func main() {
sm := stix.New()
sm.AddIdRef("company1:package-8ef29ed2-0e87-4dfa-b5c4-00788484be09")
sm.SetTimestampToNow()
var data []byte
data, _ = json.MarshalIndent(sm, "", " ")
fmt.Println(string(data))
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
i1.AddValidTimePosition("2015-01-01T00:00:00-0700", "2015-02-02T23:59:59-0700")
i1.AddValidTimePosition("2014-01-01T00:00:00-0700", "2014-02-02T23:59:59-0700")
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
i1.SetTimestampToNow()
i1.AddTitle("Attack 2015-02")
i1.AddType("IP Watchlist")
observable_i1 := i1.NewObservable()
properties_1 := observable_i1.GetObjectProperties()
properties_1.AddType("URL")
properties_1.AddEqualsUriValue("http://foo.com")
properties_1.AddEqualsUriValue("http://bar.com")
properties_1.AddEqualsUriValue("http://fooandbar.com")
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
i1.SetTimestampToNow()
i1.AddTitle("Attack 2015-02")
i1.AddType("IP Watchlist")
i1.AddType("URL Watchlist")
h := stix.CreateHandling()
h.AddControlledStructure("Foobar")
h.AddTLPMarking("Red")
i1.AddHandling(h)
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
i1.AddIdRef("companyfoo:indicator-1234-1234-1234-1234")
i1.AddVersion("2.0.alpha")
i1.SetTimestampToNow()
i1.SetNegate(false)
i1.AddTitle("Some really neat indicator that we found")
i1.AddType("URL Watchlist")
i1.AddAlternativeID("CV-2014-12-12345")
i1.AddAlternativeID("CV-2015-02-54321")
i1.AddDescriptionText("", "Some long description")
i1.AddShortDescriptionText("", "Some shorter description")
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
i1.SetTimestampToNow()
i1.AddTitle("Attack 2015-02")
// Create TTP and Cyber Kill Chain Definitions
t := ttp.Create()
k := stix.CreateKillChain()
k.CreateId()
k.AddDefiner("LMCO")
k.AddName("LM Cyber Kill Chain")
k.AddNumberOfPhases(7)
k.AddReference("http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html")
k.AddPhase(1, "Reconnaissance")
k.AddPhase(2, "Weaponization")
k.AddPhase(3, "Delivery")
k.AddPhase(4, "Exploitation")
k.AddPhase(5, "Installation")
k.AddPhase(6, "Command and Control")
k.AddPhase(7, "Actions on Objectives")
t.AddKillChains(k)
// Get ID values from kill chain
chainId := k.Id
phase3Id := k.KillChainPhase[2].PhaseId
i1.AddKillChainPhaseAndChain(phase3Id, chainId)
s.AddTTPs(t)
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}
func (this *ServerType) createIndicatorsJSON(collectionName string) string {
// Need to pass in the collection name they have requested
// then go to the database and the get the fields that are needed
// to populate the correct STIX message.
// I need a table in the database add the source data and other things to the collections table
// Create a new table for holding the indicators / observables.
s := stix.New()
i1 := s.NewIndicator()
i1.SetTimestampToNow()
if collectionName == "ip-watch-list" || collectionName == "url-watch-list" {
list := []string{
"176.119.3.108",
"178.207.85.119",
"178.63.174.153",
"188.241.140.212",
"14.138.73.47",
"131.72.138.45",
"62.84.51.39",
"62.109.23.246",
"5.101.113.169",
"213.231.8.30",
"208.43.25.52",
"112.208.6.209",
"115.239.248.87",
"117.216.190.71",
"131.72.139.233",
"129.194.97.21",
"162.244.35.229",
"178.219.10.23",
"184.154.124.203",
"184.154.146.100",
"184.154.146.101",
}
i1.AddTitle("Malicious IP Addresses")
i1.AddType("IP Watchlist")
observable_i1 := i1.NewObservable()
properties_1 := observable_i1.GetObjectProperties()
properties_1.AddType("IP Address")
for _, value := range list {
properties_1.AddEqualsUriValue(value)
}
} else if collectionName == "et-compromised-ips" {
source1 := stix.CreateInformationSource()
source1.AddDescriptionText("The Test.FreeTAXII.com Server")
source1.SetProducedTimeToNow()
source1.AddReference("http://test.freetaxii.com")
identity1 := stix.CreateIdentity()
identity1.AddName("FreeTAXII")
source1.AddIdentity(identity1)
