def main():
infilenames = []
list_mode = False
directoryname = ''
# List of Bundle instances to compare
bundle_list = []
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 2:
print USAGE_TEXT
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-l':
list_mode = True
elif args[i] == '-d':
directoryname = args[i+1]
# Parse the input files and get the MAEC Bundles from each
if list_mode:
files = args[1:]
for file in files:
process_maec_file(file, bundle_list)
elif directoryname != '':
for filename in os.listdir(directoryname):
if '.xml' not in filename:
pass
else:
process_maec_file(os.path.join(directoryname, filename), bundle_list)
# Matching properties dictionary
match_on_dictionary = {'FileObjectType': ['file_path'],
'WindowsRegistryKeyObjectType': ['hive', 'key'],
'WindowsMutexObjectType': ['name'],
'WindowsProcessObjectType': ['name']}
# Perform the comparison and get the results
comparison_results = Bundle.compare(bundle_list, match_on = match_on_dictionary, case_sensitive = False)
# Pretty print the common and unique Objects
print "******Common Objects:*******\n"
pprint.pprint(comparison_results.get_common())
print "****************************"
print "******Unique Objects:*******\n"
pprint.pprint(comparison_results.get_unique())
print "****************************"
def main():
parser = argparse.ArgumentParser(description=USAGE_TEXT)
mutex_group = parser.add_mutually_exclusive_group(required=True)
mutex_group.add_argument(
'-l',
'--list',
nargs='+',
help='single whitespace separated list of MAEC files')
mutex_group.add_argument('-d', '--directory', help='directory name')
args = parser.parse_args()
# List of Bundle instances to compare
bundle_list = []
# Parse the input files and get the MAEC Bundles from each
if args.list:
for file in args.list:
process_maec_file(file, bundle_list)
elif args.directory:
for filename in os.listdir(args.directory):
if '.xml' not in filename:
pass
else:
process_maec_file(os.path.join(args.directory, filename),
bundle_list)
# Matching properties dictionary
match_on_dictionary = {
'FileObjectType': ['file_path'],
'WindowsRegistryKeyObjectType': ['hive', 'key'],
'WindowsMutexObjectType': ['name'],
'WindowsProcessObjectType': ['name']
}
# Perform the comparison and get the results
comparison_results = Bundle.compare(bundle_list,
match_on=match_on_dictionary,
case_sensitive=False)
# Pretty print the common and unique Objects
print "******Common Objects:*******\n"
pprint.pprint(comparison_results.get_common())
print "****************************"
print "******Unique Objects:*******\n"
pprint.pprint(comparison_results.get_unique())
print "****************************"
def main():
parser = argparse.ArgumentParser(description=USAGE_TEXT)
mutex_group = parser.add_mutually_exclusive_group(required=True)
mutex_group.add_argument(
'-l', '--list', nargs='+',
help='single whitespace separated list of MAEC files'
)
mutex_group.add_argument(
'-d', '--directory',
help='directory name'
)
args = parser.parse_args()
# List of Bundle instances to compare
bundle_list = []
# Parse the input files and get the MAEC Bundles from each
if args.list:
for file in args.list:
process_maec_file(file, bundle_list)
elif args.directory:
for filename in os.listdir(args.directory):
if '.xml' not in filename:
pass
else:
process_maec_file(os.path.join(args.directory, filename), bundle_list)
# Matching properties dictionary
match_on_dictionary = {'FileObjectType': ['file_path'],
'WindowsRegistryKeyObjectType': ['hive', 'key'],
'WindowsMutexObjectType': ['name'],
'WindowsProcessObjectType': ['name']}
# Perform the comparison and get the results
comparison_results = Bundle.compare(bundle_list, match_on = match_on_dictionary, case_sensitive = False)
# Pretty print the common and unique Objects
print "******Common Objects:*******\n"
pprint.pprint(comparison_results.get_common())
print "****************************"
print "******Unique Objects:*******\n"
pprint.pprint(comparison_results.get_unique())
print "****************************"
import pprint
import maec.bindings.maec_bundle as maec_bundle_binding
from maec.bundle.bundle import Bundle
# Matching properties dictionary
match_on_dictionary = {'FileObjectType': ['full_name'],
'WindowsRegistryKeyObjectType': ['hive', 'values.name/data'],
'WindowsMutexObjectType': ['name']}
# Parse in the input Bundle documents and create their python-maec Bundle class representations
bundle1 = Bundle.from_obj(maec_bundle_binding.parse("zeus_threatexpert_maec.xml"))
bundle2 = Bundle.from_obj(maec_bundle_binding.parse("zeus_anubis_maec.xml"))
# Perform the comparison and get the results
comparison_results = Bundle.compare([bundle1, bundle2], match_on = match_on_dictionary, case_sensitive = False)
# Pretty print the common and unique Objects
print "******Common Objects:*******\n"
pprint.pprint(comparison_results.get_common())
print "****************************"
print "******Unique Objects:*******\n"
pprint.pprint(comparison_results.get_unique())
print "****************************"
