Python Bundle.add_behavior示例

    def test_add_collections(self):
        o = Bundle()

        o.add_named_action_collection("Actions")
        ma = MalwareAction()
        o.add_action(ma, "Actions")
        self.assertTrue(
            o.collections.action_collections.has_collection("Actions"))

        o.add_named_object_collection("Objects")
        obj = Object()
        o.add_object(obj, "Objects")
        self.assertTrue(
            o.collections.object_collections.has_collection("Objects"))

        o.add_named_behavior_collection("Behaviors")
        b = Behavior()
        o.add_behavior(b, "Behaviors")
        self.assertTrue(
            o.collections.behavior_collections.has_collection("Behaviors"))

        o.add_named_candidate_indicator_collection("Indicators")
        ci = CandidateIndicator()
        o.add_candidate_indicator(ci, "Indicators")
        self.assertTrue(
            o.collections.candidate_indicator_collections.has_collection(
                "Indicators"))

示例#2

显示文件

文件： bundle_test.py 项目： MAECProject/python-maec

    def test_add_collections(self):
        o = Bundle()

        o.add_named_action_collection("Actions")
        ma = MalwareAction()
        o.add_action(ma, "Actions")
        self.assertTrue(o.collections.action_collections.has_collection("Actions"))

        o.add_named_object_collection("Objects")
        obj = Object()
        o.add_object(obj, "Objects")
        self.assertTrue(o.collections.object_collections.has_collection("Objects"))

        o.add_named_behavior_collection("Behaviors")
        b = Behavior()
        o.add_behavior(b, "Behaviors")
        self.assertTrue(o.collections.behavior_collections.has_collection("Behaviors"))

        o.add_named_candidate_indicator_collection("Indicators")
        ci = CandidateIndicator()
        o.add_candidate_indicator(ci, "Indicators")
        self.assertTrue(o.collections.candidate_indicator_collections.has_collection("Indicators"))

示例#3

显示文件

文件： maec_in_depth_analysis.py 项目： getvirushelp/MAECProject.github.io

o1.association_type.xsi_type = "maecVocabs:ActionObjectAssociationTypeVocab-1.0"
act.associated_objects.append(o1)

# Create the behavior
bhv = Behavior()
bhv.action_composition = BehavioralActions()
bhv.action_composition.action_reference = [BehavioralActionReference()]
bhv.action_composition.action_reference[0].action_id = act.id_

# Create the capability
cap = Capability()
cap.name = "spying"
obj = CapabilityObjective()
obj.name = VocabString()
obj.name.value = "capture keyboard input"
obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0"
obj.behavior_reference = [BehaviorReference()]
obj.behavior_reference[0].behavior_idref = bhv.id_
cap.add_tactical_objective(obj)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act)
b.add_behavior(bhv)
b.add_capability(cap)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml(namespace_dict={"example.com": "example"})

示例#4

显示文件

文件： maec_in_depth_analysis.py 项目： MAECProject/MAECProject.github.io

act.associated_objects.append(o1)

# Create the behavior
bhv = Behavior()
bhv.action_composition = BehavioralActions()
bhv.action_composition.action_reference = [BehavioralActionReference()]
bhv.action_composition.action_reference[0].action_id = act.id_

# Create the capability
cap = Capability()
cap.name = "spying"
obj = CapabilityObjective()
obj.name = VocabString()
obj.name.value = "capture keyboard input"
obj.name.xsi_type = "maecVocabs:SpyingTacticalObjectivesVocab-1.0"
obj.behavior_reference = [BehaviorReference()]
obj.behavior_reference[0].behavior_idref = bhv.id_
cap.add_tactical_objective(obj)

# Build up the full Package/Malware Subject/Analysis/Bundle hierarchy
p.add_malware_subject(ms)
b.add_action(act)
b.add_behavior(bhv)
b.add_capability(cap)
ms.add_analysis(a)
ms.add_findings_bundle(b)

# Output the built up Package to XML
print p.to_xml(namespace_dict={"example.com" : "example"})