contribSource1 := stix.CreateInformationSource()
identity2 := stix.CreateIdentity()
identity2.AddName("Emerging Threats Compromised IPs")
contribSource1.AddIdentity(identity2)
contribSource1.AddReference("http://rules.emergingthreats.net/blockrules/compromised-ips.txt")
source1.AddContributingSource(contribSource1)
i1.AddProducer(source1)
resp, _ := http.Get("http://rules.emergingthreats.net/blockrules/compromised-ips.txt")
defer resp.Body.Close()
rawhtmlbody, _ := ioutil.ReadAll(resp.Body)
s := string(rawhtmlbody)
s = strings.TrimSpace(s)
body := strings.Split(s, "\n")
i1.AddTitle("Compromised IP Addresses")
i1.AddType("IP Watchlist")
observable_i1 := i1.NewObservable()
properties_1 := observable_i1.GetObjectProperties()
properties_1.AddType("IP Address")
for _, value := range body {
properties_1.AddEqualsUriValue(value)
}
}
var data []byte
// if this.SysConfig.Poll.output == true {
data, _ = json.MarshalIndent(s, "", " ")
// } else {
// data, _ = json.Marshal(s)
// }
return string(data)
}
func main() {
s := stix.New()
i1 := s.NewIndicator()
s.SetTimestampToNow()
i1.AddIdRef("companyfoo:indicator-1234-1234-1234-1234")
i1.AddVersion("2.0")
i1.SetTimestampToNow()
i1.SetNegate(false)
i1.AddTitle("Some really neat indicator that we found")
i1.AddType("URL Watchlist")
i1.AddAlternativeID("CV-2014-12-12345")
i1.AddAlternativeID("CV-2015-02-54321")
i1.AddDescriptionText("", "Some long description")
i1.AddShortDescriptionText("", "Some shorter description")
i1.AddValidTimePosition("2015-01-01T00:00:00-0700", "2015-02-02T23:59:59-0700")
i1.AddValidTimePosition("2014-01-01T00:00:00-0700", "2014-02-02T23:59:59-0700")
source1 := stix.CreateInformationSource()
source1.AddDescription("Some details about this source")
source1.AddStartTime("2015-01-01T11:12:13-0700")
source1.AddEndTime("2015-01-05T11:12:13-0700")
source1.AddProducedTime("2015-01-05T11:12:13-0700")
source1.AddReceivedTime("2015-01-05T11:12:13-0700")
source1.AddRoleDetail("MyRoleVocab-1.0", "http://example.com/MyRoleVocab-1.0.txt", "CIO")
identity1 := stix.CreateIdentity()
identity1.CreateId()
identity1.AddIdRef("companyfoo:identity-1234-1234-1234-1234")
identity1.AddName("Lego Guy 1")
source1.AddIdentity(identity1)
// Create contributing source 1
contribSource1 := stix.CreateInformationSource()
contribSource1.AddDescription("Special source 1")
identity2 := stix.CreateIdentity()
identity2.AddName("George the Lego Guy")
contribSource1.AddIdentity(identity2)
// Create contributing source 2
contribSource2 := stix.CreateInformationSource()
contribSource2.AddDescription("Special source 2")
identity3 := stix.CreateIdentity()
identity3.AddName("Fred the Lego Guy")
contribSource2.AddIdentity(identity3)
source1.AddContributingSource(contribSource1)
source1.AddContributingSource(contribSource2)
source1.AddReference("http://foo.com/foo.txt")
source1.AddReference("http://bar.com/bar.txt")
con1 := stix.CreateConfidence()
con1.CreateTimeStamp()
con1.AddTimeStampPrecision("0.0")
con1.AddValueDetail("MyConfidenceVocab-1.0", "http://example.com/MyConfidenceVocab-1.0.txt", "Super Sure")
con1.AddDescription("We are super sure about this one")
con1.AddSource(source1)
con2 := stix.CreateConfidence()
con2.CreateTimeStamp()
con2.AddTimeStampPrecision("0.0")
con2.AddValueDetail("MyConfidenceVocab-1.0", "http://example.com/MyConfidenceVocab-1.0.txt", "Super Sure")
con2.AddDescription("These people are more sure")
con2.AddSource(source1)
con1.AddConfidenceAssertion(con2)
i1.AddConfidence(con1)
i1.AddProducer(source1)
i2 := s.NewIndicator()
i2.SetNegate(true)
// fmt.Println(s.STIXPackage.Id)
// fmt.Println(s.STIXPackage.Indicators[0].Title)
// fmt.Println(s.STIXPackage.Indicators[0].Type[0].Value)
// fmt.Println(s.STIXPackage.Indicators[0].Producer.Identity.Name)
//fmt.Println(i)
var data []byte
data, _ = json.MarshalIndent(s, "", " ")
fmt.Println(string(data))
}