to_dict(complete, inflated))

    observables_count = len(self.observables)

    return {'identifier': self.convert_value(self.identifier),
            'operator': self.convert_value(self.operator),
            'observables': observables,
            'observables_count': observables_count,
            'properties': self.properties.to_dict()
            }

  def populate(self, json):
    self.identifier = json.get('identifier', None)
    self.operator = json.get('operator', 'OR')
    self.properties.populate(json.get('properties', Properties('0')))
    observables = json.get('observables', None)
    if observables:
      for observable in observables:
        obs = Observable()
        obs.populate(observable)
        self.observables.append(obs)
Exemplo n.º 2
0
class Indicator(ExtendedLogingInformations):

  def __init__(self):
    self.observables = list()
    self.title = None
    self.description = None
    self.short_description = None
    self.confidence = None
    self.type_ = list()
    self.operator = 'OR'
    self.properties = Properties('0')

  def to_dict(self, complete=True, inflated=False):
    type_ = None
    if self.type_:
      type_ = list()
      for item in self.type_:
        type_.append(item.to_dict(True))

    if inflated:
      obs = list()
      for observable in self.observables:
        obs.append(observable.to_dict(complete, inflated))
      len_obs = len(obs)
      return {'identifier': self.convert_value(self.identifier),
              'title': self.convert_value(self.title),
              'description': self.convert_value(self.description),
              'short_description': self.convert_value(self.short_description),
              'confidence': self.convert_value(self.confidence),
              'type': type_,
              'operator': self.convert_value(self.operator),
              'observables': obs,
              'observables_count': len_obs,
              'created_at': self.convert_value(self.created_at),
              'modified_on': self.convert_value(self.modified_on),
              'creator_group': self.creator_group.to_dict(False, False),
              'modifier_group': self.modifier.to_dict(False, False),
              'properties': self.properties.to_dict()
              }
    else:
      return {'identifier': self.convert_value(self.identifier),
              'title': self.convert_value(self.title),
              'description': self.convert_value(self.description),
              'short_description': self.convert_value(self.short_description),
              'confidence': self.convert_value(self.confidence),
              'type': type_,
              'operator': self.convert_value(self.operator),
              'observables': None,
              'observables_count': -1,
              'created_at': self.convert_value(self.created_at),
              'modified_on': self.convert_value(self.modified_on),
              'creator_group': self.creator_group.to_dict(False, False),
              'modifier_group': self.modifier.to_dict(False, False),
              'properties': self.properties.to_dict()
              }

  def populate(self, json):
    self.identifier = json.get('identifier', None)

    self.title = json.get('title', None)
    self.description = json.get('description', None)
    self.short_description = json.get('short_description', None)
    self.confidence = json.get('confidence', None)
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    originating_group = json.get('originating_group', None)
    if originating_group:
      cg_instance = Group()
      cg_instance.populate(originating_group)
      self.originating_group = cg_instance
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
    self.operator = json.get('operator', 'OR')

    self.properties.populate(json.get('properties', Properties('0')))
    observables = json.get('observables', list())
    if observables:
      for observable in observables:
        obs = Observable()
        obs.populate(observable)
        self.observables.append(obs)
Exemplo n.º 3
0
class Reference(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.definition_id = None
    self.definition = None
    self.value = None
    self.properties = Properties('0')
    self.report_id = None
    self.report = None

  def to_dict(self, complete=True, inflated=False):
    if isinstance(self.value, ReferenceFile):
      value = self.value.to_dict()
    else:
      value = self.convert_value(self.value)

    creator = None
    if self.creator_group:
      creator = self.creator_group.to_dict(False, False)
    modifier = None
    if self.modifier:
      modifier = self.modifier.to_dict(False, False)

    return {'identifier': self.convert_value(self.identifier),
            'definition_id': self.convert_value(self.definition_id),
            'definition': self.definition.to_dict(complete, inflated),
            'value': value,
            'created_at': self.convert_value(self.created_at),
            'modified_on': self.convert_value(self.modified_on),
            'creator_group': creator,
            'modifier_group': modifier,
            'properties': self.properties.to_dict()
            }

