panstix.packaging

This module contains the main entry points for the library.

panstix.packaging.get_maec_package_from_wfreport(**kwargs)

Generate a MAEC package from a Wildfire report.

The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.

Parameters:
  • hash (str) – Hash of the sample.
  • tag (str) – pan-python tag used to retrieve the report.
  • report (str or file) – filename of the Wildfire report or a file object.
  • pcap (str) – filename of the pcap file to include or ‘network’ to retrive the pcap using Wildfire API via tag. If None pcap is not included in the resulting package.
  • evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns:

A MAEC Package object with Wildfire report contents.

Return type:

maec.package.package.Package

panstix.packaging.get_stix_il_package_from_wfreport(**kwargs)

Generate a STIX package with a list of STIX Indicators extracted from a Wildfire report.

The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.

Parameters:
  • hash (str) – Hash of the sample.
  • tag (str) – pan-python tag used to retrieve the report.
  • report (str or file) – filename of the Wildfire report or a file object.
  • evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns:

A STIX Package object with the list of Indicators extracted from the Wildfire report.

Return type:

stix.core.STIXPackage

panstix.packaging.get_stix_ol_package_from_wfreport(**kwargs)

Generate a STIX package with a list of CybOX Observables extracted from a Wildfire report.

The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.

Parameters:
  • hash (str) – Hash of the sample.
  • tag (str) – pan-python tag used to retrieve the report.
  • report (str or file) – filename of the Wildfire report or a file object.
  • evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns:

A STIX Package object with the list of Observables extracted from the Wildfire report.

Return type:

stix.core.STIXPackage

panstix.packaging.get_stix_package_from_wfreport(**kwargs)

Generate a STIX package from a Wildfire report.

The Wildfire report is retrieved using Wildfire API if hash and tag keyword arguments are specified, or read from a file passed via report keyword argument. report can be a filename or a file object.

Parameters:
  • hash (str) – Hash of the sample.
  • tag (str) – pan-python tag used to retrieve the report.
  • report (str or file) – filename of the Wildfire report or a file object.
  • pcap (str) – filename of the pcap file to include or ‘network’ to retrive the pcap using Wildfire API via tag. If None pcap is not included in the resulting package.
  • sample (str) – filename of the sample file to include or ‘network’ to retrive the sample using Wildfire API via tag. If None sample is not included in the resulting package.
  • evidence (float) – can be used to retrieve only indicators associated to malicious behaviors with a score higher than this threshold
Returns:

A STIX Package object with Wildfire report contents.

Return type:

stix.core.Package