iodeflib

A Python library to create, parse and edit IODEF incident reports
Download

iodeflib Ranking & Summary

Advertisement

  • Rating:
  • License:
  • BSD License
  • Price:
  • FREE
  • Publisher Name:
  • Philippe Lagadec
  • Publisher web site:
  • http://www.decalage.info/

iodeflib Tags


iodeflib Description

iodeflib is a Python library designed to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070).On the one hand, IODEF is a very rich, flexible and extensible XML format to describe cyber incidents. On the other hand, it can be quite complex to use in practice, because it is difficult to parse IODEF content due to its rich features and deeply nested structure.iodeflib is an attempt to provide a simple API to ease the development of IODEF-aware scripts and applications.iodeflib is different from the iodef python package published on PyPI and Sourceforge. In fact I created iodeflib because I was quite disappointed by the complexity of the iodef package. iodef was generated automatically from the IODEF XML schema using GenerateDS, which indeed exposes the complexity of the IODEF schema.In contrast, iodeflib was carefully designed in order to keep the python interface as simple as possible, hiding some unnecessarily nested structures of the IODEF schema, and adding more convenient shortcuts. Iodeflib is also designed to be extensible.UsageThe following sample scripts are provided in the iodeflib package, in the examples subfolder.How to parse IODEF data import iodeflib # open XML file and parse IODEF: iodef = iodeflib.parse_file('iodef.xml') # print some attributes for each incident: for incident in iodef.incidents: print 'Incident %s from %s - impact type: %s' % (incident.id, incident.id_name, incident.get_first_impact().type) for desc in incident.descriptions: print desc print 'Sources:' for system in incident.get_sources(): print system.get_addresses() print 'Targets:' for system in incident.get_targets(): print system.get_addresses() print ''How to create IODEF data import iodeflib # create a new IODEF document: iodef = iodeflib.IODEF_Document() # create a new incident: incident1 = iodeflib.Incident(id='1234', id_name='CSIRT-X', report_time='2011-09-13T11:01:00+00:00', start_time='2011-09-13T10:19:24+00:00') # add description: incident1.descriptions = # add sources and targets: incident1.add_system(category='source', address='192.168.1.2') incident1.add_system(category='target', address='192.168.3.7', name='XYZ') # add impact assessment: incident1.add_impact(description='DoS on system XYZ', type='dos', severity='medium', completion='succeeded', occurence='actual', restriction='need-to-know') iodef.incidents.append(incident1) # serialize IODEF to XML, print it and save it to a file: print iodef open('iodef2.xml', 'w').write(str(iodef))How to edit IODEF data # open XML file and parse IODEF: iodef = iodeflib.parse_file('iodef2.xml') # get incident, add end time and history item: incident1 = iodef.incidents histitem = iodeflib.HistoryItem(descriptions=, datetime='2011-09-13T13:47:12+00:00') incident1.history.append(histitem) incident1.end_time='2011-09-13T13:47:12+00:00' incident1.report_time='2011-09-13T13:52:00+00:00' # save IODEF back to an XML file: print iodef open('iodef2_updated.xml', 'w').write(str(iodef))More info on the APISee iodeflib.html in the iodeflib folder, or check the docstrings in the source code.Product's homepage


iodeflib Related Software

About SoftwareSea