-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy pathmaec_4.0.1_to_4.1.py
More file actions
executable file
·88 lines (76 loc) · 3.21 KB
/
maec_4.0.1_to_4.1.py
File metadata and controls
executable file
·88 lines (76 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# MAEC 4.0.1 to MAEC 4.1 Converter Script
# Translates a MAEC 4.0.1 Package or Bundle into a valid MAEC 4.1 Package or Bundle
import sys
import os
import shutil
import argparse
import maec
from maec.bundle.bundle import Bundle
from maec.package.package import Package
# Update the MAEC v4.0.1 file to MAEC v4.1
def update_maec(infilename, outfilename):
# Parse the input document using the parse_xml_instance() method
maec_objects = maec.parse_xml_instance(infilename, check_version = False)
# Get the API Object from the parsed input
api_object = maec_objects['api']
# Determine if we're dealing with a Package or Bundle
if isinstance(api_object, Package):
# Update the Package schema_version
api_object.schema_version = "2.1"
for malware_subject in api_object.malware_subjects:
for analysis in malware_subject.analyses:
# Replace the Analysis type value of "manual" with "in-depth"
if analysis.type and analysis.type == "manual":
analysis.type = "in-depth"
# Update the schema_versions on the Bundles
for bundle in malware_subject.findings_bundles.bundles:
bundle.schema_version = "4.1"
elif isinstance(api_object, Bundle):
# Update the Bundle schema_version
api_object.schema_version = "4.1"
# Output the updated MAEC object to XML
api_object.to_xml_file(outfilename)
# Print the usage text
def usage():
print USAGE_TEXT
sys.exit(1)
USAGE_TEXT = """
MAEC 4.0.1 --> MAEC 4.1 XML Converter Utility
Usage: python maec_4.0.1_to_4.1.py -i <input maec 4.0.1 xml file> -o <output maec 4.1 xml file>
"""
def main():
# Setup the argument parser
parser = argparse.ArgumentParser(
description='MAEC 4.0.1 --> MAEC 4.1 XML Converter Utility'
)
mutex_group = parser.add_mutually_exclusive_group(required=True)
required_name = parser.add_argument_group('required arguments')
mutex_group.add_argument(
'--input', '-i',
help='input maec 4.0.1 xml file'
)
mutex_group.add_argument(
'--directory', '-d',
help='directory containing maec 4.0.1 xml files to convert to 4.1 xml files'
)
required_name.add_argument(
'--output', '-o', required=True,
help='output maec 4.1 xml file'
)
args = parser.parse_args()
if args.directory:
for filename in os.listdir(args.directory):
print filename
if '.xml' not in filename:
pass
elif '_report.maec-4.0.1' not in filename:
update_maec(os.path.join(args.directory, filename), filename.rstrip('.xml') + '_cuckoobox_maec.xml')
else:
new_filepath = os.path.join(args.directory, filename.replace('_report.maec-4.0.1', ''))
shutil.move(os.path.join(args.directory, filename), new_filepath)
update_maec(new_filepath, new_filepath.rstrip('.xml') + '_cuckoobox_maec.xml')
# Basic parameter checking
elif args.input and args.output:
update_maec(args.input, args.output)
if __name__ == "__main__":
main()