示例#1
0
def main():
    infilename = ''
    outfilename = ''

    #Get the command-line arguments
    args = sys.argv[1:]
    
    if len(args) < 4:
        usage()
        sys.exit(1)
        
    for i in range(0,len(args)):
        if args[i] == '-i':
            infilename = args[i+1]
        elif args[i] == '-o':
            outfilename = args[i+1]
    if os.path.isfile(infilename): 
        try:
            # Perform the translation using the methods from the OpenIOC to CybOX Script
            openioc_indicators = openioc.parse(infilename)
            observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
            observables_cls = Observables.from_obj(observables_obj)

            # Set the namespace to be used in the STIX Package
            stix.utils.set_id_namespace({"https://github.com/STIXProject/openioc-to-stix":"openiocToSTIX"})

            # Wrap the created Observables in a STIX Package/Indicator
            stix_package = STIXPackage()
            # Add the OpenIOC namespace
            input_namespaces = {"http://openioc.org/":"openioc"}
            stix_package.__input_namespaces__ = input_namespaces

            for observable in observables_cls.observables:
                indicator_dict = {}
                producer_dict = {}
                producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
                indicator_dict['producer'] = producer_dict
                indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
                indicator = Indicator.from_dict(indicator_dict)
                indicator.add_observable(observables_cls.observables[0])
                stix_package.add_indicator(indicator)

            # Create and write the STIX Header
            stix_header = STIXHeader()
            stix_header.package_intent = "Indicators - Malware Artifacts"
            stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
            stix_package.stix_header = stix_header

            # Write the generated STIX Package as XML to the output file
            outfile = open(outfilename, 'w')
            # Ignore any warnings - temporary fix for no schemaLocation w/ namespace
            with warnings.catch_warnings():
                warnings.simplefilter("ignore")
                outfile.write(stix_package.to_xml())
                warnings.resetwarnings()
            outfile.flush()
            outfile.close()
        except Exception, err:
            print('\nError: %s\n' % str(err))
            traceback.print_exc()
示例#2
0
def main():
    infilename = ''
    outfilename = ''

    #Get the command-line arguments
    args = sys.argv[1:]

    if len(args) < 4:
        usage()
        sys.exit(1)

    for i in range(0, len(args)):
        if args[i] == '-i':
            infilename = args[i + 1]
        elif args[i] == '-o':
            outfilename = args[i + 1]
    if os.path.isfile(infilename):
        try:
            # Perform the translation using the methods from the OpenIOC to CybOX Script
            openioc_indicators = openioc.parse(infilename)
            observables_obj = openioc_to_cybox.generate_cybox(
                openioc_indicators, infilename, True)
            observables_cls = Observables.from_obj(observables_obj)

            # Wrap the created Observables in a STIX Package/Indicator
            stix_package = STIXPackage()

            for observable in observables_cls.observables:
                indicator_dict = {}
                producer_dict = {}
                producer_dict['tools'] = [{
                    'name': 'OpenIOC to STIX Utility',
                    'version': str(__VERSION__)
                }]
                indicator_dict['producer'] = producer_dict
                indicator_dict[
                    'title'] = "CybOX-represented Indicator Created from OpenIOC File"
                indicator = Indicator.from_dict(indicator_dict)
                indicator.add_observable(observables_cls.observables[0])
                stix_package.add_indicator(indicator)

            # Create and write the STIX Header
            stix_header = STIXHeader()
            stix_header.package_intent = "Indicators - Malware Artifacts"
            stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
            stix_package.stix_header = stix_header

            # Write the generated STIX Package as XML to the output file
            outfile = open(outfilename, 'w')
            outfile.write(stix_package.to_xml())
            outfile.flush()
            outfile.close()
        except Exception, err:
            print('\nError: %s\n' % str(err))
            traceback.print_exc()
def main():
    infilename = ''
    outfilename = ''

    #Get the command-line arguments
    args = sys.argv[1:]
    
    if len(args) < 4:
        usage()
        sys.exit(1)
        
    for i in range(0,len(args)):
        if args[i] == '-i':
            infilename = args[i+1]
        elif args[i] == '-o':
            outfilename = args[i+1]
    if os.path.isfile(infilename): 
        try:
            # Perform the translation using the methods from the OpenIOC to CybOX Script
            openioc_indicators = openioc.parse(infilename)
            observables_obj = openioc_to_cybox.generate_cybox(openioc_indicators, infilename, True)
            observables_cls = Observables.from_obj(observables_obj)

