def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Set the namespace to be used in the STIX Package
stix.utils.set_id_namespace({"https://github.com/STIXProject/openioc-to-stix":"openiocToSTIX"})
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
# Add the OpenIOC namespace
input_namespaces = {"http://openioc.org/":"openioc"}
stix_package.__input_namespaces__ = input_namespaces
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
# Ignore any warnings - temporary fix for no schemaLocation w/ namespace
with warnings.catch_warnings():
warnings.simplefilter("ignore")
outfile.write(stix_package.to_xml())
warnings.resetwarnings()
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(
openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{
'name': 'OpenIOC to STIX Utility',
'version': str(__VERSION__)
}]
indicator_dict['producer'] = producer_dict
indicator_dict[
'title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
outfile.write(stix_package.to_xml())
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def main():
infilename = ''
outfilename = ''
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
if os.path.isfile(infilename):
try:
# Perform the translation using the methods from the OpenIOC to CybOX Script
openioc_indicators = openioc.parse(infilename)
observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
observables_cls = Observables.from_obj(observables_obj)
# Wrap the created Observables in a STIX Package/Indicator
stix_package = STIXPackage()
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
indicator_dict['producer'] = producer_dict
indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
# Create and write the STIX Header
stix_header = STIXHeader()
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(outfilename, 'w')
outfile.write(stix_package.to_xml())
outfile.flush()
outfile.close()
except Exception, err:
print('\nError: %s\n' % str(err))
traceback.print_exc()
def __make_stix_xml_string(self, filename, open_ioc_xml):
# This is actually an adapted version of the openioc_to_stix.py to be compatible with ce1sus
try:
# save the file
base_dir = self.get_dest_folder()
open_ioc_filename = base_dir + '/' + filename
open_stix_filename = base_dir + '/STIX_of_' + filename
open_ioc_file = open(open_ioc_filename, 'w+')
open_ioc_file.write(open_ioc_xml)
open_ioc_file.close()
openioc_indicators = openioc.parse(open_ioc_filename)
observables_obj = openioc_to_cybox.generate_cybox(
openioc_indicators, open_ioc_filename, True)
observables_cls = Observables.from_obj(observables_obj)
stix.utils.set_id_namespace({
"https://github.com/STIXProject/openioc-to-stix":
"openiocToSTIX"
})
stix_package = STIXPackage()
stix_package.version = '1.1.1'
input_namespaces = {"openioc": "http://openioc.org/"}
stix_package.__input_namespaces__ = input_namespaces
for observable in observables_cls.observables:
indicator_dict = {}
producer_dict = {}
producer_dict['tools'] = [{
'name': 'OpenIOC to STIX Utility',
'version': str(__VERSION__)
}]
indicator_dict['producer'] = producer_dict
indicator_dict[
'title'] = "CybOX-represented Indicator Created from OpenIOC File"
indicator = Indicator.from_dict(indicator_dict)
indicator.add_observable(observables_cls.observables[0])
stix_package.add_indicator(indicator)
stix_header = STIXHeader()
# set the correct header
file_obj = open(open_ioc_filename, 'rb')
file_contents = file_obj.read()
print file_contents
file_obj.close()
root = etree.fromstring(file_contents)
for child in root:
if child.tag.endswith('short_description'):
stix_header.short_description = child.text
elif child.tag.endswith('description'):
stix_header.description = child.text
else:
if stix_header.description and stix_header.short_description:
break
stix_header.package_intent = "Indicators - Malware Artifacts"
stix_header.description = '{0}\n\n CybOX-represented Indicators Translated from OpenIOC File'.format(
stix_header.description)
stix_package.stix_header = stix_header
# Write the generated STIX Package as XML to the output file
outfile = open(open_stix_filename, 'w')
# Ignore any warnings - temporary fix for no schemaLocation w/ namespace
with warnings.catch_warnings():
warnings.simplefilter("ignore")
outfile.write(stix_package.to_xml())
warnings.resetwarnings()
outfile.flush()
outfile.close()
return base_dir, open_stix_filename
except Exception as error:
self.logger.error(error)
raise cherrypy.HTTPError(500, '{0}'.format(error.message))
def main():
infilename = ''
outfilename = ''
global verbose_mode
global skipped_indicators
verbose_mode = False
skipped_indicators = []
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0, len(args)):
if args[i] == '-i':
infilename = args[i + 1]
elif args[i] == '-o':
outfilename = args[i + 1]
elif args[i] == '-v':
verbose_mode = True
#Basic input file checking
if os.path.isfile(infilename):
#Parse the OpenIOC file
indicators = openioc.parse(infilename)
try:
print 'Generating ' + outfilename + ' from ' + infilename + '...'
