panstix.packaging¶
This module contains the main entry points for the library.
-
panstix.packaging.
get_maec_package_from_wfreport
(**kwargs)¶ Generate a MAEC package from a Wildfire report.
The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.
Parameters: - hash (str) – Hash of the sample.
- tag (str) – pan-python tag used to retrieve the report.
- report (str or file) – filename of the Wildfire report or a file object.
- pcap (str) – filename of the pcap file to include or ‘network’ to retrive the pcap using Wildfire API via tag. If None pcap is not included in the resulting package.
- evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns: A MAEC Package object with Wildfire report contents.
Return type: maec.package.package.Package
-
panstix.packaging.
get_stix_il_package_from_wfreport
(**kwargs)¶ Generate a STIX package with a list of STIX Indicators extracted from a Wildfire report.
The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.
Parameters: - hash (str) – Hash of the sample.
- tag (str) – pan-python tag used to retrieve the report.
- report (str or file) – filename of the Wildfire report or a file object.
- evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns: A STIX Package object with the list of Indicators extracted from the Wildfire report.
Return type: stix.core.STIXPackage
-
panstix.packaging.
get_stix_ol_package_from_wfreport
(**kwargs)¶ Generate a STIX package with a list of CybOX Observables extracted from a Wildfire report.
The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.
Parameters: - hash (str) – Hash of the sample.
- tag (str) – pan-python tag used to retrieve the report.
- report (str or file) – filename of the Wildfire report or a file object.
- evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns: A STIX Package object with the list of Observables extracted from the Wildfire report.
Return type: stix.core.STIXPackage
-
panstix.packaging.
get_stix_package_from_wfreport
(**kwargs)¶ Generate a STIX package from a Wildfire report.
The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.
Parameters: - hash (str) – Hash of the sample.
- tag (str) – pan-python tag used to retrieve the report.
- report (str or file) – filename of the Wildfire report or a file object.
- pcap (str) – filename of the pcap file to include or ‘network’ to retrive the pcap using Wildfire API via tag. If None pcap is not included in the resulting package.
- sample (str) – filename of the sample file to include or ‘network’ to retrive the sample using Wildfire API via tag. If None sample is not included in the resulting package.
- evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns: A STIX Package object with Wildfire report contents.
Return type: stix.core.Package