def dotransform(request, response, config):
try:
url = request.fields['url']
except KeyError:
url = request.value
try:
indicators = search_indicator(url)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
for indicator in indicators:
if indicator.get('tcScore'):
weight = int(indicator.get('tcScore'))
else:
weight = 1
indicator = indicator.get('resource')
e = Indicator(encode_to_utf8(indicator.get('title')),
weight=weight)
e.title = encode_to_utf8(indicator.get('title'))
# e.resourceId = indicator.get('resourceId')
e.resourceId = indicator.get('resourceId')
if indicator.get('severity'):
e += Label(
'Severity',
indicator.get('severity', dict()).get('displayName'))
e.severity = indicator.get('severity',
dict()).get('displayName')
if indicator.get('confidence'):
e += Label(
'Confidence',
indicator.get('confidence', dict()).get('displayName'))
e.confidence = indicator.get('confidence',
dict()).get('displayName')
if indicator.get('indicatorType'):
e += Label(
'Indicator Type',
indicator.get('indicatorType',
dict()).get('displayName'))
e.indicatorType = indicator.get('indicatorType',
dict()).get('displayName')
if indicator.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(
indicator.get('description')).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
try:
results = search(request.value, size=10, pages=1)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
for result in results:
rtype = lower(result.get('type'))
if result.get('tcScore'):
weight = int(result.get('tcScore'))
else:
weight = 1
# Title ID Description
if rtype == 'actor':
# Check Title, if no title get resource > name
# Actor entity can have an empty title field
if result.get('title'):
e = Actor(encode_to_utf8(result.get('title')), weight=weight)
else:
e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight)
e.name = encode_to_utf8(result.get('resource', dict()).get('name'))
e.actor = encode_to_utf8(result.get('resource', dict()).get('name'))
elif rtype == 'case':
e = Case(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'coursesofactions':
e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'indicator':
e = Indicator(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'incident':
e = Incident(encode_to_utf8(result.get('title')), weight=weight)
# elif rtype == 'tacticstechniquesandprocedures':
elif rtype == 'ttp':
e = TTP(encode_to_utf8(result.get('title')), weight=weight)
else:
# To be safe
e = Phrase(encode_to_utf8(result.get('title')), weight=weight)
debug(rtype)
e.title = encode_to_utf8(result.get('title'))
e.resourceId = result.get('id')
if result.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description',
'')).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
indicator = get_indicator(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
indicator = None
response += UIMessage(err.value, type='PartialError')
if indicator:
try:
# Update Indicator entity ?
e = Indicator(request.value)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e.severity = indicator.get('severity', dict()).get('displayName')
e.confidence = indicator.get('confidence', dict()).get('displayName')
e.indicatorType = indicator.get('indicatorType', dict()).get('displayName')
e += Label('Severity', indicator.get('severity', dict()).get('displayName'))
e += Label('Confidence', indicator.get('confidence', dict()).get('displayName'))
e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName'))
if indicator.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description')
).split('\n')))
response += e
if len(indicator.get('observables', list())) is not 0:
for observable in indicator.get('observables'):
if upper(observable.get('type', dict()).get('value')) == 'URI':
e = URL(observable.get('value'))
e.url = observable.get('value')
e += Label('URI', observable.get('value'))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
indicator = get_indicator(
request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Update Indicator entity
e = Indicator(request.value)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e += Label(
'Severity',
indicator.get('severity', dict()).get('displayName'))
e += Label(
'Confidence',
indicator.get('confidence', dict()).get('displayName'))
e += Label(
'Indicator Type',
indicator.get('indicatorType', dict()).get('displayName'))
if indicator.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(
indicator.get('description')).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
indicator = get_indicator(
request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Update Indicator entity ?
