MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Add object mappings in the top of each version package

stix2.1
Emmanuelle Vargas-Gonzalez 2018-07-10 14:59:43 -04:00
parent 03e19f197c
commit 78d77254ae
2 changed files with 99 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
stix2/v20/__init__.py
View File

@ -8,17 +8,15 @@ from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact, from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
AutonomousSystem, CustomExtension, CustomObservable, AutonomousSystem, CustomExtension, CustomObservable,
Directory, DomainName, EmailAddress, EmailMessage, Directory, DomainName, EmailAddress, EmailMessage,
EmailMIMEComponent, ExtensionsProperty, File, EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
HTTPRequestExt, ICMPExt, IPv4Address, IPv6Address, IPv4Address, IPv6Address, MACAddress, Mutex,
MACAddress, Mutex, NetworkTraffic, NTFSExt, NetworkTraffic, NTFSExt, PDFExt, Process,
ObservableProperty, PDFExt, Process, RasterImageExt, RasterImageExt, SocketExt, Software, TCPExt,
SocketExt, Software, TCPExt, UNIXAccountExt, UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
UserAccount, WindowsPEBinaryExt,
WindowsPEOptionalHeaderType, WindowsPESection, WindowsPEOptionalHeaderType, WindowsPESection,
WindowsProcessExt, WindowsRegistryKey, WindowsProcessExt, WindowsRegistryKey,
WindowsRegistryValueType, WindowsServiceExt, WindowsRegistryValueType, WindowsServiceExt,
X509Certificate, X509V3ExtenstionsType, X509Certificate, X509V3ExtenstionsType)
parse_observable)
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject, from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
Identity, Indicator, IntrusionSet, Malware, ObservedData, Identity, Indicator, IntrusionSet, Malware, ObservedData,
Report, ThreatActor, Tool, Vulnerability) Report, ThreatActor, Tool, Vulnerability)
@ -42,3 +40,47 @@ OBJ_MAP = {
'sighting': Sighting, 'sighting': Sighting,
'vulnerability': Vulnerability, 'vulnerability': Vulnerability,
} }
OBJ_MAP_OBSERVABLE = {
'artifact': Artifact,
'autonomous-system': AutonomousSystem,
'directory': Directory,
'domain-name': DomainName,
'email-addr': EmailAddress,
'email-message': EmailMessage,
'file': File,
'ipv4-addr': IPv4Address,
'ipv6-addr': IPv6Address,
'mac-addr': MACAddress,
'mutex': Mutex,
'network-traffic': NetworkTraffic,
'process': Process,
'software': Software,
'url': URL,
'user-account': UserAccount,
'windows-registry-key': WindowsRegistryKey,
'x509-certificate': X509Certificate,
}
EXT_MAP = {
'file': {
'archive-ext': ArchiveExt,
'ntfs-ext': NTFSExt,
'pdf-ext': PDFExt,
'raster-image-ext': RasterImageExt,
'windows-pebinary-ext': WindowsPEBinaryExt
},
'network-traffic': {
'http-request-ext': HTTPRequestExt,
'icmp-ext': ICMPExt,
'socket-ext': SocketExt,
'tcp-ext': TCPExt,
},
'process': {
'windows-process-ext': WindowsProcessExt,
'windows-service-ext': WindowsServiceExt,
},
'user-account': {
'unix-account-ext': UNIXAccountExt,
},
}

55
stix2/v21/__init__.py
View File

@ -9,16 +9,15 @@ from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact, from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
AutonomousSystem, CustomExtension, CustomObservable, AutonomousSystem, CustomExtension, CustomObservable,
Directory, DomainName, EmailAddress, EmailMessage, Directory, DomainName, EmailAddress, EmailMessage,
EmailMIMEComponent, ExtensionsProperty, File, EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
HTTPRequestExt, ICMPExt, IPv4Address, IPv6Address, IPv4Address, IPv6Address, MACAddress, Mutex,
MACAddress, Mutex, NetworkTraffic, NTFSExt, PDFExt, NetworkTraffic, NTFSExt, PDFExt, Process,
Process, RasterImageExt, SocketExt, Software, TCPExt, RasterImageExt, SocketExt, Software, TCPExt,
UNIXAccountExt, UserAccount, WindowsPEBinaryExt, UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
WindowsPEOptionalHeaderType, WindowsPESection, WindowsPEOptionalHeaderType, WindowsPESection,
WindowsProcessExt, WindowsRegistryKey, WindowsProcessExt, WindowsRegistryKey,
WindowsRegistryValueType, WindowsServiceExt, WindowsRegistryValueType, WindowsServiceExt,
X509Certificate, X509V3ExtenstionsType, X509Certificate, X509V3ExtenstionsType)
parse_observable)
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject, from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
Identity, Indicator, IntrusionSet, Location, Malware, Note, Identity, Indicator, IntrusionSet, Location, Malware, Note,
ObservedData, Opinion, Report, ThreatActor, Tool, ObservedData, Opinion, Report, ThreatActor, Tool,
@ -47,3 +46,47 @@ OBJ_MAP = {
'sighting': Sighting, 'sighting': Sighting,
'vulnerability': Vulnerability, 'vulnerability': Vulnerability,
} }
OBJ_MAP_OBSERVABLE = {
'artifact': Artifact,
'autonomous-system': AutonomousSystem,
'directory': Directory,
'domain-name': DomainName,
'email-addr': EmailAddress,
'email-message': EmailMessage,
'file': File,
'ipv4-addr': IPv4Address,
'ipv6-addr': IPv6Address,
'mac-addr': MACAddress,
'mutex': Mutex,
'network-traffic': NetworkTraffic,
'process': Process,
'software': Software,
'url': URL,
'user-account': UserAccount,
'windows-registry-key': WindowsRegistryKey,
'x509-certificate': X509Certificate,
}
EXT_MAP = {
'file': {
'archive-ext': ArchiveExt,
'ntfs-ext': NTFSExt,
'pdf-ext': PDFExt,
'raster-image-ext': RasterImageExt,
'windows-pebinary-ext': WindowsPEBinaryExt
},
'network-traffic': {
'http-request-ext': HTTPRequestExt,
'icmp-ext': ICMPExt,
'socket-ext': SocketExt,
'tcp-ext': TCPExt,
},
'process': {
'windows-process-ext': WindowsProcessExt,
'windows-service-ext': WindowsServiceExt,
},
'user-account': {
'unix-account-ext': UNIXAccountExt,
},
}