Example 1 with STIXPackage
use of org.mitre.stix.stix_1.STIXPackage in project metron by apache.
the class StixExtractor method extract.
@Override
public Iterable<LookupKV> extract(String line) throws IOException {
STIXPackage stixPackage = STIXPackage.fromXMLString(line.replaceAll("\"Equal\"", "\"Equals\""));
List<LookupKV> ret = new ArrayList<>();
for (Observable o : getObservables(stixPackage)) {
ObjectType obj = o.getObject();
if (obj != null) {
ObjectPropertiesType props = obj.getProperties();
if (props != null) {
ObjectTypeHandler handler = ObjectTypeHandlers.getHandlerByInstance(props);
if (handler != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("Found {} for properties {}", handler.getTypeClass().getCanonicalName(), props.toXMLString());
}
Iterable<LookupKV> extractions = handler.extract(props, config);
for (LookupKV extraction : extractions) {
ret.add(extraction);
}
} else if (LOG.isDebugEnabled()) {
LOG.debug("Did not find a handler for properties {} of type {}", props.toXMLString(), props.getClass());
}
}
}
}
return ret;
}
Also used :
STIXPackage(org.mitre.stix.stix_1.STIXPackage)
ObjectType(org.mitre.cybox.cybox_2.ObjectType)
ObjectTypeHandler(org.apache.metron.dataloads.extractor.stix.types.ObjectTypeHandler)
LookupKV(org.apache.metron.enrichment.lookup.LookupKV)
ArrayList(java.util.ArrayList)
Observable(org.mitre.cybox.cybox_2.Observable)
Aggregations
ArrayList (java.util.ArrayList)1
ObjectTypeHandler (org.apache.metron.dataloads.extractor.stix.types.ObjectTypeHandler)1
LookupKV (org.apache.metron.enrichment.lookup.LookupKV)1
ObjectType (org.mitre.cybox.cybox_2.ObjectType)1
Observable (org.mitre.cybox.cybox_2.Observable)1
STIXPackage (org.mitre.stix.stix_1.STIXPackage)1
