def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
if isinstance(cybox_obj, Address):
o.datatype = "string"
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = str(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, URI):
o.datatype = "string"
o.object_type = "URI"
o.name = str(cybox_obj.type_)
o.value = str(cybox_obj.value)
return o
else:
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
if isinstance(cybox_obj, Address):
o.datatype = "string"
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = str(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, URI):
o.datatype = "string"
o.object_type = "URI"
o.name = str(cybox_obj.type_)
o.value = str(cybox_obj.value)
return o
else:
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = "Account"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = "API"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Artifact):
o.object_type = "Artifact"
o.value = [cybox_obj.data]
if cybox_obj.type_ == Artifact.TYPE_GENERIC:
o.name = "Data Region"
return o
elif cybox_obj.type_ == Artifact.TYPE_FILE_SYSTEM:
o.name = "FileSystem Fragment"
return o
elif cybox_obj.type_ == Artifact.TYPE_MEMORY:
o.name = "Memory Region"
return o
elif isinstance(cybox_obj, Code):
o.object_type = "Code"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.code_segment)
return o
elif isinstance(cybox_obj, Custom):
if cybox_obj.custom_name == "crits:String":
if cybox_obj.custom_properties[0].name == "value":
o.object_type = "String"
o.value = [cybox_obj.custom_properties[0].value]
return o
elif isinstance(cybox_obj, Disk):
o.object_type = "Disk"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.disk_name)
return o
elif isinstance(cybox_obj, DiskPartition):
o.object_type = "Disk Partition"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.device_name)
return o
elif isinstance(cybox_obj, DNSQuery):
o.object_type = "DNS Query"
o.value = get_object_values(cybox_obj.question.qname)
return o
elif isinstance(cybox_obj, DNSRecord):
o.object_type = "DNS Record"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = "URI - Domain Name"
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, EmailMessage):
o.object_type = "Email Message"
o.value = [cybox_obj.raw_body]
return o
elif isinstance(cybox_obj, GUIDialogbox):
o.object_type = "GUI Dialogbox"
o.value = get_object_values(cybox_obj.box_text)
return o
elif isinstance(cybox_obj, GUIWindow):
o.object_type = "GUI Window"
o.value = get_object_values(cybox_obj.window_display_name)
return o
elif isinstance(cybox_obj, Library):
o.object_type = "Library"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Memory):
o.object_type = "Memory"
o.value = get_object_values(cybox_obj.memory_source)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = "Mutex"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, NetworkConnection):
o.object_type = "Network Connection"
o.value = get_object_values(cybox_obj.layer7_protocol)
return o
elif isinstance(cybox_obj, Pipe):
o.object_type = "Pipe"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Port):
o.object_type = "Port"
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = "Process"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, System):
o.object_type = "System"
o.value = get_object_values(cybox_obj.hostname)
return o
elif isinstance(cybox_obj, URI):
o.object_type = "URI - URL"
o.name = cybox_obj.type_
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, UserAccount):
o.object_type = "User Account"
o.value = get_object_values(cybox_obj.username)
return o
elif isinstance(cybox_obj, Volume):
o.object_type = "Volume"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinDriver):
o.object_type = "Win Driver"
o.value = get_object_values(cybox_obj.driver_name)
return o
elif isinstance(cybox_obj, WinEventLog):
o.object_type = "Win Event Log"
o.value = get_object_values(cybox_obj.log)
return o
elif isinstance(cybox_obj, WinEvent):
o.object_type = "Win Event"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinHandle):
o.object_type = "Win Handle"
o.name = str(cybox_obj.type_)
o.value = get_object_values(cybox_obj.object_address)
return o
elif isinstance(cybox_obj, WinKernelHook):
o.object_type = "Win Kernel Hook"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, WinMailslot):
o.object_type = "Win Mailslot"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinNetworkShare):
o.object_type = "Win Network Share"
o.value = get_object_values(cybox_obj.local_path)
return o
elif isinstance(cybox_obj, WinProcess):
o.object_type = "Win Process"
o.value = get_object_values(cybox_obj.window_title)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = "Win Registry Key"
o.value = get_object_values(cybox_obj.key)
return o
elif isinstance(cybox_obj, WinService):
o.object_type = "Win Service"
o.value = get_object_values(cybox_obj.service_name)
return o
elif isinstance(cybox_obj, WinSystem):
o.object_type = "Win System"
o.value = get_object_values(cybox_obj.product_name)
return o
elif isinstance(cybox_obj, WinTask):
o.object_type = "Win Task"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinUser):
o.object_type = "Win User Account"
