def create_maec(inputfile, outpath, verbose_error_mode):
stat_actions = 0
if os.path.isfile(inputfile):
#Create the main parser object
parser = teparser.parser()
try:
open_file = parser.open_file(inputfile)
if not open_file:
print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.')
return
#Parse the file to get the actions and processes
parser.parse_document()
#Create the MAEC Package
package = Package()
#Add the analysis
for subject in parser.maec_subjects:
package.add_malware_subject(subject)
#Finally, Export the results
package.to_xml_file(outpath, {"https://github.com/MAECProject/threatexpert-to-maec":"ThreatExpertToMAEC"})
print "Wrote to " + outpath
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
def generate_package_from_report_filepath(input_path, options=None):
"""Take a file path to a ThreatExpert report and return a MAEC package object."""
parser = teparser.parser()
open_file = parser.open_file(input_path)
if not open_file:
print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.')
return
return generate_package_from_parser(parser, options, False)
def create_maec(inputfile, outputfile, verbose_error_mode, stat_mode):
stat_actions = 0
if os.path.isfile(inputfile):
#Create the main parser object
parser = teparser.parser()
try:
open_file = parser.open_file(inputfile)
if not open_file:
print('\nError: Error in parsing input file. Please check to ensure that it is valid XML and conforms to the ThreatExpert output schema.')
return
#Parse the file to get the actions and processes
parser.parse_document()
#Create the MAEC bundle
bundle = maec_helper.maec_bundle(parser.generator, 2.1)
#Add the analysis
for analysis in parser.maec_analyses:
bundle.add_analysis(analysis)
#Add all applicable actions to the bundle
for key, value in parser.actions.items():
for action in value:
bundle.add_action(action, key)
stat_actions += 1
bundle.build_maec_bundle()
#Finally, Export the results
bundle.export(outputfile)
if stat_mode:
print '\n---- Statistics ----'
print str(stat_actions) + ' actions converted'
#print str(converter.stat_behaviors) + ' behaviors extracted'
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
def generate_package_from_report_string(input_string, options=None, from_md5=False):
"""Take a ThreatExpert report as a string and return a MAEC package object."""
parser = teparser.parser()
parser.use_input_string(input_string)
return generate_package_from_parser(parser, options, from_md5)
def main():
verbose_error_mode = 0
stat_mode = 0
stat_actions = 0
stat_objects = 0
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-v':
verbose_error_mode = 1
elif args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
elif args[i] == '-s':
stat_mode = 1
#Basic input file checking
if os.path.isfile(infilename):
#Create the main parser object
parser = teparser.parser()
try:
parser.open_file(infilename)
#Parse the file to get the actions and processes
print '\nParsing input file and generating MAEC objects...\n'
parser.parse_document()
#Create the MAEC bundle
bundle = maec_types.maec_bundle(parser.generator, 1.1)
#Add the analysis
bundle.add_analysis(parser.maec_analysis)
#Add all applicable actions to the bundle
for key, value in parser.actions.items():
for action in value:
bundle.add_action(action, key)
stat_actions += 1
#Add all applicable objects to the bundle
for key, value in parser.objects.items():
for object in value:
bundle.add_object(object, key)
stat_objects += 1
bundle.build_maec_bundle()
##Finally, Export the results
bundle.export(outfilename)
if stat_mode:
print '\n---- Statistics ----'
print str(stat_actions) + ' actions converted'
print str(stat_objects) + ' objects generated'
#print str(converter.stat_behaviors) + ' behaviors extracted'
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
def main():
verbose_error_mode = 0
stat_mode = 0
stat_actions = 0
stat_objects = 0
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-v':
verbose_error_mode = 1
elif args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
elif args[i] == '-s':
stat_mode = 1
#Basic input file checking
if os.path.isfile(infilename):
#Create the main parser object
parser = teparser.parser()
try:
parser.open_file(infilename)
#Parse the file to get the actions and processes
print '\nParsing input file and generating MAEC objects...\n'
parser.parse_document()
#Create the MAEC bundle
bundle = maec_types.maec_bundle(parser.generator, 1.1)
#Add the analysis
bundle.add_analysis(parser.maec_analysis)
#Add all applicable actions to the bundle
for key, value in parser.actions.items():
for action in value:
bundle.add_action(action, key)
stat_actions += 1
#Add all applicable objects to the bundle
for key, value in parser.objects.items():
for object in value:
bundle.add_object(object, key)
stat_objects += 1
bundle.build_maec_bundle()
##Finally, Export the results
bundle.export(outfilename)
if stat_mode:
print '\n---- Statistics ----'
print str(stat_actions) + ' actions converted'
print str(stat_objects) + ' objects generated'
#print str(converter.stat_behaviors) + ' behaviors extracted'
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_error_mode:
traceback.print_exc()
