2018-11-28 22:51:00 +01:00
|
|
|
"""Functions and class wrappers for interacting with STIX2 data at a high level.
|
2018-03-22 15:55:10 +01:00
|
|
|
|
|
|
|
.. autofunction:: create
|
|
|
|
.. autofunction:: set_default_creator
|
|
|
|
.. autofunction:: set_default_created
|
|
|
|
.. autofunction:: set_default_external_refs
|
|
|
|
.. autofunction:: set_default_object_marking_refs
|
|
|
|
.. autofunction:: get
|
|
|
|
.. autofunction:: all_versions
|
|
|
|
.. autofunction:: query
|
|
|
|
.. autofunction:: creator_of
|
|
|
|
.. autofunction:: relationships
|
|
|
|
.. autofunction:: related_to
|
2018-03-30 17:53:15 +02:00
|
|
|
.. autofunction:: save
|
2018-03-22 15:55:10 +01:00
|
|
|
.. autofunction:: add_filters
|
|
|
|
.. autofunction:: add_filter
|
|
|
|
.. autofunction:: parse
|
|
|
|
.. autofunction:: add_data_source
|
|
|
|
.. autofunction:: add_data_sources
|
|
|
|
|
2017-11-29 14:58:01 +01:00
|
|
|
"""
|
|
|
|
|
Improved the exception class hierarchy:
- Removed all plain python base classes (e.g. ValueError, TypeError)
- Renamed InvalidPropertyConfigurationError -> PropertyPresenceError,
since incorrect values could be considered a property config error, and
I really just wanted this class to apply to presence (co-)constraint
violations.
- Added ObjectConfigurationError as a superclass of InvalidValueError,
PropertyPresenceError, and any other exception that could be raised
during _STIXBase object init, which is when the spec compliance
checks happen. This class is intended to represent general spec
violations.
- Did some class reordering in exceptions.py, so all the
ObjectConfigurationError subclasses were together.
Changed how property "cleaning" errors were handled:
- Previous docs said they should all be ValueErrors, but that would require
extra exception check-and-replace complexity in the property
implementations, so that requirement is removed. Doc is changed to just
say that cleaning problems should cause exceptions to be raised.
_STIXBase._check_property() now handles most exception types, not just
ValueError.
- Decided to try chaining the original clean error to the InvalidValueError,
in case the extra diagnostics would be helpful in the future. This is
done via 'six' adapter function and only works on python3.
- A small amount of testing was removed, since it was looking at custom
exception properties which became unavailable once the exception was
replaced with InvalidValueError.
Did another pass through unit tests to fix breakage caused by the changed
exception class hierarchy.
Removed unnecessary observable extension handling code from
parse_observable(), since it was all duplicated in ExtensionsProperty.
The redundant code in parse_observable() had different exception behavior
than ExtensionsProperty, which makes the API inconsistent and unit tests
more complicated. (Problems in ExtensionsProperty get replaced with
InvalidValueError, but extensions problems handled directly in
parse_observable() don't get the same replacement, and so the exception
type is different.)
Redid the workbench monkeypatching. The old way was impossible to make
work, and had caused ugly ripple effect hackage in other parts of the
codebase. Now, it replaces the global object maps with factory functions
which behave the same way when called, as real classes. Had to fix up a
few unit tests to get them all passing with this monkeypatching in place.
Also remove all the xfail markings in the workbench test suite, since all
tests now pass.
Since workbench monkeypatching isn't currently affecting any unit tests,
tox.ini was simplified to remove the special-casing for running the
workbench tests.
Removed the v20 workbench test suite, since the workbench currently only
works with the latest stix object version.