observables = generate_cybox(indicators, infilename)
if observables != None:
observables.set_cybox_major_version('2')
observables.set_cybox_minor_version('0')
outfile = open(outfilename, 'w')
outfile.write('<?xml version="1.0" encoding="utf-8"?>\n')
outfile.write("<!DOCTYPE doc [<!ENTITY comma ','>]>\n")
#outfile.write(Observables.from_obj(observables).to_xml(True))
nsparser = NamespaceParser(observables.get_Observable())
ns_string = '\n xmlns:openioc="http://openioc.org/"' + nsparser.build_namespaces_schemalocations_str(
)
observables.export(outfile, 0, namespacedef_=ns_string)
if verbose_mode:
for indicator in skipped_indicators:
skipped_id = ''
skipped_term = ''
if indicator.get_id() is not None:
skipped_id = indicator.get_id()
skipped_term = string_test(
indicator.get_Context().get_search())
else:
skipped_id = get_indicatoritem_string(
indicator, '_')
print "IndicatorItem " + skipped_id + " not translated. Encountered IOC term " + skipped_term + ", which does not currently map to CybOX"
else:
print(
'\nInput file %s contained no indicator items compatible with CybOX\n'
% infilename)
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_mode:
traceback.print_exc()
def main():
infilename = ''
outfilename = ''
global verbose_mode
global skipped_indicators
verbose_mode = False
skipped_indicators = []
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
elif args[i] == '-v':
verbose_mode = True
#Basic input file checking
if os.path.isfile(infilename):
#Parse the OpenIOC file
indicators = openioc.parse(infilename)
try:
print 'Generating ' + outfilename + ' from ' + infilename + '...'
observables = generate_cybox(indicators)
observables.set_cybox_major_version('1')
observables.set_cybox_minor_version('0')
observables.export(open(outfilename, 'w'), 0, namespacedef_='xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\
xmlns:openioc="http://schemas.mandiant.com/2010/ioc"\
xmlns:cybox="http://cybox.mitre.org/cybox_v1"\
xmlns:AccountObj="http://cybox.mitre.org/objects#AccountObject"\
xmlns:AddressObj="http://cybox.mitre.org/objects#AddressObject"\
xmlns:Common="http://cybox.mitre.org/Common_v1"\
xmlns:DiskObj="http://cybox.mitre.org/objects#DiskObject"\
xmlns:DiskPartitionObj="http://cybox.mitre.org/objects#DiskPartitionObject"\
xmlns:DNSRecordObj="http://cybox.mitre.org/objects#DNSRecordObject"\
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject"\
xmlns:MemoryObj="http://cybox.mitre.org/objects#MemoryObject"\
xmlns:NetworkRouteEntryObj="http://cybox.mitre.org/objects#NetworkRouteEntryObject"\
xmlns:PortObj="http://cybox.mitre.org/objects#PortObject"\
xmlns:ProcessObj="http://cybox.mitre.org/objects#ProcessObject"\
xmlns:SystemObj="http://cybox.mitre.org/objects#SystemObject"\
xmlns:UnixFileObj="http://cybox.mitre.org/objects#UnixFileObject"\
xmlns:UserAccountObj="http://cybox.mitre.org/objects#UserAccountObject"\
xmlns:VolumeObj="http://cybox.mitre.org/objects#VolumeObject"\
xmlns:WinDriverObj="http://cybox.mitre.org/objects#WinDriverObject"\
xmlns:WinEventLogObj="http://cybox.mitre.org/objects#WinEventLogObject"\
xmlns:WinExecutableFileObj="http://cybox.mitre.org/objects#WinExecutableFileObject"\
xmlns:WinFileObj="http://cybox.mitre.org/objects#WinFileObject"\
xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject"\
xmlns:WinKernelHookObj="http://cybox.mitre.org/objects#WinKernelHookObject"\
xmlns:WinProcessObj="http://cybox.mitre.org/objects#WinProcessObject"\
xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject"\
xmlns:WinServiceObj="http://cybox.mitre.org/objects#WinServiceObject"\
xmlns:WinSystemObj="http://cybox.mitre.org/objects#WinSystemObject"\
xmlns:WinUserAccountObj="http://cybox.mitre.org/objects#WinUserAccountObject"\
xmlns:WinVolumeObj="http://cybox.mitre.org/objects#WinVolumeObject"\
xsi:schemaLocation="http://cybox.mitre.org/Common_v1 http://cybox.mitre.org/XMLSchema/cybox_common_types_v1.0(draft).xsd\
http://cybox.mitre.org/objects#AccountObject http://cybox.mitre.org/XMLSchema/objects/Account/Account_Object_1.1.xsd\
http://cybox.mitre.org/objects#AddressObject http://cybox.mitre.org/XMLSchema/objects/Address/Address_Object_1.1.xsd\
http://cybox.mitre.org/objects#DiskObject http://cybox.mitre.org/XMLSchema/objects/Disk/Disk_Object_1.2.xsd\
http://cybox.mitre.org/objects#DiskPartitionObject http://cybox.mitre.org/XMLSchema/objects/Disk_Partition/Disk_Partition_Object_1.2.xsd\
http://cybox.mitre.org/objects#DNSRecordObject http://cybox.mitre.org/XMLSchema/objects/DNS_Record/DNS_Record_Object_1.0.xsd\
http://cybox.mitre.org/objects#FileObject http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd\
