How to use the thug.Logging.modules.MITRE.MAEC_v1_1 function in thug
To help you get started, we’ve selected a few thug examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
buffer / thug / thug / Logging / modules / MITRE / MAEC11.py View on Github 
def add_behavior(self, description = None, cve = None, snippet = None, method = "Dynamic Analysis"):
if not self.maec11_enabled:
return
if not cve and not description:
return
_id = "maec:thug:bhv:%s" % (next(self.id))
behavior = maec.BehaviorType(id = _id)
behavior.set_Discovery_Method(self._create_discovery_method(method))
purpose = maec.Purpose()
if cve:
t = maec.Attempted_Vulnerability_Exploit()
t.set_vulnerability_type('Known')
if cve:
c = maec.CVEVulnerabilityType(cve_id = cve)
t.set_Known_Exploit(c)
purpose.set_Attempted_Vulnerability_Exploit(t)
behavior.set_Purpose(purpose)
if description:purpose = maec.Purpose()
if cve:
t = maec.Attempted_Vulnerability_Exploit()
t.set_vulnerability_type('Known')
if cve:
c = maec.CVEVulnerabilityType(cve_id = cve)
t.set_Known_Exploit(c)
purpose.set_Attempted_Vulnerability_Exploit(t)
behavior.set_Purpose(purpose)
if description:
desc = maec.StructuredTextType()
try:
desc.add_Text(description)
except: #pylint:disable=bare-except
desc.add_Text(description.decode('utf-8'))
behavior.set_Description(desc)
self.behaviors.add_Behavior(behavior)def __create_analysis(self):
return maec.AnalysisType(id = 'maec:thug:ana:%d' % (next(self.id)),
start_datetime = datetime.datetime.now(),
analysis_method = "Dynamic",
Tools_Used = self.tools_used)def _add_snippet_to_associated_code(self, snippet, language, relationship, method = "Dynamic Analysis"):
discovery_method = self._create_discovery_method(method)
code = self._create_code_segment(self._normalize_snippet(snippet),
language,
discovery_method)
snippet = maec.Associated_Code_Snippet()
snippet.set_Code_Snippet(code)
snippet.set_Nature_Of_Relationship(relationship)
self.associated_code.add_Associated_Code_Snippet(snippet)if item in ('url', 'data', ):
continue
if item in ('type', ):
file_type = signature[item]
continue
_hash = maec.HashType(type_ = item,
Hash_Value = signature[item])
hashes.add_Hash(_hash)
if not file_type:
return
_file_type = maec.File_Type(type_ = file_type)
filesystem = maec.File_System_Object_Attributes(Hashes = hashes,
File_Type = _file_type)
_object = maec.ObjectType(id = "maec:thug:obj:%d" % (next(self.id)))
_object.set_File_System_Object_Attributes(filesystem)
if self.object_pool is None:
self.object_pool = maec.Object_Pool()
self.pools.set_Object_Pool(self.object_pool)
self.object_pool.add_Object(_object)def _create_discovery_method(self, method, tool = "Thug"):
_tool_id = None
for p in self._tools:
if p["Name"] == tool:
_tool_id = p["id"]
break
return maec.DiscoveryMethod(method = method,
tool_id = _tool_id if _tool_id else "maec:thug:tol:%d" % (next(self.id)))def create_object(self, url):
object_id = "maec:thug:obj:%d" % (next(self.id))
internet_object_attributes = maec.Internet_Object_Attributes(URI = url)
return maec.ObjectType(type_ = "URI",
object_name = url,
Internet_Object_Attributes = internet_object_attributes,
id = object_id)def __add_subject_to_analysis(self):
self.subject = maec.Subject()def __init_tools_used(self):
self.tools_used = maec.Tools_Used()
for t in self._tools:
tool = maec.ToolType(id = t['id'],
Name = t['Name'],
Version = t['Version'],
Vendor = t['Vendor'],
Organization = t['Organization'])
self.tools_used.add_Tool(tool)continue
if item in ('type', ):
file_type = signature[item]
continue
_hash = maec.HashType(type_ = item,
Hash_Value = signature[item])
hashes.add_Hash(_hash)
if not file_type:
return
_file_type = maec.File_Type(type_ = file_type)
filesystem = maec.File_System_Object_Attributes(Hashes = hashes,
File_Type = _file_type)
_object = maec.ObjectType(id = "maec:thug:obj:%d" % (next(self.id)))
_object.set_File_System_Object_Attributes(filesystem)
if self.object_pool is None:
self.object_pool = maec.Object_Pool()
self.pools.set_Object_Pool(self.object_pool)
self.object_pool.add_Object(_object)
Popular thug functions
- thug.__configuration_path__
- thug.ActiveX.ActiveX._ActiveXObject
- thug.Classifier.BaseClassifier.BaseClassifier
- thug.Classifier.BaseClassifier.BaseClassifier.__init__
- thug.DOM.DFT.DFT
- thug.DOM.JSClass.JSClass
- thug.DOM.W3C.Core.DOMException.DOMException
- thug.DOM.W3C.Core.DOMImplementation.DOMImplementation
- thug.DOM.W3C.Core.DOMImplementation.DOMImplementation.createHTMLElement
- thug.DOM.W3C.Core.Node.Node
- thug.DOM.W3C.HTML.attr_property.attr_property
- thug.DOM.W3C.HTML.bool_property.bool_property
- thug.DOM.W3C.HTML.HTMLCollection.HTMLCollection
- thug.DOM.W3C.HTML.HTMLElement.HTMLElement
- thug.DOM.W3C.HTML.HTMLElement.HTMLElement.__init__
- thug.DOM.W3C.w3c.parseString
- thug.DOM.Window.Window
- thug.Logging.modules.MITRE.MAEC_v1_1
- thug.ThugAPI.ThugAPI.ThugAPI
- thug.ThugAPI.ThugOpts.ThugOpts