            # Wrap the created Observables in a STIX Package/Indicator
            stix_package = STIXPackage()

            for observable in observables_cls.observables:
                indicator_dict = {}
                producer_dict = {}
                producer_dict['tools'] = [{'name':'OpenIOC to STIX Utility', 'version':str(__VERSION__)}]
                indicator_dict['producer'] = producer_dict
                indicator_dict['title'] = "CybOX-represented Indicator Created from OpenIOC File"
                indicator = Indicator.from_dict(indicator_dict)
                indicator.add_observable(observables_cls.observables[0])
                stix_package.add_indicator(indicator)

            # Create and write the STIX Header
            stix_header = STIXHeader()
            stix_header.package_intent = "Indicators - Malware Artifacts"
            stix_header.description = "CybOX-represented Indicators Translated from OpenIOC File"
            stix_package.stix_header = stix_header

            # Write the generated STIX Package as XML to the output file
            outfile = open(outfilename, 'w')
            outfile.write(stix_package.to_xml())
            outfile.flush()
            outfile.close()
        except Exception, err:
            print('\nError: %s\n' % str(err))
            traceback.print_exc()
示例#4
0
    def __make_stix_xml_string(self, filename, open_ioc_xml):
        # This is actually an adapted version of the openioc_to_stix.py to be compatible with ce1sus
        try:

            # save the file
            base_dir = self.get_dest_folder()
            open_ioc_filename = base_dir + '/' + filename
            open_stix_filename = base_dir + '/STIX_of_' + filename
            open_ioc_file = open(open_ioc_filename, 'w+')
            open_ioc_file.write(open_ioc_xml)
            open_ioc_file.close()

            openioc_indicators = openioc.parse(open_ioc_filename)
            observables_obj = openioc_to_cybox.generate_cybox(
                openioc_indicators, open_ioc_filename, True)
            observables_cls = Observables.from_obj(observables_obj)
            stix.utils.set_id_namespace({
                "https://github.com/STIXProject/openioc-to-stix":
                "openiocToSTIX"
            })
            stix_package = STIXPackage()
            stix_package.version = '1.1.1'
            input_namespaces = {"openioc": "http://openioc.org/"}

            stix_package.__input_namespaces__ = input_namespaces

            for observable in observables_cls.observables:
                indicator_dict = {}
                producer_dict = {}
                producer_dict['tools'] = [{
                    'name': 'OpenIOC to STIX Utility',
                    'version': str(__VERSION__)
                }]
                indicator_dict['producer'] = producer_dict
                indicator_dict[
                    'title'] = "CybOX-represented Indicator Created from OpenIOC File"
                indicator = Indicator.from_dict(indicator_dict)
                indicator.add_observable(observables_cls.observables[0])
                stix_package.add_indicator(indicator)

            stix_header = STIXHeader()
            # set the correct header
            file_obj = open(open_ioc_filename, 'rb')
            file_contents = file_obj.read()
            print file_contents
            file_obj.close()
            root = etree.fromstring(file_contents)
            for child in root:

                if child.tag.endswith('short_description'):
                    stix_header.short_description = child.text
                elif child.tag.endswith('description'):
                    stix_header.description = child.text
                else:
                    if stix_header.description and stix_header.short_description:
                        break

            stix_header.package_intent = "Indicators - Malware Artifacts"
            stix_header.description = '{0}\n\n CybOX-represented Indicators Translated from OpenIOC File'.format(
                stix_header.description)
            stix_package.stix_header = stix_header

            # Write the generated STIX Package as XML to the output file
            outfile = open(open_stix_filename, 'w')
            # Ignore any warnings - temporary fix for no schemaLocation w/ namespace
            with warnings.catch_warnings():
                warnings.simplefilter("ignore")
                outfile.write(stix_package.to_xml())
                warnings.resetwarnings()
            outfile.flush()
            outfile.close()
            return base_dir, open_stix_filename
        except Exception as error:
            self.logger.error(error)
            raise cherrypy.HTTPError(500, '{0}'.format(error.message))
示例#5
0
def main():
    infilename = ''
    outfilename = ''
    global verbose_mode
    global skipped_indicators
    verbose_mode = False
    skipped_indicators = []

