Skip to content

rossgibb/ioc_writer

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ioc_writer

===============================================================================

The source code in this package is made available under the terms of the
Apache License , Version 2.0. See the "LICENSE " file for more information.

===============================================================================
Author:
William Gibb
william.gibb at mandiant dot com

===============================================================================
Purpose:

Provide a python library that allows for basic creation and editing of OpenIOC
objects.  It supports a basic CRUD (Create, Read, Update, Delete) for various
items:

    item                Create  Read    Update  Delete
    IOC name            Yes     No      Yes     Yes
    IOC description     Yes     No      Yes     Yes
    created date        Yes     No      Yes     N/A
    last modified date  Yes     No      Yes     N/A
    published date      Yes     No      Yes     N/A
    link metadata       Yes     No      Yes     Yes
    IndicatorItem nodes Yes     No      NotYet  Yes
    Indicator nodes     Yes     No      NotYet  Yes
    Parameters          Yes     No      Yes     Yes

Items do not have built in Read operations, since all items can be accesed
with built in ElementTree syntax or the use of XPATH to select portions
of the IOC.
    
No decision has been made about whether or not to support changing of
existing Indicator/IndicatorItem nodes.

See the Docs in the Docs\ directory, and the examples directory for examples of
working with the library.  The user code should only be calling functionality
provided in ioc_api or ioc_common.

===============================================================================
Requirements:

The python "lxml" library must be installed.  This can be obtained from one of
following locations.
    https://pypi.python.org/pypi/lxml/3.2.1
    http://lxml.de/
    
============================================================================
Installation:
See the file named "INSTALL" for instructions on installing this library 
locally.
    
============================================================================
Manifest:

README
	this file
INSTALL
	instructions for installing the library
setup.py
	installation script

ioc_writer/
	actual library containing the code to build & manipulate the iocs

docs/
	Generated HTML documentation for the ioc_writer library

examples/
	Example code
examples/11_to_10_downgrade
	Script to downgrade OpenIOC 1.1 to OpenIOC 1.1.
examples/openioc_to_yara
	Scripts that support encapsulating YARA signatures in OpenIOC 1.1 format.
examples/simple_ioc_writer
	Script that consumes a csv of data to build an IOC.  this csv contains the 
	content, context, et cetera. An example CSV is provided.  
  
===============================================================================
Bug reports / questions / feedback / feature requests:
william.gibb at mandiant dot com

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%