2019-07-19 20:50:11 +02:00
|
|
|
import functools
|
2021-01-13 23:50:21 +01:00
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import AttackPattern as _AttackPattern
|
|
|
|
from . import Campaign as _Campaign
|
|
|
|
from . import CourseOfAction as _CourseOfAction
|
2020-06-18 17:37:52 +02:00
|
|
|
from . import Grouping as _Grouping
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import Identity as _Identity
|
|
|
|
from . import Indicator as _Indicator
|
2020-06-18 17:37:52 +02:00
|
|
|
from . import Infrastructure as _Infrastructure
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import IntrusionSet as _IntrusionSet
|
2020-06-18 17:37:52 +02:00
|
|
|
from . import Location as _Location
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import Malware as _Malware
|
2020-06-18 17:37:52 +02:00
|
|
|
from . import MalwareAnalysis as _MalwareAnalysis
|
|
|
|
from . import Note as _Note
|
2021-01-15 18:34:10 +01:00
|
|
|
from . import OBJ_MAP
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import ObservedData as _ObservedData
|
2020-06-18 17:37:52 +02:00
|
|
|
from . import Opinion as _Opinion
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import Report as _Report
|
|
|
|
from . import ThreatActor as _ThreatActor
|
|
|
|
from . import Tool as _Tool
|
|
|
|
from . import Vulnerability as _Vulnerability
|
2021-01-15 18:34:10 +01:00
|
|
|
from .version import DEFAULT_VERSION
|
2021-01-13 23:50:21 +01:00
|
|
|
|
|
|
|
from . import ( # noqa: F401 isort:skip
|
2018-07-13 17:10:05 +02:00
|
|
|
AlternateDataStream, ArchiveExt, Artifact, AutonomousSystem,
|
|
|
|
Bundle, CustomExtension, CustomMarking, CustomObservable,
|
|
|
|
Directory, DomainName, EmailAddress, EmailMessage,
|
|
|
|
EmailMIMEComponent, Environment, ExternalReference, File,
|
|
|
|
FileSystemSource, Filter, GranularMarking, HTTPRequestExt,
|
2021-01-13 23:50:21 +01:00
|
|
|
ICMPExt, IPv4Address, IPv6Address, KillChainPhase, LanguageContent,
|
|
|
|
MACAddress, MarkingDefinition, MemoryStore, Mutex, NetworkTraffic,
|
|
|
|
NTFSExt, parse_observable, PDFExt, Process, RasterImageExt, Relationship,
|
2018-07-13 17:10:05 +02:00
|
|
|
Sighting, SocketExt, Software, StatementMarking,
|
|
|
|
TAXIICollectionSource, TCPExt, TLP_AMBER, TLP_GREEN, TLP_RED,
|
|
|
|
TLP_WHITE, TLPMarking, UNIXAccountExt, URL, UserAccount,
|
|
|
|
WindowsPEBinaryExt, WindowsPEOptionalHeaderType,
|
|
|
|
WindowsPESection, WindowsProcessExt, WindowsRegistryKey,
|
|
|
|
WindowsRegistryValueType, WindowsServiceExt, X509Certificate,
|
2021-01-13 23:50:21 +01:00
|
|
|
X509V3ExtensionsType,
|
2018-07-13 17:10:05 +02:00
|
|
|
)
|
2021-01-13 23:50:21 +01:00
|
|
|
from .datastore.filters import FilterSet # isort:skip
|
2017-11-29 14:58:01 +01:00
|
|
|
|
2019-07-24 23:20:52 +02:00
|
|
|
|
|
|
|
# Enable some adaptation to the current default supported STIX version.
|
2021-01-15 18:34:10 +01:00
|
|
|
_STIX_VID = "v" + DEFAULT_VERSION.replace(".", "")
|
2019-07-24 23:20:52 +02:00
|
|
|
|
|
|
|
|
2018-03-14 17:47:28 +01:00
|
|
|
# Use an implicit MemoryStore
|
2017-11-29 14:58:01 +01:00
|
|
|
_environ = Environment(store=MemoryStore())
|
|
|
|
|
|
|
|
create = _environ.create
|
2018-03-19 18:32:02 +01:00
|
|
|
set_default_creator = _environ.set_default_creator
|
|
|
|
set_default_created = _environ.set_default_created
|
|
|
|
set_default_external_refs = _environ.set_default_external_refs
|
|
|
|
set_default_object_marking_refs = _environ.set_default_object_marking_refs
|
2017-11-29 14:58:01 +01:00
|
|
|
get = _environ.get
|
|
|
|
all_versions = _environ.all_versions
|
|
|
|
query = _environ.query
|
|
|
|
creator_of = _environ.creator_of
|
|
|
|
relationships = _environ.relationships
|
|
|
|
related_to = _environ.related_to
|
2018-03-30 17:53:15 +02:00
|
|
|
save = _environ.add
|
2017-11-29 14:58:01 +01:00
|
|
|
add_filters = _environ.add_filters
|
|
|
|
add_filter = _environ.add_filter
|
|
|
|
parse = _environ.parse
|
|
|
|
add_data_source = _environ.source.add_data_source
|
2018-03-14 17:47:28 +01:00
|
|
|
add_data_sources = _environ.source.add_data_sources
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2017-11-29 20:12:54 +01:00
|
|
|
# Wrap SDOs with helper functions
|
|
|
|
|
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
STIX_OBJS = [
|
2020-06-18 17:37:52 +02:00
|
|
|
_AttackPattern, _Campaign, _CourseOfAction, _Identity, _Grouping,
|
|
|
|
_Indicator, _Infrastructure, _IntrusionSet, _Location, _Malware,
|
|
|
|
_MalwareAnalysis, _Note, _ObservedData, _Opinion, _Report,
|
2018-07-13 17:10:05 +02:00
|
|
|
_ThreatActor, _Tool, _Vulnerability,
|
|
|
|
]
|
2017-11-30 01:25:52 +01:00
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
STIX_OBJ_DOCS = """s
|
2018-03-22 15:55:10 +01:00
|
|
|
|
|
|
|
.. method:: created_by(*args, **kwargs)
|
|
|
|
|
|
|
|
{}
|
|
|
|
|
|
|
|
.. method:: relationships(*args, **kwargs)
|
|
|
|
|
|
|
|
{}
|
|
|
|
|
|
|
|
.. method:: related(*args, **kwargs)
|
|
|
|
|
|
|
|
{}
|
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
""".format(
|
|
|
|
_environ.creator_of.__doc__,
|
|
|
|
_environ.relationships.__doc__,
|
2020-01-05 00:02:01 +01:00
|
|
|
_environ.related_to.__doc__,
|
2018-07-13 17:10:05 +02:00
|
|
|
)
|
2018-03-22 15:55:10 +01:00
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
|
2018-03-21 18:56:50 +01:00
|
|
|
def _created_by_wrapper(self, *args, **kwargs):
|
2017-11-29 20:12:54 +01:00
|
|
|
return _environ.creator_of(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
2018-03-21 18:56:50 +01:00
|
|
|
def _relationships_wrapper(self, *args, **kwargs):
|
2017-11-29 20:12:54 +01:00
|
|
|
return _environ.relationships(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
2018-03-21 18:56:50 +01:00
|
|
|
def _related_wrapper(self, *args, **kwargs):
|
2017-11-29 20:12:54 +01:00
|
|
|
return _environ.related_to(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
2018-03-23 18:13:41 +01:00
|
|
|
def _setup_workbench():
|
|
|
|
for obj_type in STIX_OBJS:
|
Improved the exception class hierarchy:
- Removed all plain python base classes (e.g. ValueError, TypeError)
- Renamed InvalidPropertyConfigurationError -> PropertyPresenceError,
since incorrect values could be considered a property config error, and
I really just wanted this class to apply to presence (co-)constraint
violations.
- Added ObjectConfigurationError as a superclass of InvalidValueError,
PropertyPresenceError, and any other exception that could be raised
during _STIXBase object init, which is when the spec compliance
checks happen. This class is intended to represent general spec
violations.
- Did some class reordering in exceptions.py, so all the
ObjectConfigurationError subclasses were together.
Changed how property "cleaning" errors were handled:
- Previous docs said they should all be ValueErrors, but that would require
extra exception check-and-replace complexity in the property
implementations, so that requirement is removed. Doc is changed to just
say that cleaning problems should cause exceptions to be raised.
_STIXBase._check_property() now handles most exception types, not just
ValueError.
- Decided to try chaining the original clean error to the InvalidValueError,
in case the extra diagnostics would be helpful in the future. This is
done via 'six' adapter function and only works on python3.
- A small amount of testing was removed, since it was looking at custom
exception properties which became unavailable once the exception was
replaced with InvalidValueError.
Did another pass through unit tests to fix breakage caused by the changed
exception class hierarchy.
Removed unnecessary observable extension handling code from
parse_observable(), since it was all duplicated in ExtensionsProperty.
The redundant code in parse_observable() had different exception behavior
than ExtensionsProperty, which makes the API inconsistent and unit tests
more complicated. (Problems in ExtensionsProperty get replaced with
InvalidValueError, but extensions problems handled directly in
parse_observable() don't get the same replacement, and so the exception
type is different.)
Redid the workbench monkeypatching. The old way was impossible to make
work, and had caused ugly ripple effect hackage in other parts of the
codebase. Now, it replaces the global object maps with factory functions
which behave the same way when called, as real classes. Had to fix up a
few unit tests to get them all passing with this monkeypatching in place.
Also remove all the xfail markings in the workbench test suite, since all
tests now pass.
Since workbench monkeypatching isn't currently affecting any unit tests,
tox.ini was simplified to remove the special-casing for running the
workbench tests.
Removed the v20 workbench test suite, since the workbench currently only
works with the latest stix object version.
2019-07-19 20:50:11 +02:00
|
|
|
|
|
|
|
# The idea here was originally to dynamically create subclasses which
|
|
|
|
# were cleverly customized such that instantiating them would actually
|
|
|
|
# invoke _environ.create(). This turns out to be impossible, since
|
|
|
|
# __new__ can never create the class in the normal way, since that
|
|
|
|
# invokes __new__ again, resulting in infinite recursion. And
|
|
|
|
# _environ.create() does exactly that.
|
|
|
|
#
|
|
|
|
# So instead, we create something "class-like", in that calling it
|
|
|
|
# produces an instance of the desired class. But these things will
|
|
|
|
# be functions instead of classes. One might think this trickery will
|
|
|
|
# have undesirable side-effects, but actually it seems to work.
|
|
|
|
# So far...
|
2018-03-23 18:13:41 +01:00
|
|
|
new_class_dict = {
|
2019-07-24 23:20:52 +02:00
|
|
|
'__doc__': 'Workbench wrapper around the `{0} <stix2.{1}.sdo.rst#stix2.{1}.sdo.{0}>`__ object. {2}'.format(
|
|
|
|
obj_type.__name__,
|
|
|
|
_STIX_VID,
|
|
|
|
STIX_OBJ_DOCS,
|
|
|
|
),
|
Improved the exception class hierarchy:
- Removed all plain python base classes (e.g. ValueError, TypeError)
- Renamed InvalidPropertyConfigurationError -> PropertyPresenceError,
since incorrect values could be considered a property config error, and
I really just wanted this class to apply to presence (co-)constraint
violations.
- Added ObjectConfigurationError as a superclass of InvalidValueError,
PropertyPresenceError, and any other exception that could be raised
during _STIXBase object init, which is when the spec compliance
checks happen. This class is intended to represent general spec
violations.
- Did some class reordering in exceptions.py, so all the
ObjectConfigurationError subclasses were together.
Changed how property "cleaning" errors were handled:
- Previous docs said they should all be ValueErrors, but that would require
extra exception check-and-replace complexity in the property
implementations, so that requirement is removed. Doc is changed to just
say that cleaning problems should cause exceptions to be raised.
_STIXBase._check_property() now handles most exception types, not just
ValueError.
- Decided to try chaining the original clean error to the InvalidValueError,
in case the extra diagnostics would be helpful in the future. This is
done via 'six' adapter function and only works on python3.
- A small amount of testing was removed, since it was looking at custom
exception properties which became unavailable once the exception was
replaced with InvalidValueError.
Did another pass through unit tests to fix breakage caused by the changed
exception class hierarchy.
Removed unnecessary observable extension handling code from
parse_observable(), since it was all duplicated in ExtensionsProperty.
The redundant code in parse_observable() had different exception behavior
than ExtensionsProperty, which makes the API inconsistent and unit tests
more complicated. (Problems in ExtensionsProperty get replaced with
InvalidValueError, but extensions problems handled directly in
parse_observable() don't get the same replacement, and so the exception
type is different.)
Redid the workbench monkeypatching. The old way was impossible to make
work, and had caused ugly ripple effect hackage in other parts of the
codebase. Now, it replaces the global object maps with factory functions
which behave the same way when called, as real classes. Had to fix up a
few unit tests to get them all passing with this monkeypatching in place.
Also remove all the xfail markings in the workbench test suite, since all
tests now pass.
Since workbench monkeypatching isn't currently affecting any unit tests,
tox.ini was simplified to remove the special-casing for running the
workbench tests.
Removed the v20 workbench test suite, since the workbench currently only
works with the latest stix object version.
2019-07-19 20:50:11 +02:00
|
|
|
'created_by': _created_by_wrapper,
|
|
|
|
'relationships': _relationships_wrapper,
|
|
|
|
'related': _related_wrapper,
|
2018-03-23 18:13:41 +01:00
|
|
|
}
|
2018-03-22 15:55:10 +01:00
|
|
|
|
Improved the exception class hierarchy:
- Removed all plain python base classes (e.g. ValueError, TypeError)
- Renamed InvalidPropertyConfigurationError -> PropertyPresenceError,
since incorrect values could be considered a property config error, and
I really just wanted this class to apply to presence (co-)constraint
violations.
- Added ObjectConfigurationError as a superclass of InvalidValueError,
PropertyPresenceError, and any other exception that could be raised
during _STIXBase object init, which is when the spec compliance
checks happen. This class is intended to represent general spec
violations.
- Did some class reordering in exceptions.py, so all the
ObjectConfigurationError subclasses were together.
Changed how property "cleaning" errors were handled:
- Previous docs said they should all be ValueErrors, but that would require
extra exception check-and-replace complexity in the property
implementations, so that requirement is removed. Doc is changed to just
say that cleaning problems should cause exceptions to be raised.