    #Get the command-line arguments
    args = sys.argv[1:]

    if len(args) < 4:
        usage()
        sys.exit(1)

    for i in range(0, len(args)):
        if args[i] == '-i':
            infilename = args[i + 1]
        elif args[i] == '-o':
            outfilename = args[i + 1]
        elif args[i] == '-v':
            verbose_mode = True

    #Basic input file checking
    if os.path.isfile(infilename):
        #Parse the OpenIOC file
        indicators = openioc.parse(infilename)
        try:
            print 'Generating ' + outfilename + ' from ' + infilename + '...'
            observables = generate_cybox(indicators, infilename)

            if observables != None:
                observables.set_cybox_major_version('2')
                observables.set_cybox_minor_version('0')

                outfile = open(outfilename, 'w')
                outfile.write('<?xml version="1.0" encoding="utf-8"?>\n')
                outfile.write("<!DOCTYPE doc [<!ENTITY comma '&#44;'>]>\n")
                #outfile.write(Observables.from_obj(observables).to_xml(True))
                nsparser = NamespaceParser(observables.get_Observable())
                ns_string = '\n xmlns:openioc="http://openioc.org/"' + nsparser.build_namespaces_schemalocations_str(
                )
                observables.export(outfile, 0, namespacedef_=ns_string)

                if verbose_mode:
                    for indicator in skipped_indicators:
                        skipped_id = ''
                        skipped_term = ''
                        if indicator.get_id() is not None:
                            skipped_id = indicator.get_id()
                            skipped_term = string_test(
                                indicator.get_Context().get_search())
                        else:
                            skipped_id = get_indicatoritem_string(
                                indicator, '_')

                        print "IndicatorItem " + skipped_id + " not translated. Encountered IOC term " + skipped_term + ", which does not currently map to CybOX"
            else:
                print(
                    '\nInput file %s contained no indicator items compatible with CybOX\n'
                    % infilename)

        except Exception, err:
            print('\nError: %s\n' % str(err))
            if verbose_mode:
                traceback.print_exc()
示例#6
0
def main():
    infilename = ''
    outfilename = ''
    global verbose_mode
    global skipped_indicators
    verbose_mode = False
    skipped_indicators = []
    
    #Get the command-line arguments
    args = sys.argv[1:]
    
    if len(args) < 4:
        usage()
        sys.exit(1)
        
    for i in range(0,len(args)):
        if args[i] == '-i':
            infilename = args[i+1]
        elif args[i] == '-o':
            outfilename = args[i+1]
        elif args[i] == '-v':
            verbose_mode = True
            
    #Basic input file checking
    if os.path.isfile(infilename):    
        #Parse the OpenIOC file
        indicators = openioc.parse(infilename)
        try:
            print 'Generating ' + outfilename + ' from ' + infilename + '...'
            observables = generate_cybox(indicators)
            observables.set_cybox_major_version('1')
            observables.set_cybox_minor_version('0')
            observables.export(open(outfilename, 'w'), 0, namespacedef_='xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"\
 xmlns:openioc="http://schemas.mandiant.com/2010/ioc"\
 xmlns:cybox="http://cybox.mitre.org/cybox_v1"\
 xmlns:AccountObj="http://cybox.mitre.org/objects#AccountObject"\
 xmlns:AddressObj="http://cybox.mitre.org/objects#AddressObject"\
 xmlns:Common="http://cybox.mitre.org/Common_v1"\
 xmlns:DiskObj="http://cybox.mitre.org/objects#DiskObject"\
 xmlns:DiskPartitionObj="http://cybox.mitre.org/objects#DiskPartitionObject"\
 xmlns:DNSRecordObj="http://cybox.mitre.org/objects#DNSRecordObject"\
 xmlns:FileObj="http://cybox.mitre.org/objects#FileObject"\
 xmlns:MemoryObj="http://cybox.mitre.org/objects#MemoryObject"\
 xmlns:NetworkRouteEntryObj="http://cybox.mitre.org/objects#NetworkRouteEntryObject"\
 xmlns:PortObj="http://cybox.mitre.org/objects#PortObject"\
 xmlns:ProcessObj="http://cybox.mitre.org/objects#ProcessObject"\
 xmlns:SystemObj="http://cybox.mitre.org/objects#SystemObject"\
 xmlns:UnixFileObj="http://cybox.mitre.org/objects#UnixFileObject"\
 xmlns:UserAccountObj="http://cybox.mitre.org/objects#UserAccountObject"\
 xmlns:VolumeObj="http://cybox.mitre.org/objects#VolumeObject"\
 xmlns:WinDriverObj="http://cybox.mitre.org/objects#WinDriverObject"\
 xmlns:WinEventLogObj="http://cybox.mitre.org/objects#WinEventLogObject"\
 xmlns:WinExecutableFileObj="http://cybox.mitre.org/objects#WinExecutableFileObject"\
 xmlns:WinFileObj="http://cybox.mitre.org/objects#WinFileObject"\
 xmlns:WinHandleObj="http://cybox.mitre.org/objects#WinHandleObject"\
 xmlns:WinKernelHookObj="http://cybox.mitre.org/objects#WinKernelHookObject"\
 xmlns:WinProcessObj="http://cybox.mitre.org/objects#WinProcessObject"\
 xmlns:WinRegistryKeyObj="http://cybox.mitre.org/objects#WinRegistryKeyObject"\
 xmlns:WinServiceObj="http://cybox.mitre.org/objects#WinServiceObject"\
 xmlns:WinSystemObj="http://cybox.mitre.org/objects#WinSystemObject"\
 xmlns:WinUserAccountObj="http://cybox.mitre.org/objects#WinUserAccountObject"\
 xmlns:WinVolumeObj="http://cybox.mitre.org/objects#WinVolumeObject"\
 xsi:schemaLocation="http://cybox.mitre.org/Common_v1 http://cybox.mitre.org/XMLSchema/cybox_common_types_v1.0(draft).xsd\
 http://cybox.mitre.org/objects#AccountObject http://cybox.mitre.org/XMLSchema/objects/Account/Account_Object_1.1.xsd\
 http://cybox.mitre.org/objects#AddressObject http://cybox.mitre.org/XMLSchema/objects/Address/Address_Object_1.1.xsd\
 http://cybox.mitre.org/objects#DiskObject http://cybox.mitre.org/XMLSchema/objects/Disk/Disk_Object_1.2.xsd\
 http://cybox.mitre.org/objects#DiskPartitionObject http://cybox.mitre.org/XMLSchema/objects/Disk_Partition/Disk_Partition_Object_1.2.xsd\
 http://cybox.mitre.org/objects#DNSRecordObject http://cybox.mitre.org/XMLSchema/objects/DNS_Record/DNS_Record_Object_1.0.xsd\
 http://cybox.mitre.org/objects#FileObject http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd\
 http://cybox.mitre.org/objects#MemoryObject http://cybox.mitre.org/XMLSchema/objects/Memory/Memory_Object_1.1.xsd\
 http://cybox.mitre.org/objects#NetworkRouteEntryObject http://cybox.mitre.org/XMLSchema/objects/Network_Route_Entry/Network_Route_Entry_Object_1.0.xsd\
 http://cybox.mitre.org/objects#PortObject http://cybox.mitre.org/XMLSchema/objects/Port/Port_Object_1.2.xsd\
 http://cybox.mitre.org/objects#ProcessObject http://cybox.mitre.org/XMLSchema/objects/Process/Process_Object_1.2.xsd\
 http://cybox.mitre.org/objects#SystemObject http://cybox.mitre.org/XMLSchema/objects/System/System_Object_1.2.xsd\
 http://cybox.mitre.org/objects#UnixFileObject http://cybox.mitre.org/XMLSchema/objects/Unix_File/Unix_File_Object_1.2.xsd\
 http://cybox.mitre.org/objects#UserAccountObject http://cybox.mitre.org/XMLSchema/objects/User_Account/User_Account_Object_1.1.xsd\
 http://cybox.mitre.org/objects#VolumeObject http://cybox.mitre.org/XMLSchema/objects/Volume/Volume_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinDriverObject http://cybox.mitre.org/XMLSchema/objects/Win_Driver/Win_Driver_Object_1.1.xsd\
 http://cybox.mitre.org/objects#WinEventLogObject http://cybox.mitre.org/XMLSchema/objects/Win_Event_Log/Win_Event_Log_Object_1.1.xsd\
 http://cybox.mitre.org/objects#WinExecutableFileObject http://cybox.mitre.org/XMLSchema/objects/Win_Executable_File/Win_Executable_File_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinFileObject http://cybox.mitre.org/XMLSchema/objects/Win_File/Win_File_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinHandleObject http://cybox.mitre.org/XMLSchema/objects/Win_Handle/Win_Handle_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinKernelHookObject http://cybox.mitre.org/XMLSchema/objects/Win_Kernel_Hook/Win_Kernel_Hook_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinProcessObject http://cybox.mitre.org/XMLSchema/objects/Win_Process/Win_Process_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinRegistryKeyObject http://cybox.mitre.org/XMLSchema/objects/Win_Registry_Key/Win_Registry_Key_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinServiceObject http://cybox.mitre.org/XMLSchema/objects/Win_Service/Win_Service_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinServiceObject http://cybox.mitre.org/XMLSchema/objects/Win_System/Win_System_Object_1.1.xsd\
 http://cybox.mitre.org/objects#WinUserAccountObject http://cybox.mitre.org/XMLSchema/objects/Win_User_Account/Win_User_Account_Object_1.2.xsd\
 http://cybox.mitre.org/objects#WinVolumeObject http://cybox.mitre.org/XMLSchema/objects/Win_Volume/Win_Volume_Object_1.2.xsd\
 http://cybox.mitre.org/cybox_v1 http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd"')
            if verbose_mode:
                for indicator_id in skipped_indicators:
                    print "Indicator Item " + indicator_id + " Skipped; indicator type currently not supported"
            