http://cybox.mitre.org/objects#MemoryObject http://cybox.mitre.org/XMLSchema/objects/Memory/Memory_Object_1.1.xsd\
http://cybox.mitre.org/objects#NetworkRouteEntryObject http://cybox.mitre.org/XMLSchema/objects/Network_Route_Entry/Network_Route_Entry_Object_1.0.xsd\
http://cybox.mitre.org/objects#PortObject http://cybox.mitre.org/XMLSchema/objects/Port/Port_Object_1.2.xsd\
http://cybox.mitre.org/objects#ProcessObject http://cybox.mitre.org/XMLSchema/objects/Process/Process_Object_1.2.xsd\
http://cybox.mitre.org/objects#SystemObject http://cybox.mitre.org/XMLSchema/objects/System/System_Object_1.2.xsd\
http://cybox.mitre.org/objects#UnixFileObject http://cybox.mitre.org/XMLSchema/objects/Unix_File/Unix_File_Object_1.2.xsd\
http://cybox.mitre.org/objects#UserAccountObject http://cybox.mitre.org/XMLSchema/objects/User_Account/User_Account_Object_1.1.xsd\
http://cybox.mitre.org/objects#VolumeObject http://cybox.mitre.org/XMLSchema/objects/Volume/Volume_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinDriverObject http://cybox.mitre.org/XMLSchema/objects/Win_Driver/Win_Driver_Object_1.1.xsd\
http://cybox.mitre.org/objects#WinEventLogObject http://cybox.mitre.org/XMLSchema/objects/Win_Event_Log/Win_Event_Log_Object_1.1.xsd\
http://cybox.mitre.org/objects#WinExecutableFileObject http://cybox.mitre.org/XMLSchema/objects/Win_Executable_File/Win_Executable_File_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinFileObject http://cybox.mitre.org/XMLSchema/objects/Win_File/Win_File_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinHandleObject http://cybox.mitre.org/XMLSchema/objects/Win_Handle/Win_Handle_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinKernelHookObject http://cybox.mitre.org/XMLSchema/objects/Win_Kernel_Hook/Win_Kernel_Hook_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinProcessObject http://cybox.mitre.org/XMLSchema/objects/Win_Process/Win_Process_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinRegistryKeyObject http://cybox.mitre.org/XMLSchema/objects/Win_Registry_Key/Win_Registry_Key_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinServiceObject http://cybox.mitre.org/XMLSchema/objects/Win_Service/Win_Service_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinServiceObject http://cybox.mitre.org/XMLSchema/objects/Win_System/Win_System_Object_1.1.xsd\
http://cybox.mitre.org/objects#WinUserAccountObject http://cybox.mitre.org/XMLSchema/objects/Win_User_Account/Win_User_Account_Object_1.2.xsd\
http://cybox.mitre.org/objects#WinVolumeObject http://cybox.mitre.org/XMLSchema/objects/Win_Volume/Win_Volume_Object_1.2.xsd\
http://cybox.mitre.org/cybox_v1 http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd"')
if verbose_mode:
for indicator_id in skipped_indicators:
print "Indicator Item " + indicator_id + " Skipped; indicator type currently not supported"
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_mode:
traceback.print_exc()
def main():
infilename = ''
outfilename = ''
global verbose_mode
global skipped_indicators
verbose_mode = False
skipped_indicators = []
#Get the command-line arguments
args = sys.argv[1:]
if len(args) < 4:
usage()
sys.exit(1)
for i in range(0,len(args)):
if args[i] == '-i':
infilename = args[i+1]
elif args[i] == '-o':
outfilename = args[i+1]
elif args[i] == '-v':
verbose_mode = True
#Basic input file checking
if os.path.isfile(infilename):
#Parse the OpenIOC file
indicators = openioc.parse(infilename)
try:
print 'Generating ' + outfilename + ' from ' + infilename + '...'
observables = generate_cybox(indicators, infilename)
if observables != None:
observables.set_cybox_major_version('2')
observables.set_cybox_minor_version('0')
outfile = open(outfilename, 'w')
outfile.write('<?xml version="1.0" encoding="utf-8"?>\n')
outfile.write("<!DOCTYPE doc [<!ENTITY comma ','>]>\n")
#outfile.write(Observables.from_obj(observables).to_xml(True))
nsparser = NamespaceParser(observables.get_Observable())
ns_string = '\n xmlns:openioc="http://openioc.org/"' + nsparser.build_namespaces_schemalocations_str()
observables.export(outfile, 0, namespacedef_=ns_string)
if verbose_mode:
for indicator in skipped_indicators:
skipped_id = ''
skipped_term = ''
if indicator.get_id() is not None:
skipped_id = indicator.get_id()
skipped_term = string_test(indicator.get_Context().get_search())
else:
skipped_id = get_indicatoritem_string(indicator, '_')
print "IndicatorItem " + skipped_id + " not translated. Encountered IOC term " + skipped_term + ", which does not currently map to CybOX"
else:
print('\nInput file %s contained no indicator items compatible with CybOX\n' % infilename)
except Exception, err:
print('\nError: %s\n' % str(err))
if verbose_mode:
traceback.print_exc()