def create_capability(self,id=None,name=None,description=None,properties=None,strategic_objectives=None,tactical_objectives=None,behavior_reference=None,relationship=None): capability = Capability(id=id,name=name) capability.description = description capability.property =properties if strategic_objectives is not None: capability.strategic_objective = [] for strategic_objective in strategic_objectives: if isinstance(strategic_objective,CapabilityObjective): capability.strategic_objective.append(strategic_objective) if tactical_objectives is not None: capability.tactical_objective = [] for tactical_objective in tactical_objectives: if isinstance(tactical_objective,CapabilityObjective): capability.tactical_objective.append(tactical_objective) capability.behavior_reference =behavior_reference capability.relationship = relationship return capability
# Create the Associated Object Dictionary for use in the Action associated_object = AssociatedObject() associated_object.properties = File() associated_object.properties.file_name = 'abcd.dll' associated_object.properties.size_in_bytes = '123456' associated_object.association_type = VocabString() associated_object.association_type.value = 'output' associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0' # Create the Action from another dictionary action = MalwareAction() action.name = VocabString() action.name.value = 'create file' action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0' action.associated_objects = AssociatedObjects() action.associated_objects.append(associated_object) # Add the Action to the Bundle bundle.add_action(action) # Create the Capability from another dictionary capability = Capability() capability.name = 'persistence' # Add the Capability to the Bundle bundle.add_capability(capability) # Add the Bundle to the Malware Subject subject.add_findings_bundle(bundle) subject.findings_bundles.bundle = [bundle] # Add the Malware Subject to the Package package.add_malware_subject(subject) # Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions package.to_xml_file('sample_maec_package.xml', {"http://example.com/":"example"}) print "Wrote to sample_maec_package.xml"
# Create the Associated Object Dictionary for use in the Action associated_object = AssociatedObject() associated_object.properties = File() associated_object.properties.file_name = 'abcd.dll' associated_object.properties.size_in_bytes = '123456' associated_object.association_type = VocabString() associated_object.association_type.value = 'output' associated_object.association_type.xsi_type = 'maecVocabs:ActionObjectAssociationTypeVocab-1.0' # Create the Action from another dictionary action = MalwareAction() action.name = VocabString() action.name.value = 'create file' action.name.xsi_type = 'maecVocabs:FileActionNameVocab-1.0' action.associated_objects = AssociatedObjects() action.associated_objects.append(associated_object) # Add the Action to the Bundle bundle.add_action(action) # Create the Capability from another dictionary capability = Capability() capability.name = 'persistence' # Add the Capability to the Bundle bundle.add_capability(capability) # Add the Bundle to the Malware Subject subject.add_findings_bundle(bundle) subject.findings_bundles.bundle = [bundle] # Add the Malware Subject to the Package package.add_malware_subject(subject) # Export the Package Bindings Object to an XML file and use the namespaceparser for writing out the namespace definitions package.to_xml_file('sample_maec_package.xml') print "Wrote to sample_maec_package.xml"