Exemplos de Report.add_course_of_action em Python

Exemplo n.º 1

Arquivo: convert_stix.py Projeto: sroy8091/cti-stix-slider

def convert_report(r20):
    r1x = Report(id_=convert_id20(r20["id"]),
                 timestamp=text_type(r20["modified"]))
    r1x.header = Header()
    if "name" in r20:
        r1x.header.title = r20["name"]
    if "description" in r20:
        r1x.header.add_description(r20["description"])
    intents = convert_open_vocabs_to_controlled_vocabs(r20["labels"],
                                                       REPORT_LABELS_MAP)
    for i in intents:
        r1x.header.add_intent(i)
    if "published" in r20:
        add_missing_property_to_description(r1x.header, "published",
                                            r20["published"])
    for ref in r20["object_refs"]:
        ref_type = get_type_from_id(ref)
        ref1x = convert_id20(ref)
        if ref_type == "attack-pattern":
            r1x.add_ttp(TTP(idref=ref1x))
        elif ref_type == "campaign":
            r1x.add_campaign(Campaign(idref=ref1x))
        elif ref_type == 'course-of-action':
            r1x.add_course_of_action(CourseOfAction(idref=ref1x))
        elif ref_type == "indicator":
            r1x.add_indicator(Indicator(idref=ref1x))
        elif ref_type == "observed-data":
            r1x.add_observable(Observable(idref=ref1x))
        elif ref_type == "malware":
            r1x.add_ttp(TTP(idref=ref1x))
        elif ref_type == "threat-actor":
            r1x.add_threat_actor(ThreatActor(idref=ref1x))
        elif ref_type == "tool":
            r1x.add_ttp(TTP(idref=ref1x))
        elif ref_type == "vulnerability":
            r1x.add_exploit_target(ExploitTarget(idref=ref1x))
        elif ref_type == "identity" or ref_type == "relationship":
            warn("%s in %s is not explicitly a member of a STIX 1.x report",
                 703, ref, r20["id"])
        elif ref_type == "intrusion-set":
            warn("%s in %s cannot be represented in STIX 1.x", 612, ref,
                 r20["id"])
        else:
            warn("ref type %s in %s is not known", 0, ref_type, r20["id"])
    if "object_marking_refs" in r20:
        for m_id in r20["object_marking_refs"]:
            ms = create_marking_specification(m_id)
            if ms:
                CONTAINER.add_marking(r1x, ms, descendants=True)
    if "granular_markings" in r20:
        error(
            "Granular Markings present in '%s' are not supported by stix2slider",
            604, r20["id"])
    return r1x

Exemplo n.º 2

Arquivo: generateReport.py Projeto: mjglanzer/subsonar

def build_stix( input_dict ):
    # setup stix document
    stix_package = STIXPackage()
    stix_header = STIXHeader()

    stix_header.description = "TTP " + input_dict['title']

    # Add handling requirements if needed
    if input_dict['marking']:
        mark = SimpleMarkingStructure()
        mark.statement = input_dict['marking']
        mark_spec = MarkingSpecification()
        mark_spec.marking_structures.append(mark)
        stix_header.handling = Marking(mark_spec)

    stix_package.stix_header = stix_header

    report = Report()
    if input_dict['incidents']:
        for each in input_dict['incidents'].split(','):
            result = query_db('select * from incidents where id = ?',
                        [each], one=True)
            report.add_incident(buildIncident(result))

    if input_dict['ttps']:
        for each in input_dict['ttps'].split(','):
            result = query_db('select * from ttps where id = ?',
                        [each], one=True)
            report.add_ttp(buildTtp(result))

    if input_dict['indicators']:
        for each in input_dict['indicators'].split(','):
            result = query_db('select * from indicators where id = ?',
                        [each], one=True)
            report.add_indicator(buildIndicator(result))

    if input_dict['observables']:
        for each in input_dict['observables'].split(','):
            result = query_db('select * from observables where id = ?',
                        [each], one=True)
            report.add_observable(buildObservable(result))

    if input_dict['threatActors']:
        for each in input_dict['threatActors'].split(','):
            result = query_db('select * from threatActors where id = ?',
                        [each], one=True)
            report.add_threat_actor(buildThreatActor(result))

    if input_dict['targets']:
        for each in input_dict['targets'].split(','):
            result = query_db('select * from targets where id = ?',
                        [each], one=True)
            report.add_exploit_target(buildTarget(result))

    if input_dict['coas']:
        for each in input_dict['coas'].split(','):
            result = query_db('select * from coas where id = ?',
                        [each], one=True)
            report.add_course_of_action(buildCoa(result))

    if input_dict['campaigns']:
        for each in input_dict['campaigns'].split(','):
            result = query_db('select * from campaigns where id = ?',
                        [each], one=True)
            report.add_campaign(buildCampaign(result))

    stix_package.add_report(report)
    return stix_package