Пример #1
0
    def poll(
        self,
        collection_name,
        begin_date=None,
        end_date=None,
        subscription_id=None,
        content_bindings=None,
        uri=None,
    ):
        """Poll content from Polling Service.

        if ``uri`` is not provided, client will try to discover services and
        find Polling Service among them.

        :param str collection_name: feed to poll
        :param datetime begin_date:
               ask only for content blocks created after
               `begin_date` (exclusive)
        :param datetime end_date:
               ask only for content blocks created before
               `end_date` (inclusive)
        :param str subsctiption_id: ID of the existing subscription
        :param list content_bindings:
               list of stings or
               :py:class:`cabby.entities.ContentBinding` objects
        :param str uri: URI path to a specific Inbox Service

        :raises ValueError:
                if URI provided is invalid or schema is not supported
        :raises `cabby.exceptions.HTTPError`:
                if HTTP error happened
        :raises `cabby.exceptions.UnsuccessfulStatusError`:
                if Status Message received and status_type is not `SUCCESS`
        :raises `cabby.exceptions.ServiceNotFoundError`:
                if no service found
        :raises `cabby.exceptions.AmbiguousServicesError`:
                more than one service with type specified
        :raises `cabby.exceptions.NoURIProvidedError`:
                no URI provided and client can't discover services
        """

        _bindings = pack_content_bindings(content_bindings, version=10)
        data = dict(
            message_id=self._generate_id(),
            feed_name=collection_name,
            exclusive_begin_timestamp_label=begin_date,
            inclusive_end_timestamp_label=end_date,
            content_bindings=_bindings,
        )

        if subscription_id:
            data["subscription_id"] = subscription_id

        request = tm10.PollRequest(**data)
        stream = self._execute_request(request,
                                       uri=uri,
                                       service_type=const.SVC_POLL)
        for obj in stream:
            if isinstance(obj, tm10.ContentBlock):
                yield to_content_block_entity(obj)
Пример #2
0
    def create_request_message(self, args):
        try:
            if args.begin_ts:
                begin_ts = dateutil.parser.parse(args.begin_ts)
                if not begin_ts.tzinfo:
                    raise ValueError
            else:
                begin_ts = None

            if args.end_ts:
                end_ts = dateutil.parser.parse(args.end_ts)
                if not end_ts.tzinfo:
                    raise ValueError
            else:
                end_ts = None
        except ValueError:
            print("Unable to parse timestamp value. Timestamp should include both date and time information along " \
                  "with a timezone or UTC offset (e.g., YYYY-MM-DDTHH:MM:SS.ssssss+/-hh:mm). Aborting poll.")
            sys.exit()

        poll_req = tm10.PollRequest(message_id=tm10.generate_message_id(),
                                    feed_name=args.feed,
                                    exclusive_begin_timestamp_label=begin_ts,
                                    inclusive_end_timestamp_label=end_ts,
                                    subscription_id=args.subs_id)
        return poll_req
Пример #3
0
def prepare_request(collection_name, version, count_only=False,
                    bindings=[], subscription_id=None):

    if version == 11:
        content_bindings = [tm11.ContentBinding(b) for b in bindings]
        if subscription_id:
            poll_parameters = None
        else:
            poll_parameters = tm11.PollParameters(
                response_type=(
                    RT_FULL if not count_only else RT_COUNT_ONLY),
                content_bindings=content_bindings,
            )
        return tm11.PollRequest(
            message_id=MESSAGE_ID,
            collection_name=collection_name,
            subscription_id=subscription_id,
            poll_parameters=poll_parameters
        )
    elif version == 10:
        content_bindings = bindings
        return tm10.PollRequest(
            message_id=MESSAGE_ID,
            feed_name=collection_name,
            content_bindings=content_bindings,
            subscription_id=subscription_id
        )
Пример #4
0
    def test_poll_request1(self):
        poll_request1 = tm10.PollRequest(
            message_id=tm10.generate_message_id(),  # Required
            feed_name='TheFeedToPoll',  # Required
            subscription_id='SubsId002',  # Optional
            exclusive_begin_timestamp_label=datetime.datetime.now(tzutc()),  # Optional - Absence means 'no lower bound'
            inclusive_end_timestamp_label=datetime.datetime.now(tzutc()),  # Optional - Absence means 'no upper bound'
            content_bindings=[t.CB_STIX_XML_10])  # Optional - defaults to accepting all content bindings

        round_trip_message(poll_request1)
Пример #5
0
def taxii_poll(config, src, dest, timestamp=None):
    '''pull stix from edge via taxii'''
    client = tc.HttpClient()
    client.setUseHttps(config['edge']['sites'][src]['taxii']['ssl'])
    client.setAuthType(client.AUTH_BASIC)
    client.setAuthCredentials(
        {'username': config['edge']['sites'][src]['taxii']['user'],
         'password': config['edge']['sites'][src]['taxii']['pass']})
    if not timestamp:
        earliest = util.epoch_start()
    else:
        earliest = timestamp
    latest = util.nowutc()
    poll_request = tm10.PollRequest(
       message_id=tm10.generate_message_id(),
        feed_name=config['edge']['sites'][src]['taxii']['collection'],
        exclusive_begin_timestamp_label=earliest,
        inclusive_end_timestamp_label=latest,
        content_bindings=[t.CB_STIX_XML_11])
    http_response = client.callTaxiiService2(
        config['edge']['sites'][src]['host'],
        config['edge']['sites'][src]['taxii']['path'],
        t.VID_TAXII_XML_10, poll_request.to_xml(),
        port=config['edge']['sites'][src]['taxii']['port'])
    taxii_message = t.get_message_from_http_response(http_response,
                                                     poll_request.message_id)
    if isinstance(taxii_message, tm10.StatusMessage):
        config['logger'].error(log.log_messages['polling_error'].format(
            type_='taxii', error=taxii_message.message))
    elif isinstance(taxii_message, tm10.PollResponse):
        incidents = dict()
        indicators = dict()
        observables = dict()
        for content_block in taxii_message.content_blocks:
            (incidents_, indicators_, observables_) = \
                process_taxii_content_blocks(config, content_block)
            incidents.update(incidents_)
            indicators.update(indicators_)
            observables.update(observables_)
        return(latest, incidents, indicators, observables)