  def populate(self, json):
    definition_id = json.get('definition_id', None)
    if definition_id:
      self.definition_id = definition_id
      definition = json.get('definition', None)
      if definition:
        definitin_instance = ReferenceDefinition()
        definitin_instance.populate(definition)
        self.definition = definitin_instance
    if self.definition_id and self.definition:
      if self.definition.identifier and self.definition_id != self.definition.identifier:
        raise ValueException(u'Reference definitions cannot be updated')
    self.value = json.get('value', None)
    self.identifier = json.get('identifier', None)
    self.properties.populate(json.get('properties', None))
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
Exemplo n.º 4
0
class Report(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.properties = Properties('0')
    self.references = list()
    self.related_reports = list()
    self.title = None
    self.description = None
    self.short_description = None

  def to_dict(self, complete=True, inflated=False):
    references = list()
    related_reports = list()
    for reference in self.references:
      references.append(reference.to_dict(complete, inflated))
    references_count = len(self.references)

    if inflated:
      for related_report in self.related_reports:
        related_reports.append(related_report.to_dict(complete, inflated))

    related_count = len(self.related_reports)

    creator = None
    if self.creator_group:
      creator = self.creator_group.to_dict(False, False)
    modifier = None
    if self.modifier:
      modifier = self.modifier.to_dict(False, False)

    if complete:
      return {'identifier': self.convert_value(self.identifier),
              'title': self.convert_value(self.title),
              'description': self.convert_value(self.description),
              'short_description': self.convert_value(self.short_description),
              'references': references,
              'references_count': references_count,
              'properties': self.properties.to_dict(),
              'related_reports': related_reports,
              'related_reports_count': related_count,
              'creator_group': creator,
              'modifier_group': modifier,
              }
    else:
      return {'identifier': self.identifier,
              'title': self.title
              }

  def populate(self, json):
    self.title = json.get('title', None)
    self.description = json.get('description', None)
    self.properties.populate(json.get('properties', None))
    self.short_description = json.get('short_description', None)
    self.identifier = json.get('identifier', None)
    self.properties.populate(json.get('properties', None))
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
    references = json.get('references', None)
    if references:
      for reference in references:
        ref = Reference()
        ref.populate(reference)
        self.references.append(ref)
Exemplo n.º 5
0
class Attribute(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.definition_id = None
    self.definition = None
    self.is_ioc = None
    self.value = None
    self.condition = None
    self.properties = Properties('0')
    self.modifier = None
    self.object_id = None

  def to_dict(self, complete=True, inflated=False):
    cond = self.condition
    if cond:
      cond = self.condition.to_dict(complete, inflated)
    else:
      cond = None
    return {'identifier': self.convert_value(self.identifier),
            'definition_id': self.convert_value(self.definition_id),
            'definition': self.definition.to_dict(complete, False),
            'ioc': self.is_ioc,
            'value': self.convert_value(self.value),
            'condition': cond,
            'created_at': self.convert_value(self.created_at),
            'modified_on': self.convert_value(self.modified_on),
            'creator_group': self.creator_group.to_dict(False, False),
            'modifier_group': self.modifier.to_dict(False, False),
            'properties': self.properties.to_dict()
            }

  def populate(self, json):
    self.identifier = json.get('identifier', None)
    definition_id = json.get('definition_id', None)
    if definition_id:
      self.definition_id = definition_id
      definition = json.get('definition', None)
      if definition:
        definitin_instance = AttributeDefinition()
        definitin_instance.populate(definition)
        self.definition = definitin_instance
    if self.definition_id and self.definition:
      if self.definition.identifier and self.definition_id != self.definition.identifier:
        raise ValueException(u'Attribute definitions cannot be updated')
    if not (self.definition_id or self.definition):
      raise ValueException(u'Attribute definition or definition_id must be set')
    condition_id = json.get('condition_id', None)
    if not condition_id:
      condition = json.get('condition', None)
      if condition:
        condition_id = condition.get('identifier', None)
    if condition_id:
      self.condition_id = condition_id
    self.is_ioc = json.get('ioc', 0)
    self.value = json.get('value', None)
    self.properties.populate(json.get('properties', None))
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
Exemplo n.º 6
0
class Event(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.title = None
    self.description = None
    self.last_publish_date = None
    self.published = None
    self.modified_on = None
    self.first_seen = None
    self.last_seen = None
    self.observables = list()
    self.observables_count = None
    self.comments = list()
    self.groups = list()
    self.properties = Properties('0')
    self.reports = list()
    self.originating_group = None
    self.indicators = list()

