mirror of https://github.com/MISP/MISP
Some cleanup
parent
2915be5020
commit
b983147061
|
@ -2,7 +2,6 @@ from stix.extensions.identity.ciq_identity_3_0 import (CIQIdentity3_0Instance, S
|
|||
from stix.common import Identity
|
||||
|
||||
def resolveIdentityAttribute(incident, attribute):
|
||||
#print attribute["type"]
|
||||
ciq_identity = CIQIdentity3_0Instance()
|
||||
identity_spec = STIXCIQIdentity3_0()
|
||||
if attribute["type"] == 'target-user':
|
||||
|
|
|
@ -14,14 +14,11 @@ from cybox.common import Hash, ByteRun, ByteRuns
|
|||
from cybox.objects.http_session_object import *
|
||||
from cybox.objects.as_object import AutonomousSystem
|
||||
from stix.extensions.test_mechanism.snort_test_mechanism import *
|
||||
|
||||
import ntpath, socket, sys
|
||||
from stix.indicator import Indicator
|
||||
|
||||
this_module = sys.modules[__name__]
|
||||
|
||||
#complex_type_to_method = {}
|
||||
|
||||
simple_type_to_method = {}
|
||||
simple_type_to_method.update(dict.fromkeys(["md5", "sha1", "sha256", "filename", "filename|md5", "filename|sha1", "filename|sha256", "malware-sample", "attachment"], "resolveFileObservable"))
|
||||
simple_type_to_method.update(dict.fromkeys(["ip-src", "ip-dst"], "generateIPObservable"))
|
||||
|
|
|
@ -54,7 +54,7 @@ def generateMainPackage(events):
|
|||
stix_package = STIXPackage()
|
||||
stix_header = STIXHeader()
|
||||
stix_header.title="Export from MISP"
|
||||
stix_header.package_intents="Indicators"
|
||||
stix_header.package_intents="Threat Report"
|
||||
stix_package.stix_header = stix_header
|
||||
return stix_package
|
||||
|
||||
|
@ -64,7 +64,7 @@ def generateEventPackage(event):
|
|||
stix_package = STIXPackage(id_=package_name)
|
||||
stix_header = STIXHeader()
|
||||
stix_header.title="MISP event #" + event["Event"]["id"] + " uuid: " + event["Event"]["uuid"]
|
||||
stix_header.package_intents="Indicators"
|
||||
stix_header.package_intents="Threat Report"
|
||||
stix_package.stix_header = stix_header
|
||||
objects = generateSTIXObjects(event)
|
||||
incident = objects[0]
|
||||
|
@ -218,7 +218,6 @@ def addReference(target, reference):
|
|||
target.information_source.add_reference(reference)
|
||||
|
||||
# takes an object and applies a TLP marking based on the distribution passed along to it
|
||||
# Careful: TTPs do not have handling currently
|
||||
def setTLP(target, distribution):
|
||||
marking_specification = MarkingSpecification()
|
||||
marking_specification.controlled_structure = "../../../descendant-or-self()"
|
||||
|
|
Loading…
Reference in New Issue