def test_stix_header(self): header = STIXHeader() header.title = UNICODE_STR header.description = UNICODE_STR header.short_description = UNICODE_STR header2 = round_trip(header) self._test_equal(header, header2)
def convert(self, stix_id_prefix='', published_only=True, **kw_arg): self.parse(**kw_arg) stix_packages = [] for event in self.events: if published_only: if not event.published: continue # id generator package_id = self.get_misp_pacakge_id(stix_id_prefix, event) stix_package = STIXPackage(timestamp=event.dt, id_=package_id) stix_header = STIXHeader() # set identity information identity = Identity(name=self.identity_name) information_source = InformationSource(identity=identity) stix_header.information_source = information_source tlp = None for tag in event.tags: if tag.tlp is not None: tlp = tag.tlp break if tlp is not None: # TLP for Generic format tlp_marking_structure = TLPMarkingStructure() tlp_marking_structure.color = tlp marking_specification = MarkingSpecification() marking_specification.marking_structures = tlp_marking_structure marking_specification.controlled_structure = '../../../../descendant-or-self::node() | ../../../../descendant-or-self::node()/@*' marking = Marking() marking.add_marking(marking_specification) stix_header.handling = marking stix_header.title = event.info stix_header.description = event.info stix_header.short_description = event.info for attribute in event.attributes: stix_package.add_indicator(attribute.convert()) stix_package.stix_header = stix_header stix_packages.append(stix_package) return stix_packages
def __map_stix_header(self, event): self.init() stix_header = STIXHeader(title=event.title) stix_header.description = event.description stix_header.short_description = event.title identifiy = self.create_stix_identity(event) time = self.cybox_mapper.get_time(produced_time=event.created_at, received_time=event.modified_on) info_source = InformationSource(identity=identifiy, time=time) stix_header.information_source = info_source # Add TLP marking = Marking() marking_spec = MarkingSpecification() marking.add_marking(marking_spec) tlp_marking_struct = TLPMarkingStructure() tlp_marking_struct.color = event.tlp.upper() tlp_marking_struct.marking_model_ref = 'http://govcert.lu/en/docs/POL_202_V2.2_rfc2350.pdf' marking_spec.marking_structures = list() marking_spec.marking_structures.append(tlp_marking_struct) stix_header.handling = marking return stix_header
def __make_stix_xml_string(self, filename, open_ioc_xml): # This is actually an adapted version of the openioc_to_stix.py to be compatible with ce1sus try: # save the file base_dir = self.get_dest_folder() open_ioc_filename = base_dir + '/' + filename open_stix_filename = base_dir + '/STIX_of_' + filename open_ioc_file = open(open_ioc_filename, 'w+') open_ioc_file.write(open_ioc_xml) open_ioc_file.close() openioc_indicators = openioc.parse(open_ioc_filename) observables_obj = openioc_to_cybox.generate_cybox( openioc_indicators, open_ioc_filename, True) observables_cls = Observables.from_obj(observables_obj) stix.utils.set_id_namespace({ "https://github.com/STIXProject/openioc-to-stix": "openiocToSTIX" }) stix_package = STIXPackage() stix_package.version = '1.1.1' input_namespaces = {"openioc": "http://openioc.org/"} stix_package.__input_namespaces__ = input_namespaces for observable in observables_cls.observables: indicator_dict = {} producer_dict = {} producer_dict['tools'] = [{ 'name': 'OpenIOC to STIX Utility', 'version': str(__VERSION__) }] indicator_dict['producer'] = producer_dict indicator_dict[ 'title'] = "CybOX-represented Indicator Created from OpenIOC File" indicator = Indicator.from_dict(indicator_dict) indicator.add_observable(observables_cls.observables[0]) stix_package.add_indicator(indicator) stix_header = STIXHeader() # set the correct header file_obj = open(open_ioc_filename, 'rb') file_contents = file_obj.read() print file_contents file_obj.close() root = etree.fromstring(file_contents) for child in root: if child.tag.endswith('short_description'): stix_header.short_description = child.text elif child.tag.endswith('description'): stix_header.description = child.text else: if stix_header.description and stix_header.short_description: break stix_header.package_intent = "Indicators - Malware Artifacts" stix_header.description = '{0}\n\n CybOX-represented Indicators Translated from OpenIOC File'.format( stix_header.description) stix_package.stix_header = stix_header # Write the generated STIX Package as XML to the output file outfile = open(open_stix_filename, 'w') # Ignore any warnings - temporary fix for no schemaLocation w/ namespace with warnings.catch_warnings(): warnings.simplefilter("ignore") outfile.write(stix_package.to_xml()) warnings.resetwarnings() outfile.flush() outfile.close() return base_dir, open_stix_filename except Exception as error: self.logger.error(error) raise cherrypy.HTTPError(500, '{0}'.format(error.message))