2017-11-29 14:58:01 +01:00
|
|
|
"""Functions and class wrappers for interacting with STIX data at a high level.
|
|
|
|
"""
|
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
from . import AttackPattern as _AttackPattern
|
|
|
|
from . import Campaign as _Campaign
|
|
|
|
from . import CourseOfAction as _CourseOfAction
|
|
|
|
from . import Identity as _Identity
|
|
|
|
from . import Indicator as _Indicator
|
|
|
|
from . import IntrusionSet as _IntrusionSet
|
|
|
|
from . import Malware as _Malware
|
|
|
|
from . import ObservedData as _ObservedData
|
|
|
|
from . import Report as _Report
|
|
|
|
from . import ThreatActor as _ThreatActor
|
|
|
|
from . import Tool as _Tool
|
|
|
|
from . import Vulnerability as _Vulnerability
|
2018-03-14 17:47:28 +01:00
|
|
|
from .datastore.memory import MemoryStore
|
2017-11-29 14:58:01 +01:00
|
|
|
from .environment import Environment
|
|
|
|
|
2018-03-14 17:47:28 +01:00
|
|
|
# Use an implicit MemoryStore
|
2017-11-29 14:58:01 +01:00
|
|
|
_environ = Environment(store=MemoryStore())
|
|
|
|
|
|
|
|
create = _environ.create
|
|
|
|
get = _environ.get
|
|
|
|
all_versions = _environ.all_versions
|
|
|
|
query = _environ.query
|
2018-03-16 20:41:08 +01:00
|
|
|
query_by_type = _environ.query_by_type
|
2017-11-29 14:58:01 +01:00
|
|
|
creator_of = _environ.creator_of
|
|
|
|
relationships = _environ.relationships
|
|
|
|
related_to = _environ.related_to
|
|
|
|
add = _environ.add
|
|
|
|
add_filters = _environ.add_filters
|
|
|
|
add_filter = _environ.add_filter
|
|
|
|
parse = _environ.parse
|
|
|
|
add_data_source = _environ.source.add_data_source
|
2018-03-14 17:47:28 +01:00
|
|
|
add_data_sources = _environ.source.add_data_sources
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2017-11-29 20:12:54 +01:00
|
|
|
# Wrap SDOs with helper functions
|
|
|
|
|
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
STIX_OBJS = [_AttackPattern, _Campaign, _CourseOfAction, _Identity,
|
|
|
|
_Indicator, _IntrusionSet, _Malware, _ObservedData, _Report,
|
|
|
|
_ThreatActor, _Tool, _Vulnerability]
|
|
|
|
|
|
|
|
|
2017-11-29 20:12:54 +01:00
|
|
|
def created_by_wrapper(self, *args, **kwargs):
|
|
|
|
return _environ.creator_of(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
def relationships_wrapper(self, *args, **kwargs):
|
|
|
|
return _environ.relationships(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
def related_wrapper(self, *args, **kwargs):
|
|
|
|
return _environ.related_to(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
def constructor_wrapper(obj_type):
|
|
|
|
# Use an intermediate wrapper class so the implicit environment will create objects that have our wrapper functions
|
|
|
|
wrapped_type = type(obj_type.__name__, obj_type.__bases__, dict(
|
|
|
|
created_by=created_by_wrapper,
|
|
|
|
relationships=relationships_wrapper,
|
|
|
|
related=related_wrapper,
|
|
|
|
**obj_type.__dict__
|
|
|
|
))
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def new_constructor(cls, *args, **kwargs):
|
|
|
|
return _environ.create(wrapped_type, *args, **kwargs)
|
|
|
|
return new_constructor
|
|
|
|
|
2017-11-29 20:12:54 +01:00
|
|
|
|
2017-11-30 01:25:52 +01:00
|
|
|
# Create wrapper classes whose constructors call the implicit environment's create()
|
2017-11-29 20:12:54 +01:00
|
|
|
for obj_type in STIX_OBJS:
|
2017-11-30 01:25:52 +01:00
|
|
|
new_class = type(obj_type.__name__, (), {})
|
|
|
|
new_class.__new__ = constructor_wrapper(obj_type)
|
|
|
|
globals()[obj_type.__name__] = new_class
|
2017-11-29 20:12:54 +01:00
|
|
|
|
|
|
|
|
2017-11-29 14:58:01 +01:00
|
|
|
# Functions to get all objects of a specific type
|
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def attack_patterns(filters=None):
|
|
|
|
return query_by_type('attack-pattern', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def campaigns(filters=None):
|
|
|
|
return query_by_type('campaign', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def courses_of_action(filters=None):
|
|
|
|
return query_by_type('course-of-action', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def identities(filters=None):
|
|
|
|
return query_by_type('identity', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def indicators(filters=None):
|
|
|
|
return query_by_type('indicator', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def intrusion_sets(filters=None):
|
|
|
|
return query_by_type('intrusion-set', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def malware(filters=None):
|
|
|
|
return query_by_type('malware', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def observed_data(filters=None):
|
|
|
|
return query_by_type('observed-data', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def reports(filters=None):
|
|
|
|
return query_by_type('report', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
def threat_actors(filters=None):
|
|
|
|
return query_by_type('threat-actor', filters)
|
2017-11-29 14:58:01 +01:00
|
|
|
|
2018-03-14 19:33:45 +01:00
|
|
|
|
|
|
|
def tools(filters=None):
|
|
|
|
return query_by_type('tool', filters)
|
|
|
|
|
|
|
|
|
|
|
|
def vulnerabilities(filters=None):
|
|
|
|
return query_by_type('vulnerability', filters)
|