maecproject / threatexpert-to-maec Goto Github PK
View Code? Open in Web Editor NEWGenerate MAEC XML from ThreatExpert XML output
License: BSD 3-Clause "New" or "Revised" License
Generate MAEC XML from ThreatExpert XML output
License: BSD 3-Clause "New" or "Revised" License
We should update the script to use the Python argparse library for parsing of command line arguments.
We should add the options used in the execution of the script (e.g. deduplication, dereferencing, etc.) as an XML comment at the top of the MAEC output document.
Based on the latest python-maec updates, we'll need to update the following places to use "id_" instead of "id":
https://github.com/MAECProject/threatexpert-to-maec/blob/master/threatexpert_parser.py#L133
We should the option to natively deduplicate the output MAEC Package, probably disabled by default?
An attempt to install the latest package using setup.py generates the error "IOError: [Errno 2] No such file or directory: 'README'". This is because the README file is missing from the distribution. Instead there is a README.rst file.
To retain compatibility with the recent python-maec changes, we need to update the namespace declaration for the TE -> MAEC script so that it follows the syntax of (alias,namespace) rather than (namespace,alias).
In looking through the generated output the various uses of URIObj, it appears that the type of the URIObj is not set. Might I suggest that the context in which occurs could be used to determine the type, where if it can't be determined the behavior is as it is today. For example, if URIObj is being generated as a result of an action such as 'connect to url', the URIObj type should be able to be set to 'URL' where as in the case of an action 'get host by name' its not as clear what the value is.
Another possibility would be to test if the value is a URL of some kind. Perhaps something like rfc3987.parse( value ) without validation rules and then checking to see if there is a scheme provided would provide sufficient hints.
The module's generate_package_from_binary_filepath
method should support an option to automatically submit the binary to ThreatExpert when it does not exist in ThreatExpert's records.
Unfortunately, there doesn't seem to be a way to use that submission result immediately, because submissions are processed asynchronously. (We could poll to see if it's done yet, but that forces repeated pings against the service, and processing could take a long time.) Even so, this option would still be useful as an auto-submit feature.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.