MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Allow add'l filters in workbench query functions

stix2.0
Chris Lenk 2018-03-14 14:33:45 -04:00
parent 4424809225
commit 53c2d4fadf
2 changed files with 46 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
stix2/test/test_workbench.py
View File

@ -189,3 +189,14 @@ def test_add_data_source():
assert TOOL_ID in resp_ids assert TOOL_ID in resp_ids
assert 'tool--03342581-f790-4f03-ba41-e82e67392e23' in resp_ids assert 'tool--03342581-f790-4f03-ba41-e82e67392e23' in resp_ids
assert 'tool--242f3da3-4425-4d11-8f5c-b842886da966' in resp_ids assert 'tool--242f3da3-4425-4d11-8f5c-b842886da966' in resp_ids
def test_additional_filter():
resp = tools(stix2.Filter('created_by_ref', '=', 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5'))
assert len(resp) == 2
def test_additional_filters_list():
resp = tools([stix2.Filter('created_by_ref', '=', 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5'),
stix2.Filter('name', '=', 'Windows Credential Editor')])
assert len(resp) == 1

59
stix2/workbench.py
View File

@ -80,49 +80,60 @@ for obj_type in STIX_OBJS:
# Functions to get all objects of a specific type # Functions to get all objects of a specific type
def attack_patterns(): def query_by_type(obj_type='indicator', filters=None):
return query(Filter('type', '=', 'attack-pattern')) filter_list = [Filter('type', '=', obj_type)]
if filters:
if isinstance(filters, list):
filter_list += filters
else:
filter_list.append(filters)
return query(filter_list)
def campaigns(): def attack_patterns(filters=None):
return query(Filter('type', '=', 'campaign')) return query_by_type('attack-pattern', filters)
def courses_of_action(): def campaigns(filters=None):
return query(Filter('type', '=', 'course-of-action')) return query_by_type('campaign', filters)
def identities(): def courses_of_action(filters=None):
return query(Filter('type', '=', 'identity')) return query_by_type('course-of-action', filters)
def indicators(): def identities(filters=None):
return query(Filter('type', '=', 'indicator')) return query_by_type('identity', filters)
def intrusion_sets(): def indicators(filters=None):
return query(Filter('type', '=', 'intrusion-set')) return query_by_type('indicator', filters)
def malware(): def intrusion_sets(filters=None):
return query(Filter('type', '=', 'malware')) return query_by_type('intrusion-set', filters)
def observed_data(): def malware(filters=None):
return query(Filter('type', '=', 'observed-data')) return query_by_type('malware', filters)
def reports(): def observed_data(filters=None):
return query(Filter('type', '=', 'report')) return query_by_type('observed-data', filters)
def threat_actors(): def reports(filters=None):
return query(Filter('type', '=', 'threat-actor')) return query_by_type('report', filters)
def tools(): def threat_actors(filters=None):
return query(Filter('type', '=', 'tool')) return query_by_type('threat-actor', filters)
def vulnerabilities(): def tools(filters=None):
return query(Filter('type', '=', 'vulnerability')) return query_by_type('tool', filters)
def vulnerabilities(filters=None):
return query_by_type('vulnerability', filters)