e = Indicator(request.value)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e.severity = indicator.get('severity',
dict()).get('displayName')
e.confidence = indicator.get('confidence',
dict()).get('displayName')
e.indicatorType = indicator.get('indicatorType',
dict()).get('displayName')
e += Label(
'Severity',
indicator.get('severity', dict()).get('displayName'))
e += Label(
'Confidence',
indicator.get('confidence', dict()).get('displayName'))
e += Label(
'Indicator Type',
indicator.get('indicatorType', dict()).get('displayName'))
if indicator.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(
indicator.get('description')).split('\n')))
response += e
if len(indicator.get('observables', list())) is not 0:
for observable in indicator.get('observables'):
if upper(observable.get('type',
dict()).get('value')) == 'IP':
e = IPv4Address(observable.get('value'))
e += Label('IP Address', observable.get('value'))
if observable.get('port'):
e += Label('Port', observable.get('port'))
if upper(
observable.get('location',
dict()).get('city')
) != 'UNDEFINED_GEO_LOCATION_STRING':
e += Label(
'Location', '<br/>'.join([
'{}:{}'.format(encode_to_utf8(k),
encode_to_utf8(v))
for k, v in observable.get(
'location', dict()).iteritems()
]))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
indicator = get_indicator(
request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Update Indicator entity ?
e = Indicator(request.value)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e.severity = indicator.get('severity',
dict()).get('displayName')
e.confidence = indicator.get('confidence',
dict()).get('displayName')
e.indicatorType = indicator.get('indicatorType',
dict()).get('displayName')
e += Label(
'Severity',
indicator.get('severity', dict()).get('displayName'))
e += Label(
'Confidence',
indicator.get('confidence', dict()).get('displayName'))
e += Label(
'Indicator Type',
indicator.get('indicatorType', dict()).get('displayName'))
if indicator.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(
indicator.get('description')).split('\n')))
response += e
if len(indicator.get('observables', list())) is not 0:
for observable in indicator.get('observables'):
if upper(observable.get(
'type', dict()).get('value')) == 'FILE_HASH':
# Use sighting
if observable.get('sighting'):
weight = int(observable.get('sighting'))
else:
weight = 1
filehashes = observable.get('fileHashes', list())
for filehash in filehashes:
e = FileHash(filehash.get('value'),
weight=weight)
#e.name = observable.get('name')
e.value = filehash.get('value')
e.htype = filehash.get('type')
e.resourceId = observable.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
indicator = get_indicator(
request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
indicator = None
response += UIMessage(err.value, type='PartialError')
if indicator:
try:
# Update Indicator entity ?
e = Indicator(request.value)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e.severity = indicator.get('severity',
dict()).get('displayName')
e.confidence = indicator.get('confidence',
dict()).get('displayName')
e.indicatorType = indicator.get('indicatorType',
dict()).get('displayName')
e += Label(
'Severity',
indicator.get('severity', dict()).get('displayName'))
e += Label(
'Confidence',
indicator.get('confidence', dict()).get('displayName'))
e += Label(
'Indicator Type',
indicator.get('indicatorType', dict()).get('displayName'))
if indicator.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(
indicator.get('description')).split('\n')))
response += e
if len(indicator.get('observables', list())) is not 0:
for observable in indicator.get('observables'):
if upper(observable.get(
'type',
dict()).get('value')) == 'REGISTRY_KEY':
# Use sighting
if observable.get('sighting'):
weight = int(observable.get('sighting'))
else:
weight = 1
e = RegistryKey(observable.get('value'),
weight=weight)
# TODO : Verify this
# e.name = observable.get('name')
e.value = observable.get('value')
# TODO : Verify this
# e.action = observable.get('action', dict()).get('displayName')
e.hive = observable.get('hive')
e.key = observable.get('key')
# TODO : Verify this
# e.data = registryKeyValues
# e.rtype = type
e.resourceId = observable.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
case = get_case(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Show linked Indicators
if len(case.get('indicators', list())) is not 0:
for indicator in case.get('indicators'):
if indicator.get('tcScore'):
weight = int(indicator.get('tcScore'))
else:
weight = 1
e = Indicator(encode_to_utf8(indicator.get('title')),
weight=weight)
e.title = encode_to_utf8(indicator.get('title'))
e.resourceId = indicator.get('resourceId')
e += Label(
'Severity',
indicator.get('severity',
dict()).get('displayName'))
e += Label(
'Confidence',
indicator.get('confidence',
dict()).get('displayName'))
e += Label(
'Indicator Type',
indicator.get('indicatorType',
dict()).get('displayName'))