        except Exception, err:
           print('\nError: %s\n' % str(err))
           if verbose_mode:
            traceback.print_exc()
示例#7
0
def main():
    infilename = ''
    outfilename = ''
    global verbose_mode
    global skipped_indicators
    verbose_mode = False
    skipped_indicators = []
    
    #Get the command-line arguments
    args = sys.argv[1:]
    
    if len(args) < 4:
        usage()
        sys.exit(1)
        
    for i in range(0,len(args)):
        if args[i] == '-i':
            infilename = args[i+1]
        elif args[i] == '-o':
            outfilename = args[i+1]
        elif args[i] == '-v':
            verbose_mode = True
            
    #Basic input file checking
    if os.path.isfile(infilename):    
        #Parse the OpenIOC file
        indicators = openioc.parse(infilename)
        try:
            print 'Generating ' + outfilename + ' from ' + infilename + '...'
            observables = generate_cybox(indicators, infilename)
            
            if observables != None:
                observables.set_cybox_major_version('2')
                observables.set_cybox_minor_version('0')
                
                outfile = open(outfilename, 'w')
                outfile.write('<?xml version="1.0" encoding="utf-8"?>\n')
                outfile.write("<!DOCTYPE doc [<!ENTITY comma '&#44;'>]>\n")
                #outfile.write(Observables.from_obj(observables).to_xml(True))
                nsparser = NamespaceParser(observables.get_Observable())
                ns_string = '\n xmlns:openioc="http://openioc.org/"' + nsparser.build_namespaces_schemalocations_str()
                observables.export(outfile, 0, namespacedef_=ns_string)

                if verbose_mode:
                    for indicator in skipped_indicators:
                        skipped_id = ''
                        skipped_term = ''
                        if indicator.get_id() is not None:
                            skipped_id = indicator.get_id()
                            skipped_term = string_test(indicator.get_Context().get_search())
                        else:
                            skipped_id = get_indicatoritem_string(indicator, '_')

                        print "IndicatorItem " + skipped_id + " not translated. Encountered IOC term " + skipped_term + ", which does not currently map to CybOX"
            else:
                print('\nInput file %s contained no indicator items compatible with CybOX\n' % infilename)
            
        except Exception, err:
            print('\nError: %s\n' % str(err))
            if verbose_mode:
                traceback.print_exc()