def add_confidentiality_item(confidentiality_item, aa):
pa = PropertyAffected()
pa.property_ = LossProperty.TERM_CONFIDENTIALITY
data_item = confidentiality_item.get('data')
descriptionOfEventString = ""
if data_item:
first = True
for item in data_item:
if not first:
descriptionOfEventString += ", "
else:
first = False
variety_item = item.get('variety')
if not variety_item:
error("Required 'variety' item is missing in 'attribute/confidentiality/data' item")
else:
descriptionOfEventString += variety_item
amount_item = item.get('amount')
if amount_item:
descriptionOfEventString += ": " + str(amount_item)
notes_item = confidentiality_item.get('notes')
if notes_item:
pa.description_of_effect = escape(descriptionOfEventString + "; Notes:" + notes_item)
else:
pa.description_of_effect = escape(descriptionOfEventString)
state_item = confidentiality_item.get('state')
# how to deal with multiple state values?
aa.add_property_affected(pa)
def main():
pkg = STIXPackage()
affected_asset = AffectedAsset()
affected_asset.description = "Database server at hr-data1.example.com"
affected_asset.type_ = "Database"
affected_asset.type_.count_affected = 1
affected_asset.business_function_or_role = "Hosts the database for example.com"
affected_asset.ownership_class = "Internally-Owned"
affected_asset.management_class = "Internally-Managed"
affected_asset.location_class = "Internally-Located"
property_affected = PropertyAffected()
property_affected.property_ = "Confidentiality"
property_affected.description_of_effect = "Data was exfiltrated, has not been determined which data or how."
property_affected.non_public_data_compromised = "Yes"
property_affected.non_public_data_compromised.data_encrypted = False
security_effect_nature = NatureOfSecurityEffect()
security_effect_nature.append(property_affected)
affected_asset.nature_of_security_effect = security_effect_nature
affected_assets = AffectedAssets()
affected_assets.append(affected_asset)
incident = Incident(title="Exfiltration from hr-data1.example.com")
incident.affected_assets = affected_assets
pkg.add_incident(incident)
print(pkg.to_xml(encoding=None))
def add_integrity_item(integrity_item, aa):
pa = PropertyAffected()
pa.property_ = LossProperty.TERM_INTEGRITY
variety_item = integrity_item.get('variety')
descriptionOfEventString = ""
if variety_item:
descriptionOfEventString = ",".join(variety_item)
notes_item = integrity_item.get('notes')
if notes_item:
pa.description_of_effect = escape(descriptionOfEventString + "; Notes:" + notes_item)
else:
pa.description_of_effect = escape(descriptionOfEventString)
# data_disclosure
aa.add_property_affected(pa)
def add_availability_item(availability_item, aa):
pa = PropertyAffected()
pa.property_ = LossProperty.TERM_AVAILABILITY
duration_item = availability_item.get('duration')
if duration_item:
duration_unit_item = duration_item.get('unit')
if not duration_unit_item:
error("Required 'unit' item is missing in 'availability/duration' item")
else:
pa.duration_of_availability_loss = map_duration_unit_item_to_loss_duration(duration_unit_item)
variety_item = availability_item.get('variety')
if variety_item:
if len(variety_item) > 1:
warn("Only 1 AvailabilityLossType allowed - choosing first")
if variety_item[0] == 'Other':
pa.type_of_availability_loss = AvailabilityLossType('Unknown')
else:
pa.type_of_availability_loss = AvailabilityLossType(variety_item[0])
notes_item = availability_item.get('notes')
if notes_item:
pa.description_of_effect = "Notes: " + escape(notes_item)
aa.add_property_affected(pa)