o.value = get_object_values(cybox_obj.security_id)
return o
elif isinstance(cybox_obj, WinVolume):
o.object_type = "Win Volume"
o.value = get_object_values(cybox_obj.drive_letter)
return o
elif isinstance(cybox_obj, X509Certificate):
o.object_type = "X509 Certificate"
o.value = get_object_values(cybox_obj.raw_certificate)
return o
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = "Account"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
o.object_type = "Address"
o.name = str(cybox_obj.category)
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = "API"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Artifact):
o.object_type = "Artifact"
o.value = [cybox_obj.data]
if cybox_obj.type_ == Artifact.TYPE_GENERIC:
o.name = "Data Region"
return o
elif cybox_obj.type_ == Artifact.TYPE_FILE_SYSTEM:
o.name = "FileSystem Fragment"
return o
elif cybox_obj.type_ == Artifact.TYPE_MEMORY:
o.name = "Memory Region"
return o
elif isinstance(cybox_obj, Code):
o.object_type = "Code"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.code_segment)
return o
elif isinstance(cybox_obj, Custom):
if cybox_obj.custom_name == "crits:String":
if cybox_obj.custom_properties[0].name == "value":
o.object_type = "String"
o.value = [cybox_obj.custom_properties[0].value]
return o
elif isinstance(cybox_obj, Disk):
o.object_type = "Disk"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.disk_name)
return o
elif isinstance(cybox_obj, DiskPartition):
o.object_type = "Disk Partition"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.device_name)
return o
elif isinstance(cybox_obj, DNSQuery):
o.object_type = "DNS Query"
o.value = get_object_values(cybox_obj.question.qname)
return o
elif isinstance(cybox_obj, DNSRecord):
o.object_type = "DNS Record"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = "URI - Domain Name"
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, EmailMessage):
o.object_type = "Email Message"
o.value = [cybox_obj.raw_body]
return o
elif isinstance(cybox_obj, GUIDialogbox):
o.object_type = "GUI Dialogbox"
o.value = get_object_values(cybox_obj.box_text)
return o
elif isinstance(cybox_obj, GUIWindow):
o.object_type = "GUI Window"
o.value = get_object_values(cybox_obj.window_display_name)
return o
elif isinstance(cybox_obj, Library):
o.object_type = "Library"
o.name = str(cybox_obj.type)
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Memory):
o.object_type = "Memory"
o.value = get_object_values(cybox_obj.memory_source)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = "Mutex"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, NetworkConnection):
o.object_type = "Network Connection"
o.value = get_object_values(cybox_obj.layer7_protocol)
return o
elif isinstance(cybox_obj, Pipe):
o.object_type = "Pipe"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, Port):
o.object_type = "Port"
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = "Process"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, System):
o.object_type = "System"
o.value = get_object_values(cybox_obj.hostname)
return o
elif isinstance(cybox_obj, URI):
o.object_type = "URI - URL"
o.name = cybox_obj.type_
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, UserAccount):
o.object_type = "User Account"
o.value = get_object_values(cybox_obj.username)
return o
elif isinstance(cybox_obj, Volume):
o.object_type = "Volume"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinDriver):
o.object_type = "Win Driver"
o.value = get_object_values(cybox_obj.driver_name)
return o
elif isinstance(cybox_obj, WinEventLog):
o.object_type = "Win Event Log"
o.value = get_object_values(cybox_obj.log)
return o
elif isinstance(cybox_obj, WinEvent):
o.object_type = "Win Event"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinHandle):
o.object_type = "Win Handle"
o.name = str(cybox_obj.type_)
o.value = get_object_values(cybox_obj.object_address)
return o
elif isinstance(cybox_obj, WinKernelHook):
o.object_type = "Win Kernel Hook"
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, WinMailslot):
o.object_type = "Win Mailslot"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinNetworkShare):
o.object_type = "Win Network Share"
o.value = get_object_values(cybox_obj.local_path)
return o
elif isinstance(cybox_obj, WinProcess):
o.object_type = "Win Process"
o.value = get_object_values(cybox_obj.window_title)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = "Win Registry Key"
o.value = get_object_values(cybox_obj.key)
return o
elif isinstance(cybox_obj, WinService):
o.object_type = "Win Service"
o.value = get_object_values(cybox_obj.service_name)
return o
elif isinstance(cybox_obj, WinSystem):
o.object_type = "Win System"
o.value = get_object_values(cybox_obj.product_name)
return o
elif isinstance(cybox_obj, WinTask):
o.object_type = "Win Task"
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, WinUser):
o.object_type = "Win User Account"
o.value = get_object_values(cybox_obj.security_id)
return o
elif isinstance(cybox_obj, WinVolume):
o.object_type = "Win Volume"
o.value = get_object_values(cybox_obj.drive_letter)
return o
