示例#1
0
    def to_obj(self):
        observables_obj = core_binding.ObservablesType(
                                cybox_major_version=self._major_version,
                                cybox_minor_version=self._minor_version,
                                cybox_update_version=self._update_version)

        #Required
        observables_obj.set_Observable([x.to_obj() for x in self.observables])

        #Optional
        if self.observable_package_source:
            observables_obj.set_Observable_Package_Source(self.observable_package_source.to_obj())

        return observables_obj
示例#2
0
    def to_obj(self, return_obj=None, ns_info=None):
        self._collect_ns_info(ns_info)

        observables_obj = core_binding.ObservablesType(
                                cybox_major_version=self._major_version,
                                cybox_minor_version=self._minor_version,
                                cybox_update_version=self._update_version)

        #Required
        observables_obj.Observable = [x.to_obj(ns_info=ns_info) for x in self.observables]

        #Optional
        if self.observable_package_source:
            observables_obj.Observable_Package_Source = self.observable_package_source.to_obj(ns_info=ns_info)

        return observables_obj
示例#3
0
def generate_cybox(indicators, infilename, embed_observables):
    #Create the core CybOX structure
    observables = cybox_binding.ObservablesType()

    #Set the description if it exists
    description = None
    if indicators.get_description() != None:
        description = indicators.get_description()
    elif indicators.get_short_description != None:
        description = indicators.get_short_description()

    indicator_definition = indicators.get_definition()
    for indicator in indicator_definition.get_Indicator():
        #Create the 'indicator' observable for holding the boolean indicator logic
        id_string = ''
        if indicator.get_id() is not None:
            id_string = 'openioc:indicator-' + normalize_id(indicator.get_id())
        else:
            id_string = 'openioc:indicator-' + generate_observable_id()
        indicator_observable = cybox_binding.ObservableType(id=id_string)
        #Set the title as appropriate
        if description != None:
            indicator_observable.set_Title(description)
        #Set observable source to IOC
        observable_source = cybox_common_binding.MeasureSourceType()
        observable_source_description = cybox_common_binding.StructuredTextType(
        )
        observable_source_description.set_valueOf_(
            'OpenIOC File: ' + os.path.basename(infilename))
        observable_source.set_Description(observable_source_description)
        indicator_observable.set_Observable_Source(observable_source)

        composition = cybox_binding.ObservableCompositionType(
            operator=indicator.get_operator())
        #Process the indicator, including any embedded indicators
        if process_indicator(indicator, observables, composition, True,
                             embed_observables):
            indicator_observable.set_Observable_Composition(composition)
            observables.add_Observable(indicator_observable)
        else:
            #IOC had no indicator items compatible with CybOX
            return None

    return observables