Example #1
0
func main() {
	sm := stix.New()
	sm.AddIdRef("company1:package-8ef29ed2-0e87-4dfa-b5c4-00788484be09")
	sm.SetTimestampToNow()

	var data []byte
	data, _ = json.MarshalIndent(sm, "", "    ")

	fmt.Println(string(data))
}
func main() {

	s := stix.New()
	i1 := s.NewIndicator()

	i1.AddValidTimePosition("2015-01-01T00:00:00-0700", "2015-02-02T23:59:59-0700")
	i1.AddValidTimePosition("2014-01-01T00:00:00-0700", "2014-02-02T23:59:59-0700")

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))

}
Example #3
0
func main() {
	s := stix.New()
	i1 := s.NewIndicator()

	i1.SetTimestampToNow()
	i1.AddTitle("Attack 2015-02")
	i1.AddType("IP Watchlist")
	observable_i1 := i1.NewObservable()
	properties_1 := observable_i1.GetObjectProperties()

	properties_1.AddType("URL")
	properties_1.AddEqualsUriValue("http://foo.com")
	properties_1.AddEqualsUriValue("http://bar.com")
	properties_1.AddEqualsUriValue("http://fooandbar.com")

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))
}
Example #4
0
func main() {

	s := stix.New()
	i1 := s.NewIndicator()

	i1.SetTimestampToNow()
	i1.AddTitle("Attack 2015-02")
	i1.AddType("IP Watchlist")
	i1.AddType("URL Watchlist")

	h := stix.CreateHandling()
	h.AddControlledStructure("Foobar")
	h.AddTLPMarking("Red")

	i1.AddHandling(h)

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))
}
func main() {

	s := stix.New()
	i1 := s.NewIndicator()

	i1.AddIdRef("companyfoo:indicator-1234-1234-1234-1234")
	i1.AddVersion("2.0.alpha")
	i1.SetTimestampToNow()
	i1.SetNegate(false)
	i1.AddTitle("Some really neat indicator that we found")
	i1.AddType("URL Watchlist")
	i1.AddAlternativeID("CV-2014-12-12345")
	i1.AddAlternativeID("CV-2015-02-54321")
	i1.AddDescriptionText("", "Some long description")
	i1.AddShortDescriptionText("", "Some shorter description")

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))

}
Example #6
0
func main() {

	s := stix.New()
	i1 := s.NewIndicator()

	i1.SetTimestampToNow()
	i1.AddTitle("Attack 2015-02")

	// Create TTP and Cyber Kill Chain Definitions
	t := ttp.Create()
	k := stix.CreateKillChain()
	k.CreateId()
	k.AddDefiner("LMCO")
	k.AddName("LM Cyber Kill Chain")
	k.AddNumberOfPhases(7)
	k.AddReference("http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-chain.html")
	k.AddPhase(1, "Reconnaissance")
	k.AddPhase(2, "Weaponization")
	k.AddPhase(3, "Delivery")
	k.AddPhase(4, "Exploitation")
	k.AddPhase(5, "Installation")
	k.AddPhase(6, "Command and Control")
	k.AddPhase(7, "Actions on Objectives")
	t.AddKillChains(k)

	// Get ID values from kill chain
	chainId := k.Id
	phase3Id := k.KillChainPhase[2].PhaseId

	i1.AddKillChainPhaseAndChain(phase3Id, chainId)

	s.AddTTPs(t)

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))
}
func (this *ServerType) createIndicatorsJSON(collectionName string) string {

	// Need to pass in the collection name they have requested
	// then go to the database and the get the fields that are needed
	// to populate the correct STIX message.
	// I need a table in the database add the source data and other things to the collections table
	// Create a new table for holding the indicators / observables.
	s := stix.New()
	i1 := s.NewIndicator()
	i1.SetTimestampToNow()

	if collectionName == "ip-watch-list" || collectionName == "url-watch-list" {
		list := []string{
			"176.119.3.108",
			"178.207.85.119",
			"178.63.174.153",
			"188.241.140.212",
			"14.138.73.47",
			"131.72.138.45",
			"62.84.51.39",
			"62.109.23.246",
			"5.101.113.169",
			"213.231.8.30",
			"208.43.25.52",
			"112.208.6.209",
			"115.239.248.87",
			"117.216.190.71",
			"131.72.139.233",
			"129.194.97.21",
			"162.244.35.229",
			"178.219.10.23",
			"184.154.124.203",
			"184.154.146.100",
			"184.154.146.101",
		}
		i1.AddTitle("Malicious IP Addresses")
		i1.AddType("IP Watchlist")
		observable_i1 := i1.NewObservable()
		properties_1 := observable_i1.GetObjectProperties()

		properties_1.AddType("IP Address")

		for _, value := range list {
			properties_1.AddEqualsUriValue(value)
		}

	} else if collectionName == "et-compromised-ips" {

		source1 := stix.CreateInformationSource()
		source1.AddDescriptionText("The Test.FreeTAXII.com Server")
		source1.SetProducedTimeToNow()
		source1.AddReference("http://test.freetaxii.com")

		identity1 := stix.CreateIdentity()
		identity1.AddName("FreeTAXII")
		source1.AddIdentity(identity1)

		contribSource1 := stix.CreateInformationSource()
		identity2 := stix.CreateIdentity()
		identity2.AddName("Emerging Threats Compromised IPs")
		contribSource1.AddIdentity(identity2)
		contribSource1.AddReference("http://rules.emergingthreats.net/blockrules/compromised-ips.txt")

		source1.AddContributingSource(contribSource1)
		i1.AddProducer(source1)

		resp, _ := http.Get("http://rules.emergingthreats.net/blockrules/compromised-ips.txt")
		defer resp.Body.Close()
		rawhtmlbody, _ := ioutil.ReadAll(resp.Body)

		s := string(rawhtmlbody)
		s = strings.TrimSpace(s)
		body := strings.Split(s, "\n")

		i1.AddTitle("Compromised IP Addresses")
		i1.AddType("IP Watchlist")
		observable_i1 := i1.NewObservable()
		properties_1 := observable_i1.GetObjectProperties()

		properties_1.AddType("IP Address")

		for _, value := range body {
			properties_1.AddEqualsUriValue(value)
		}
	}

	var data []byte
	// if this.SysConfig.Poll.output == true {
	data, _ = json.MarshalIndent(s, "", "    ")
	// } else {
	// 	data, _ = json.Marshal(s)
	// }

	return string(data)
}
Example #8
0
func main() {

	s := stix.New()
	i1 := s.NewIndicator()

	s.SetTimestampToNow()

	i1.AddIdRef("companyfoo:indicator-1234-1234-1234-1234")
	i1.AddVersion("2.0")
	i1.SetTimestampToNow()
	i1.SetNegate(false)
	i1.AddTitle("Some really neat indicator that we found")
	i1.AddType("URL Watchlist")
	i1.AddAlternativeID("CV-2014-12-12345")
	i1.AddAlternativeID("CV-2015-02-54321")
	i1.AddDescriptionText("", "Some long description")
	i1.AddShortDescriptionText("", "Some shorter description")
	i1.AddValidTimePosition("2015-01-01T00:00:00-0700", "2015-02-02T23:59:59-0700")
	i1.AddValidTimePosition("2014-01-01T00:00:00-0700", "2014-02-02T23:59:59-0700")

	source1 := stix.CreateInformationSource()
	source1.AddDescription("Some details about this source")
	source1.AddStartTime("2015-01-01T11:12:13-0700")
	source1.AddEndTime("2015-01-05T11:12:13-0700")
	source1.AddProducedTime("2015-01-05T11:12:13-0700")
	source1.AddReceivedTime("2015-01-05T11:12:13-0700")
	source1.AddRoleDetail("MyRoleVocab-1.0", "http://example.com/MyRoleVocab-1.0.txt", "CIO")

	identity1 := stix.CreateIdentity()
	identity1.CreateId()
	identity1.AddIdRef("companyfoo:identity-1234-1234-1234-1234")
	identity1.AddName("Lego Guy 1")
	source1.AddIdentity(identity1)

	// Create contributing source 1
	contribSource1 := stix.CreateInformationSource()
	contribSource1.AddDescription("Special source 1")
	identity2 := stix.CreateIdentity()
	identity2.AddName("George the Lego Guy")
	contribSource1.AddIdentity(identity2)

	// Create contributing source 2
	contribSource2 := stix.CreateInformationSource()
	contribSource2.AddDescription("Special source 2")
	identity3 := stix.CreateIdentity()
	identity3.AddName("Fred the Lego Guy")
	contribSource2.AddIdentity(identity3)

	source1.AddContributingSource(contribSource1)
	source1.AddContributingSource(contribSource2)

	source1.AddReference("http://foo.com/foo.txt")
	source1.AddReference("http://bar.com/bar.txt")

	con1 := stix.CreateConfidence()
	con1.CreateTimeStamp()
	con1.AddTimeStampPrecision("0.0")
	con1.AddValueDetail("MyConfidenceVocab-1.0", "http://example.com/MyConfidenceVocab-1.0.txt", "Super Sure")
	con1.AddDescription("We are super sure about this one")
	con1.AddSource(source1)

	con2 := stix.CreateConfidence()
	con2.CreateTimeStamp()
	con2.AddTimeStampPrecision("0.0")
	con2.AddValueDetail("MyConfidenceVocab-1.0", "http://example.com/MyConfidenceVocab-1.0.txt", "Super Sure")
	con2.AddDescription("These people are more sure")
	con2.AddSource(source1)
	con1.AddConfidenceAssertion(con2)
	i1.AddConfidence(con1)

	i1.AddProducer(source1)

	i2 := s.NewIndicator()
	i2.SetNegate(true)

	// fmt.Println(s.STIXPackage.Id)
	// fmt.Println(s.STIXPackage.Indicators[0].Title)
	// fmt.Println(s.STIXPackage.Indicators[0].Type[0].Value)
	// fmt.Println(s.STIXPackage.Indicators[0].Producer.Identity.Name)
	//fmt.Println(i)

	var data []byte
	data, _ = json.MarshalIndent(s, "", "    ")

	fmt.Println(string(data))

}