2021-04-15 16:27:00 +02:00
|
|
|
from taxii2client.v21 import Collection
|
2017-06-01 23:17:03 +02:00
|
|
|
|
2018-04-23 21:22:38 +02:00
|
|
|
import stix2
|
2017-05-24 17:25:40 +02:00
|
|
|
|
2018-04-23 21:22:38 +02:00
|
|
|
# This example is based on the medallion server with default_data.json
|
|
|
|
# See https://github.com/oasis-open/cti-taxii-server for more information
|
2017-05-24 17:25:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
def main():
|
2018-07-13 17:10:05 +02:00
|
|
|
collection = Collection(
|
2021-04-09 15:26:35 +02:00
|
|
|
"http://127.0.0.1:5000/trustgroup1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116/",
|
2018-07-13 17:10:05 +02:00
|
|
|
user="admin", password="Password0",
|
|
|
|
)
|
2017-05-24 17:25:40 +02:00
|
|
|
|
|
|
|
# instantiate TAXII data source
|
2018-04-23 21:22:38 +02:00
|
|
|
taxii = stix2.TAXIICollectionSource(collection)
|
2017-05-24 17:25:40 +02:00
|
|
|
|
2018-04-23 21:22:38 +02:00
|
|
|
# get (url watch indicator)
|
2021-04-09 15:26:35 +02:00
|
|
|
indicator_fw = taxii.get("indicator--6770298f-0fd8-471a-ab8c-1c658a46574e")
|
2017-05-24 17:25:40 +02:00
|
|
|
print("\n\n-------Queried for Indicator - got:")
|
2018-04-23 21:22:38 +02:00
|
|
|
print(indicator_fw.serialize(indent=4))
|
2017-05-24 17:25:40 +02:00
|
|
|
|
2018-04-23 21:22:38 +02:00
|
|
|
# all versions (url watch indicator - currently two)
|
2021-04-09 15:26:35 +02:00
|
|
|
indicator_fw_versions = taxii.all_versions("indicator--6770298f-0fd8-471a-ab8c-1c658a46574e")
|
2017-05-24 17:25:40 +02:00
|
|
|
print("\n\n------Queried for indicator (all_versions()) - got:")
|
2018-04-23 21:22:38 +02:00
|
|
|
for indicator in indicator_fw_versions:
|
|
|
|
print(indicator.serialize(indent=4))
|
2017-05-24 17:25:40 +02:00
|
|
|
|
|
|
|
# add TAXII filter (ie filter should be passed to TAXII)
|
2018-04-23 21:22:38 +02:00
|
|
|
query_filter = stix2.Filter("type", "in", "malware")
|
2017-05-24 17:25:40 +02:00
|
|
|
|
2018-04-23 21:22:38 +02:00
|
|
|
# query() - but with filter attached. There are no malware objects in this collection
|
|
|
|
malwares = taxii.query(query=query_filter)
|
|
|
|
print("\n\n\n--------Queried for Malware string (with above filter attached) - got:")
|
|
|
|
for malware in malwares:
|
|
|
|
print(malware.serialize(indent=4))
|
|
|
|
if not malwares:
|
|
|
|
print(malwares)
|
2017-05-24 17:25:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
main()
|