_STIXBase._check_property() now handles most exception types, not just
ValueError.
- Decided to try chaining the original clean error to the InvalidValueError,
in case the extra diagnostics would be helpful in the future. This is
done via 'six' adapter function and only works on python3.
- A small amount of testing was removed, since it was looking at custom
exception properties which became unavailable once the exception was
replaced with InvalidValueError.
Did another pass through unit tests to fix breakage caused by the changed
exception class hierarchy.
Removed unnecessary observable extension handling code from
parse_observable(), since it was all duplicated in ExtensionsProperty.
The redundant code in parse_observable() had different exception behavior
than ExtensionsProperty, which makes the API inconsistent and unit tests
more complicated. (Problems in ExtensionsProperty get replaced with
InvalidValueError, but extensions problems handled directly in
parse_observable() don't get the same replacement, and so the exception
type is different.)
Redid the workbench monkeypatching. The old way was impossible to make
work, and had caused ugly ripple effect hackage in other parts of the
codebase. Now, it replaces the global object maps with factory functions
which behave the same way when called, as real classes. Had to fix up a
few unit tests to get them all passing with this monkeypatching in place.
Also remove all the xfail markings in the workbench test suite, since all
tests now pass.
Since workbench monkeypatching isn't currently affecting any unit tests,
tox.ini was simplified to remove the special-casing for running the
workbench tests.
Removed the v20 workbench test suite, since the workbench currently only
works with the latest stix object version.
2019-07-19 20:50:11 +02:00
|
|
|
new_class = type(obj_type.__name__, (obj_type,), new_class_dict)
|
|
|
|
factory_func = functools.partial(_environ.create, new_class)
|
|
|
|
|
|
|
|
# Add our new "class" to this module's globals and to the library-wide
|
|
|
|
# mapping. This allows parse() to use the wrapped classes.
|
|
|
|
globals()[obj_type.__name__] = factory_func
|
2021-01-15 18:34:10 +01:00
|
|
|
OBJ_MAP[obj_type._type] = factory_func
|
2018-03-23 18:13:41 +01:00
|
|
|
|
|
|
|
|
|
|
|
_setup_workbench()
|
2017-11-29 20:12:54 +01:00
|
|
|
|
|
|
|
|
2017-11-29 14:58:01 +01:00
|
|
|
# Functions to get all objects of a specific type
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def attack_patterns(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Attack Pattern objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'attack-pattern'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def campaigns(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Campaign objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'campaign'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def courses_of_action(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Course of Action objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'course-of-action'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
def groupings(filters=None):
|
|
|
|
"""Retrieve all Grouping objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'grouping'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def identities(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Identity objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'identity'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def indicators(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Indicator objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'indicator'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
def infrastructures(filters=None):
|
|
|
|
"""Retrieve all Infrastructure objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'infrastructure'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def intrusion_sets(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Intrusion Set objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'intrusion-set'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
def locations(filters=None):
|
|
|
|
"""Retrieve all Location objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'location'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def malware(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Malware objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'malware'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
def malware_analyses(filters=None):
|
|
|
|
"""Retrieve all Malware Analysis objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'malware-analysis'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
|
|
|
def notes(filters=None):
|
|
|
|
"""Retrieve all Note objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'note'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def observed_data(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Observed Data objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'observed-data'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2020-06-18 17:37:52 +02:00
|
|
|
def opinions(filters=None):
|
|
|
|
"""Retrieve all Opinion objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'opinion'))
|
|
|
|
return query(filter_list)
|
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def reports(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Report objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
2018-04-13 20:21:44 +02:00
|
|
|
filter_list.add(Filter('type', '=', 'report'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def threat_actors(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Threat Actor objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'threat-actor'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def tools(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Tool objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'tool'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|
2018-03-14 19:33:45 +01:00
|
|
|
|
|
|
|
|
2018-04-05 16:07:35 +02:00
|
|
|
def vulnerabilities(filters=None):
|
2018-03-22 15:55:10 +01:00
|
|
|
"""Retrieve all Vulnerability objects.
|
|
|
|
|
|
|
|
Args:
|
|
|
|
filters (list, optional): A list of additional filters to apply to
|
|
|
|
the query.
|
|
|
|
|
|
|
|
"""
|
2018-04-13 17:08:03 +02:00
|
|
|
filter_list = FilterSet(filters)
|
|
|
|
filter_list.add(Filter('type', '=', 'vulnerability'))
|
2018-04-04 20:02:39 +02:00
|
|
|
return query(filter_list)
|