  @property
  def status(self):
    """
    returns the status

    :returns: String
    """
    return Status.get_by_id(self.status_id)

  @status.setter
  def status(self, status_text):
    """
    returns the status

    :returns: String
    """
    self.status_id = Status.get_by_value(status_text)

  @property
  def risk(self):
    """
    returns the status

    :returns: String
    """
    return Risk.get_by_id(self.risk_id)

  @risk.setter
  def risk(self, risk_text):
    """
    returns the status

    :returns: String
    """
    self.risk_id = Risk.get_by_value(risk_text)

  @property
  def analysis(self):
    """
    returns the status

    :returns: String
    """
    return Analysis.get_by_id(self.analysis_id)

  @analysis.setter
  def analysis(self, text):
    """
    returns the status

    :returns: String
    """
    self.analysis_id = Analysis.get_by_value(text)

  @property
  def tlp(self):
    """
      returns the tlp level

      :returns: String
    """

    return TLP.get_by_id(self.tlp_level_id)

  @tlp.setter
  def tlp(self, text):
    """
    returns the status

    :returns: String
    """
    self.tlp_level_id = TLP.get_by_value(text)

  def to_dict(self, complete=True, inflated=False, owner=False):
    if inflated:
      observables = list()
      for observable in self.observables:
        observables.append(observable.to_dict(complete, inflated))

      observables_count = len(observables)

      reports = list()
      for report in self.reports:
        reports.append(report.to_dict(complete, inflated))

      reports_count = len(reports)

      indicators = list()
      for indicator in self.indicators:
        indicators.append(indicator.to_dict(complete, inflated))
      indicators_length = len(indicators)
    else:
      indicators = None
      indicators_length = -1
      observables = None
      # observables_count = self.observables_count_for_permissions(event_permissions)
      observables_count = -1
      reports = None
      # reports_count = self.reports_count_for_permissions(event_permissions)
      reports_count = -1
    if complete:
      comments = list()
      if owner:
        for comment in self.comments:
          comments.append(comment.to_dict())
      groups = list()
      for group in self.groups:
        groups.append(group.to_dict(complete, False))

      result = {'identifier': self.convert_value(self.identifier),
                'title': self.convert_value(self.title),
                'description': self.convert_value(self.description),
                'last_publish_date': self.convert_value(self.last_publish_date),
                'risk': self.convert_value(self.risk),
                'status': self.convert_value(self.status),
                'tlp': self.convert_value(self.tlp),
                'analysis': self.convert_value(self.analysis),
                'creator_group': self.creator_group.to_dict(False, False),
                'modifier_group': self.modifier.to_dict(False, False),
                'created_at': self.convert_value(self.created_at),
                'published': self.convert_value(self.properties.is_shareable),
                'modified_on': self.convert_value(self.modified_on),
                'originating_group': self.originating_group.to_dict(complete, False),
                # TODO: add first and last seen
                'reports': reports,
                'reports_count': reports_count,
                'first_seen': self.convert_value(self.first_seen),
                'last_seen': self.convert_value(self.last_seen),
                'observables': observables,
                'observables_count': observables_count,
                'comments': comments,
                'properties': self.properties.to_dict(),
                'indicators': indicators,
                'indicators_count': indicators_length,
                'groups': groups
                }
    else:
      result = {'identifier': self.convert_value(self.identifier),
                'title': self.convert_value(self.title),
                'creator_group': self.creator_group.to_dict(False, False),
                'modifier_group': self.modifier.to_dict(False, False),
                'created_at': self.convert_value(self.created_at),
                'published': self.convert_value(self.properties.is_shareable),
                'modified_on': self.convert_value(self.modified_on),
                'originating_group': self.originating_group.to_dict(complete, False),
                # TODO: add first and last seen
                'first_seen': self.convert_value(self.first_seen),
                'last_seen': self.convert_value(self.last_seen),
                'observables': observables,
                'observables_count': observables_count,
                'reports': reports,
                'reports_count': reports_count,
                'risk': self.convert_value(self.risk),
                'status': self.convert_value(self.status),
                'tlp': self.convert_value(self.tlp),
                'analysis': self.convert_value(self.analysis),
                'comments': None,
                'indicators': indicators,
                'indicators_count': 0,
                'properties': self.properties.to_dict()
                }
    return result

