Skip to content
This repository has been archived by the owner on Sep 10, 2021. It is now read-only.

fhightower-tc/old-tcex-utility

BranchesTags

Repository files navigation

Democritus

Utility functions for TCEX.

Overview

This package is an abstraction on the TCEX package. There are two, major types of items in this package:

  1. Elements - Basic functions that perform a single operation.
  2. Molecules - Functions that perform multiple operations often using multiple elements.

Installation

git clone https://gitlab.com/fhightower-tc/democritus.git
cd democritus
pip3 install . --user

Usage

To use an element:

from democritus import Elements
e = Elements(<OWNER_NAME>)

To use a molecule:

from democritus import Molecules
m = Molecules(<OWNER_NAME>)

Examples

Creating Content from Symbolic Structure

This example will create the following objects 10 times:

A signature, document, incident, and file. The signature will be associated with the document and the incident. The document will be associated with the incident and the file. The incident will be associated with the file.

from democritus import Molecules
m = Molecules('testing-lab')
m.create_from_symbolic_pattern('sig=doc=inc-file', 10)
m.process()

Get Indicators by Type

from democritus import Elements
e = Elements('testing-lab')
a = e.get_items_by_type('Address')
print(len(a))

Get Items with a Given Attribute

from democritus import Molecules
m = Molecules('testing-lab')
a = m.get_items_by_attribute({"type": "Description", "value": "this is just a test"}, 'Address')

Add Attribute to Items with a Given Attribute

from democritus import Molecules
m = Molecules('testing-lab')
a = m.add_attributes_to_items_by_attribute([{"type": "Description", "value": "New attribute"}], 'Address', {"type": "Description", "value": "this is just a test"})

Add Attributes to Items with a Given Tag

from democritus import Molecules
m = Molecules('testing-lab')
a = m.add_attributes_to_items_by_tag([{"type": "Description", "value": "this is just a test"}], 'Address', 'Test Tag')

Associate Two Lists of Items

from democritus.molecules import Molecules
m = Molecules('testing-lab')
inds = m.get_items_by_type('incident')
len(inds) # 10
sigs = m.get_items_by_type('signature')
len(sigs) # 10
m.create_associations_between_two_lists(inds, sigs)

Create Items from a Symbolic Pattern

from democritus.elements import Molecules
m = Molecules('testing-lab')
m.add_default_metadata('Signature', {
    'attributes': [{
        'type': 'Rule Confidence',
        'value': 'High'
    }, {
        'type': 'Rule Priority',
        'value': 'Medium'
    }]
})
m.create_from_symbolic_pattern('doc=inc=file-sig', 10)
m.process()

For more examples, refer to the tests/ directory.

Developer's Documentation

Adding New Indicator Type

  • Add entry for new indicator type to utility.py:ITEM_TYPE_TO_API_BRANCH
  • Add entry for new indicator type to utility.py:INDICATOR_TYPE_TO_ID_KEY

Credits

This package was created with Cookiecutter and fhightower's Python project template.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages