API providing a limited CRUD for manipulating OpenIOC formatted Indicators of Compromise.
Project description
ioc_writer
===============================================================================
The source code in this package is made available under the terms of the
Apache License , Version 2.0. See the "LICENSE " file for more information.
===============================================================================
Author:
William Gibb
william.gibb at fireeye dot com
===============================================================================
Purpose:
Provide a python library that allows for basic creation and editing of OpenIOC
objects. It supports a basic CRUD (Create, Read, Update, Delete) for various
items:
item Create Read Update Delete
IOC name Yes No Yes Yes
IOC description Yes No Yes Yes
created date Yes No Yes N/A
last modified date Yes No Yes N/A
published date Yes No Yes N/A
link metadata Yes No Yes Yes
IndicatorItem nodes Yes No NotYet Yes
Indicator nodes Yes No NotYet Yes
Parameters Yes No Yes Yes
Items do not have built in Read operations, since all items can be accesed
with built in ElementTree syntax or the use of XPATH to select portions
of the IOC.
No decision has been made about whether or not to support changing of
existing Indicator/IndicatorItem nodes.
See the Docs in the Docs\ directory, and the examples directory for examples of
working with the library. The user code should only be calling functionality
provided in ioc_api or ioc_common.
===============================================================================
Requirements:
The python "lxml" library must be installed. This can be obtained from one of
following locations.
https://pypi.python.org/pypi/lxml/3.2.1
http://lxml.de/
============================================================================
Installation:
See the file named "INSTALL" for instructions on installing this library
locally.
============================================================================
Manifest:
README
this file
INSTALL
instructions for installing the library
setup.py
installation script
ioc_writer/
actual library containing the code to build & manipulate the iocs
docs/
Generated HTML documentation for the ioc_writer library
examples/
Example code
examples/11_to_10_downgrade
Script to downgrade OpenIOC 1.1 to OpenIOC 1.1.
examples/openioc_to_yara
Scripts that support encapsulating YARA signatures in OpenIOC 1.1 format.
examples/simple_ioc_writer
Script that consumes a csv of data to build an IOC. this csv contains the
content, context, et cetera. An example CSV is provided.
===============================================================================
Bug reports / questions / feedback / feature requests:
william.gibb at fireeye dot com
===============================================================================
The source code in this package is made available under the terms of the
Apache License , Version 2.0. See the "LICENSE " file for more information.
===============================================================================
Author:
William Gibb
william.gibb at fireeye dot com
===============================================================================
Purpose:
Provide a python library that allows for basic creation and editing of OpenIOC
objects. It supports a basic CRUD (Create, Read, Update, Delete) for various
items:
item Create Read Update Delete
IOC name Yes No Yes Yes
IOC description Yes No Yes Yes
created date Yes No Yes N/A
last modified date Yes No Yes N/A
published date Yes No Yes N/A
link metadata Yes No Yes Yes
IndicatorItem nodes Yes No NotYet Yes
Indicator nodes Yes No NotYet Yes
Parameters Yes No Yes Yes
Items do not have built in Read operations, since all items can be accesed
with built in ElementTree syntax or the use of XPATH to select portions
of the IOC.
No decision has been made about whether or not to support changing of
existing Indicator/IndicatorItem nodes.
See the Docs in the Docs\ directory, and the examples directory for examples of
working with the library. The user code should only be calling functionality
provided in ioc_api or ioc_common.
===============================================================================
Requirements:
The python "lxml" library must be installed. This can be obtained from one of
following locations.
https://pypi.python.org/pypi/lxml/3.2.1
http://lxml.de/
============================================================================
Installation:
See the file named "INSTALL" for instructions on installing this library
locally.
============================================================================
Manifest:
README
this file
INSTALL
instructions for installing the library
setup.py
installation script
ioc_writer/
actual library containing the code to build & manipulate the iocs
docs/
Generated HTML documentation for the ioc_writer library
examples/
Example code
examples/11_to_10_downgrade
Script to downgrade OpenIOC 1.1 to OpenIOC 1.1.
examples/openioc_to_yara
Scripts that support encapsulating YARA signatures in OpenIOC 1.1 format.
examples/simple_ioc_writer
Script that consumes a csv of data to build an IOC. this csv contains the
content, context, et cetera. An example CSV is provided.
===============================================================================
Bug reports / questions / feedback / feature requests:
william.gibb at fireeye dot com
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ioc_writer-0.2.2.zip
(21.4 kB
view hashes)
Built Distributions
ioc_writer-0.2.2-py3.4.egg
(35.6 kB
view hashes)
ioc_writer-0.2.2-py2.7.egg
(35.2 kB
view hashes)