  def populate(self, json):

    self.identifier = json.get('identifier', None)

    self.title = json.get('title', None)
    self.description = json.get('description', None)
    self.risk = json.get('risk', 'Undefined').title()
    self.status = json.get('status', 'Draft').title()
    self.tlp = json.get('tlp', 'Amber').title()
    self.analysis = json.get('analysis', 'Unknown').title()
    self.properties.populate(json.get('properties', Properties('0')))
    published = json.get('published', False)
    if published:
      if published == '1' or published == 1:
        published = True
      elif published == '0' or published == 0:
        published = True
      self.properties.is_shareable = published

    observables = json.get('observables', list())
    if observables:
      for observable in observables:
        obs = Observable()
        obs.populate(observable)
        self.observables.append(obs)
    indicators = json.get('indicators', list())
    if indicators:
      for indicator in indicators:
        ind = Indicator()
        ind.populate(indicator)
        self.indicators.append(ind)
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    originating_group = json.get('originating_group', None)
    if originating_group:
      cg_instance = Group()
      cg_instance.populate(originating_group)
      self.originating_group = cg_instance
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
    first_seen = json.get('first_seen', None)
    if first_seen:
      self.first_seen = strings.stringToDateTime(first_seen)
    last_seen = json.get('last_seen', None)
    if last_seen:
      self.last_seen = strings.stringToDateTime(last_seen)
    reports = json.get('reports', None)
    if reports:
      for report in reports:
        report_instacne = Report()
        report_instacne.populate(report)
        self.reports.append(report_instacne)
    comments = json.get('comments', None)
    if comments:
      for comment in comments:
        comment_instacne = Comment()
        comment_instacne.populate(comment)
        self.comments.append(comment_instacne)
    permissions = json.get('groups', None)
    if permissions:
      for permission in permissions:
        event_permission = EventGroupPermission()
        event_permission.populate(permission)
Exemplo n.º 7
0
class Observable(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.properties = Properties('0')
    self.object = None
    self.description = None
    self.observable_composition = list()
    self.related_observables = list()
    self.modifier = None
    self.event_id = None
    self.title = None
    self.version = None

  def to_dict(self, complete=True, inflated=False):
    obj = self.object
    if obj:
      obj = obj.to_dict(complete, inflated)

    composed = self.observable_composition
    if composed:
      composed = composed.to_dict(complete, inflated)
    related = list()

    related_count = len(related)

    if complete:
      result = {'identifier': self.convert_value(self.identifier),
                'title': self.convert_value(self.title),
                'description': self.convert_value(self.description),
                'object': obj,
                'version': self.convert_value(self.version),
                'observable_composition': composed,
                'related_observables': related,
                'related_observables_count': related_count,
                'created_at': self.convert_value(self.created_at),
                'modified_on': self.convert_value(self.modified_on),
                'creator_group': self.creator_group.to_dict(False, False),
                'modifier_group': self.modifier.to_dict(False, False),
                'properties': self.properties.to_dict()
                }
    else:
      result = {'identifier': self.convert_value(self.identifier),
                'title': self.convert_value(self.title),
                'object': obj,
                'observable_composition': composed,
                'creator_group': self.creator_group.to_dict(False, False),
                'modifier_group': self.modifier.to_dict(False, False),
                'created_at': self.convert_value(self.created_at),
                'modified_on': self.convert_value(self.modified_on),
                'properties': self.properties.to_dict()
                }