elif isinstance(cybox_obj, X509Certificate):
o.object_type = "X509 Certificate"
o.value = get_object_values(cybox_obj.raw_certificate)
return o
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
try:
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = IndicatorTypes.USER_ID
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
name = str(cybox_obj.category)
if name == 'ipv4-addr':
o.object_type = IPTypes.IPV4_ADDRESS
elif name == 'ipv6-addr':
o.object_type = IPTypes.IPV6_ADDRESS
elif name == 'ipv4-net':
o.object_type = IPTypes.IPV4_SUBNET
elif name == 'ipv6-net':
o.object_type = IPTypes.IPV6_SUBNET
elif name == 'asn':
o.object_type = IndicatorTypes.AS_NUMBER
elif name == 'cidr':
o.object_type = IndicatorTypes.IPV4_SUBNET
elif name == 'e-mail':
o.object_type = IndicatorTypes.EMAIL_ADDRESS
elif name == 'mac':
o.object_type = IndicatorTypes.MAC_ADDRESS
else:
raise UnsupportedCRITsObjectTypeError(cybox_obj)
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = IndicatorTypes.API_KEY
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = IndicatorTypes.DOMAIN
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = IndicatorTypes.MUTEX
o.value = get_object_values(cybox_obj.name)
return o
# Assume this is a destination port because it almost always is
elif isinstance(cybox_obj, Port):
o.object_type = IndicatorTypes.DEST_PORT
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = IndicatorTypes.PROCESS_NAME
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, URI):
if cybox_obj.type_ == 'Domain Name':
o.object_type = IndicatorTypes.DOMAIN
else:
o.object_type = IndicatorTypes.URI
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = IndicatorTypes.REGISTRY_KEY
o.value = get_object_values(cybox_obj.key)
return o
except:
z = UnsupportedCRITsObjectTypeError(cybox_obj)
z.message = "Unsupported use of '%s' object." % type(cybox_obj).__name__
raise z
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = IndicatorTypes.USER_ID
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
name = str(cybox_obj.category)
if name == 'ipv4-addr':
o.object_type = IPTypes.IPV4_ADDRESS
elif name == 'ipv6-addr':
o.object_type = IPTypes.IPV6_ADDRESS
elif name == 'ipv4-net':
o.object_type = IPTypes.IPV4_SUBNET
elif name == 'ipv6-net':
o.object_type = IPTypes.IPV6_SUBNET
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = IndicatorTypes.API_KEY
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = IndicatorTypes.DOMAIN
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = IndicatorTypes.MUTEX
o.value = get_object_values(cybox_obj.name)
return o
# Unless there is a way to know this is source or destination, this doesn't
# help :(
#elif isinstance(cybox_obj, Port):
# o.object_type = "Port"
# o.value = get_object_values(cybox_obj.port_value)
# return o
elif isinstance(cybox_obj, Process):
o.object_type = IndicatorTypes.PROCESS_NAME
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, URI):
o.object_type = IndicatorTypes.URI
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = IndicatorTypes.REGISTRY_KEY
o.value = get_object_values(cybox_obj.key)
return o
raise UnsupportedCRITsObjectTypeError(cybox_obj)
def make_crits_object(cybox_obj):
"""
Converts a CybOX object instance to a CRITs EmbeddedObject instance.
:param cybox_obj: The CybOX object.
:type cybox_obj: CybOX object.
:returns: :class:`crits.core.crits_mongoengine.EmbeddedObject`
"""
try:
o = EmbeddedObject()
o.datatype = "string"
if isinstance(cybox_obj, Account):
o.object_type = IndicatorTypes.USER_ID
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, Address):
name = str(cybox_obj.category)
if name == 'ipv4-addr':
o.object_type = IPTypes.IPV4_ADDRESS
elif name == 'ipv6-addr':
o.object_type = IPTypes.IPV6_ADDRESS
elif name == 'ipv4-net':
o.object_type = IPTypes.IPV4_SUBNET
elif name == 'ipv6-net':
o.object_type = IPTypes.IPV6_SUBNET
o.value = get_object_values(cybox_obj.address_value)
return o
elif isinstance(cybox_obj, API):
o.object_type = IndicatorTypes.API_KEY
o.value = get_object_values(cybox_obj.description)
return o
elif isinstance(cybox_obj, DomainName):
o.object_type = IndicatorTypes.DOMAIN
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, Mutex):
o.object_type = IndicatorTypes.MUTEX
o.value = get_object_values(cybox_obj.name)
return o
# Assume this is a destination port because it almost always is
elif isinstance(cybox_obj, Port):
o.object_type = IndicatorTypes.DEST_PORT
o.value = get_object_values(cybox_obj.port_value)
return o
elif isinstance(cybox_obj, Process):
o.object_type = IndicatorTypes.PROCESS_NAME
o.value = get_object_values(cybox_obj.name)
return o
elif isinstance(cybox_obj, URI):
if cybox_obj.type_ == 'Domain Name':
o.object_type = IndicatorTypes.DOMAIN
else:
o.object_type = IndicatorTypes.URI
o.value = get_object_values(cybox_obj.value)
return o
elif isinstance(cybox_obj, WinRegistryKey):
o.object_type = IndicatorTypes.REGISTRY_KEY
o.value = get_object_values(cybox_obj.key)
return o
except:
z = UnsupportedCRITsObjectTypeError(cybox_obj)
z.message = "Unsupported use of '%s' object." % type(
cybox_obj).__name__
raise z
raise UnsupportedCRITsObjectTypeError(cybox_obj)