Examples with Observable - org.mitre.cybox.cybox

Example 1 with Observable

use of org.mitre.cybox.cybox_2.Observable in project metron by apache.

the class StixExtractor method extract.

@Override
public Iterable<LookupKV> extract(String line) throws IOException {
    STIXPackage stixPackage = STIXPackage.fromXMLString(line.replaceAll("\"Equal\"", "\"Equals\""));
    List<LookupKV> ret = new ArrayList<>();
    for (Observable o : getObservables(stixPackage)) {
        ObjectType obj = o.getObject();
        if (obj != null) {
            ObjectPropertiesType props = obj.getProperties();
            if (props != null) {
                ObjectTypeHandler handler = ObjectTypeHandlers.getHandlerByInstance(props);
                if (handler != null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Found {} for properties {}", handler.getTypeClass().getCanonicalName(), props.toXMLString());
                    }
                    Iterable<LookupKV> extractions = handler.extract(props, config);
                    for (LookupKV extraction : extractions) {
                        ret.add(extraction);
                    }
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("Did not find a handler for properties {} of type {}", props.toXMLString(), props.getClass());
                }
            }
        }
    }
    return ret;
}

Also used : STIXPackage(org.mitre.stix.stix_1.STIXPackage) ObjectType(org.mitre.cybox.cybox_2.ObjectType) ObjectTypeHandler(org.apache.metron.dataloads.extractor.stix.types.ObjectTypeHandler) LookupKV(org.apache.metron.enrichment.lookup.LookupKV) ArrayList(java.util.ArrayList) Observable(org.mitre.cybox.cybox_2.Observable)

Example 2 with Observable

use of org.mitre.cybox.cybox_2.Observable in project metron by apache.

the class StixExtractor method getObservables.

public List<Observable> getObservables(STIXPackage stixPackage) {
    List<Observable> ret = new ArrayList<>();
    Observables observables = stixPackage.getObservables();
    if (observables != null) {
        for (Observable o : observables.getObservables()) {
            ret.add(o);
        }
    }
    if (stixPackage.getIndicators() != null) {
        if (stixPackage.getIndicators().getIndicators() != null) {
            List<IndicatorBaseType> indicators = stixPackage.getIndicators().getIndicators();
            int indicatorCount = indicators.size();
            for (int i = 0; i < indicatorCount; i++) {
                Indicator indicator = (Indicator) indicators.get(i);
                if (indicator.getObservable() != null) {
                    ret.add(indicator.getObservable());
                }
            }
        }
    }
    return ret;
}

Also used : ArrayList(java.util.ArrayList) Observables(org.mitre.cybox.cybox_2.Observables) IndicatorBaseType(org.mitre.stix.common_1.IndicatorBaseType) Observable(org.mitre.cybox.cybox_2.Observable) Indicator(org.mitre.stix.indicator_2.Indicator)

Aggregations

ArrayList (java.util.ArrayList)2 Observable (org.mitre.cybox.cybox_2.Observable)2 ObjectTypeHandler (org.apache.metron.dataloads.extractor.stix.types.ObjectTypeHandler)1 LookupKV (org.apache.metron.enrichment.lookup.LookupKV)1 ObjectType (org.mitre.cybox.cybox_2.ObjectType)1 Observables (org.mitre.cybox.cybox_2.Observables)1 IndicatorBaseType (org.mitre.stix.common_1.IndicatorBaseType)1 Indicator (org.mitre.stix.indicator_2.Indicator)1 STIXPackage (org.mitre.stix.stix_1.STIXPackage)1