    return result

  def populate(self, json):

    self.identifier = json.get('identifier', None)
    self.title = json.get('title', None)
    self.description = json.get('description', None)
    self.version = json.get('version', '')
    self.properties.populate(json.get('properties', Properties('0')))
    obj = self.title = json.get('object', None)
    if obj:
      obj_instance = Object()
      obj_instance.populate(obj)
      self.object = obj_instance
    comp = self.title = json.get('observable_composition', None)
    if comp:
      comp_instance = ObservableComposition()
      comp_instance.populate(comp)
      self.observable_composition = comp_instance
    rel_obs = self.title = json.get('related_observables', None)
    if rel_obs:
      for rel_ob in rel_obs:
        obj_instance = RelatedObservable()
        obj_instance.populate(rel_ob)
        self.related_observables.append(obj_instance)
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
Exemplo n.º 8
0
class Object(ExtendedLogingInformations):

  def __init__(self):
    ExtendedLogingInformations.__init__(self)
    self.attributes = list()
    self.properties = Properties('0')
    self.definition_id = None
    self.definition = None
    self.related_objects = list()
    self.observable_id = None
    self.modifier = None

  def to_dict(self, complete=True, inflated=False):
    attributes = list()
    for attribute in self.attributes:
      attributes.append(attribute.to_dict(complete, inflated))
    related = list()

    attributes_count = len(self.attributes)

    if inflated:
      for related_object in self.related_objects:
        related.append(related_object.to_dict(complete, inflated))
    related_count = len(self.related_objects)

    return {'identifier': self.convert_value(self.identifier),
            'definition_id': self.convert_value(self.definition_id),
            'definition': self.definition.to_dict(complete, inflated),
            'attributes': attributes,
            'attributes_count': attributes_count,
            'creator_group': self.creator_group.to_dict(False, False),
            'modifier_group': self.modifier.to_dict(False, False),
            'created_at': self.convert_value(self.created_at),
            'modified_on': self.convert_value(self.modified_on),
            'related_objects': related,
            'related_objects_count': related_count,
            'properties': self.properties.to_dict(),
            'observable_id': self.convert_value(self.observable_id)
            }

  def populate(self, json):

    self.identifier = json.get('identifier', None)
    definition_id = json.get('definition_id', None)
    if definition_id:
      self.definition_id = definition_id
      definition = json.get('definition', None)
      if definition:
        definitin_instance = ObjectDefinition()
        definitin_instance.populate(definition)
        self.definition = definitin_instance
    if self.definition_id and self.definition:
      if self.definition.identifier and self.definition_id != self.definition.identifier:
        raise ValueException(u'Object definitions cannot be updated')
    if not (self.definition_id or self.definition):
      raise ValueException(u'Object definition or definition_id must be set')
    self.properties.populate(json.get('properties', Properties('0')))
    creator_group = json.get('creator_group', None)
    if creator_group:
      cg_instance = Group()
      cg_instance.populate(creator_group)
      self.creator_group = cg_instance
    modifier_group = json.get('modifier_group', None)
    if modifier_group:
      cg_instance = Group()
      cg_instance.populate(modifier_group)
      self.modifier = cg_instance
    created_at = json.get('created_at', None)
    if created_at:
      self.created_at = strings.stringToDateTime(created_at)
    modified_on = json.get('modified_on', None)
    if modified_on:
      self.modified_on = strings.stringToDateTime(modified_on)
    rel_obs = json.get('related_objects', None)
    if rel_obs:
      for rel_ob in rel_obs:
        obj_instance = RelatedObject()
        obj_instance.populate(rel_ob)
        self.related_objects.append(obj_instance)

    attribtues = json.get('attributes', None)
    if attribtues:
      for attribtue in attribtues:
        attribute = Attribute()
        attribute.populate(attribtue)
        self.attributes.append(attribute)