Add object mappings in the top of each version package
Emmanuelle Vargas-Gonzalez
parent
03e19f197c
commit
78d77254ae
|
|
@ -8,17 +8,15 @@ from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
|
|||
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
|
||||
AutonomousSystem, CustomExtension, CustomObservable,
|
||||
Directory, DomainName, EmailAddress, EmailMessage,
|
||||
EmailMIMEComponent, ExtensionsProperty, File,
|
||||
HTTPRequestExt, ICMPExt, IPv4Address, IPv6Address,
|
||||
MACAddress, Mutex, NetworkTraffic, NTFSExt,
|
||||
ObservableProperty, PDFExt, Process, RasterImageExt,
|
||||
SocketExt, Software, TCPExt, UNIXAccountExt,
|
||||
UserAccount, WindowsPEBinaryExt,
|
||||
EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
|
||||
IPv4Address, IPv6Address, MACAddress, Mutex,
|
||||
NetworkTraffic, NTFSExt, PDFExt, Process,
|
||||
RasterImageExt, SocketExt, Software, TCPExt,
|
||||
UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
|
||||
WindowsPEOptionalHeaderType, WindowsPESection,
|
||||
WindowsProcessExt, WindowsRegistryKey,
|
||||
WindowsRegistryValueType, WindowsServiceExt,
|
||||
X509Certificate, X509V3ExtenstionsType,
|
||||
parse_observable)
|
||||
X509Certificate, X509V3ExtenstionsType)
|
||||
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
|
||||
Identity, Indicator, IntrusionSet, Malware, ObservedData,
|
||||
Report, ThreatActor, Tool, Vulnerability)
|
||||
|
|
@ -42,3 +40,47 @@ OBJ_MAP = {
|
|||
'sighting': Sighting,
|
||||
'vulnerability': Vulnerability,
|
||||
}
|
||||
|
||||
OBJ_MAP_OBSERVABLE = {
|
||||
'artifact': Artifact,
|
||||
'autonomous-system': AutonomousSystem,
|
||||
'directory': Directory,
|
||||
'domain-name': DomainName,
|
||||
'email-addr': EmailAddress,
|
||||
'email-message': EmailMessage,
|
||||
'file': File,
|
||||
'ipv4-addr': IPv4Address,
|
||||
'ipv6-addr': IPv6Address,
|
||||
'mac-addr': MACAddress,
|
||||
'mutex': Mutex,
|
||||
'network-traffic': NetworkTraffic,
|
||||
'process': Process,
|
||||
'software': Software,
|
||||
'url': URL,
|
||||
'user-account': UserAccount,
|
||||
'windows-registry-key': WindowsRegistryKey,
|
||||
'x509-certificate': X509Certificate,
|
||||
}
|
||||
|
||||
EXT_MAP = {
|
||||
'file': {
|
||||
'archive-ext': ArchiveExt,
|
||||
'ntfs-ext': NTFSExt,
|
||||
'pdf-ext': PDFExt,
|
||||
'raster-image-ext': RasterImageExt,
|
||||
'windows-pebinary-ext': WindowsPEBinaryExt
|
||||
},
|
||||
'network-traffic': {
|
||||
'http-request-ext': HTTPRequestExt,
|
||||
'icmp-ext': ICMPExt,
|
||||
'socket-ext': SocketExt,
|
||||
'tcp-ext': TCPExt,
|
||||
},
|
||||
'process': {
|
||||
'windows-process-ext': WindowsProcessExt,
|
||||
'windows-service-ext': WindowsServiceExt,
|
||||
},
|
||||
'user-account': {
|
||||
'unix-account-ext': UNIXAccountExt,
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,16 +9,15 @@ from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
|
|||
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
|
||||
AutonomousSystem, CustomExtension, CustomObservable,
|
||||
Directory, DomainName, EmailAddress, EmailMessage,
|
||||
EmailMIMEComponent, ExtensionsProperty, File,
|
||||
HTTPRequestExt, ICMPExt, IPv4Address, IPv6Address,
|
||||
MACAddress, Mutex, NetworkTraffic, NTFSExt, PDFExt,
|
||||
Process, RasterImageExt, SocketExt, Software, TCPExt,
|
||||
EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
|
||||
IPv4Address, IPv6Address, MACAddress, Mutex,
|
||||
NetworkTraffic, NTFSExt, PDFExt, Process,
|
||||
RasterImageExt, SocketExt, Software, TCPExt,
|
||||
UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
|
||||
WindowsPEOptionalHeaderType, WindowsPESection,
|
||||
WindowsProcessExt, WindowsRegistryKey,
|
||||
WindowsRegistryValueType, WindowsServiceExt,
|
||||
X509Certificate, X509V3ExtenstionsType,
|
||||
parse_observable)
|
||||
X509Certificate, X509V3ExtenstionsType)
|
||||
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
|
||||
Identity, Indicator, IntrusionSet, Location, Malware, Note,
|
||||
ObservedData, Opinion, Report, ThreatActor, Tool,
|
||||
|
|
@ -47,3 +46,47 @@ OBJ_MAP = {
|
|||
'sighting': Sighting,
|
||||
'vulnerability': Vulnerability,
|
||||
}
|
||||
|
||||
OBJ_MAP_OBSERVABLE = {
|
||||
'artifact': Artifact,
|
||||
'autonomous-system': AutonomousSystem,
|
||||
'directory': Directory,
|
||||
'domain-name': DomainName,
|
||||
'email-addr': EmailAddress,
|
||||
'email-message': EmailMessage,
|
||||
'file': File,
|
||||
'ipv4-addr': IPv4Address,
|
||||
'ipv6-addr': IPv6Address,
|
||||
'mac-addr': MACAddress,
|
||||
'mutex': Mutex,
|
||||
'network-traffic': NetworkTraffic,
|
||||
'process': Process,
|
||||
'software': Software,
|
||||
'url': URL,
|
||||
'user-account': UserAccount,
|
||||
'windows-registry-key': WindowsRegistryKey,
|
||||
'x509-certificate': X509Certificate,
|
||||
}
|
||||
|
||||
EXT_MAP = {
|
||||
'file': {
|
||||
'archive-ext': ArchiveExt,
|
||||
'ntfs-ext': NTFSExt,
|
||||
'pdf-ext': PDFExt,
|
||||
'raster-image-ext': RasterImageExt,
|
||||
'windows-pebinary-ext': WindowsPEBinaryExt
|
||||
},
|
||||
'network-traffic': {
|
||||
'http-request-ext': HTTPRequestExt,
|
||||
'icmp-ext': ICMPExt,
|
||||
'socket-ext': SocketExt,
|
||||
'tcp-ext': TCPExt,
|
||||
},
|
||||
'process': {
|
||||
'windows-process-ext': WindowsProcessExt,
|
||||
'windows-service-ext': WindowsServiceExt,
|
||||
},
|
||||
'user-account': {
|
||||
'unix-account-ext': UNIXAccountExt,
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue