This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from py2neo import Graph, Node, Relationship | |
class NodeCreator: | |
def __init__(self): | |
''' | |
Start off my creating the graph connection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from core.modules import NodeCreator, RelationshipMaker | |
from py2neo import Graph | |
class EmailTC(NodeCreator): | |
def __init__(self): | |
NodeCreator.__init__(self) | |
self.Node_Label = 'Email' | |
self.Plugin_name = 'ThreatCrowd' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def add_domain_lookup(domain): | |
# Add the nodes | |
domain_maker = modules.DomainTC() | |
hash_maker = modules.Hashes_TC() | |
email = modules.EmailTC() | |
sub_domain = modules.Sub_DomainTC() | |
ip_address = modules.IP_addressTC() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from threatcrowd import utils as tc_utils | |
import argparse | |
def main(): | |
parser = argparse.ArgumentParser(description='Tool to take data and insert it into graphdatabase') | |
parser.add_argument('-d', '--domain', help="Domains to look up", default=None) | |
parser.add_argument('-e', '--email',help='Emails to look up', default=None) | |
parser.add_argument('-hx', '--hash', help='Hashes to look up', default=None) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"logs": { | |
"logs_collected": { | |
"windows_events": { | |
"collect_list": [ | |
{ | |
"event_format": "xml", | |
"event_levels": [ | |
"INFORMATION", | |
"WARNING", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{'source_id': 'vcdb', 'timeline': {'incident': {'year': 1950}}, 'victim': {'government': ['Unknown'], 'country': ['Unknown'], 'employee_count': 'Unknown', 'industry': '0000'}, 'action': {'hacking': {'variety': ['Unknown'], 'vector': ['Unknown']}}, 'actor': {'unknown': {'notes': 'unknown'}}, 'asset': {'assets': [{'variety': 'Unknown'}], 'cloud': ['Unknown'], 'role': ['Unknown']}, 'attribute': {'confidentiality': {'data_disclosure': 'Unknown'}}, 'discovery_method': {'unknown': True}, 'plus': {'modified': '2021-08-26T23:08:42.848Z', 'created': '2021-08-26T23:08:34.240Z', 'master_id': '2edf026a-efa0-4654-a2e5-7801c42a0f52', 'analysis_status': 'Ineligible', 'dbir_year': 2022}, 'incident_id': 'bb825e60-06a0-11ec-9aa9-1b076e2ceec4', 'security_incident': 'Confirmed', 'targeted': 'Unknown', 'schema_version': '1.3.5'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "2edf026a-efa0-4654-a2e5-7801c42a0f52", "analysis_status": "Ineligible", "dbir_year": 2022}, "incident_id": "bb825e60-06a0-11ec-9aa9-1b076e2ceec4", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "44683489-7ff7-40b4-9824-6de44d7909c6", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder"}, "incident_id": "d2e57426-5558-49a3-ba2d-d3eb0c0639b5", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "fbe0fd98-65ee-418e-83d2-a2ed2f934fd0", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder"}, "incident_id": "cce81d06-0c2f-4aab-b358-307db5f471d5", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"source_id": "vcdb", "timeline": {"incident": {"year": 1950}}, "victim": {"government": ["Unknown"], "country": ["Unknown"], "employee_count": "Unknown", "industry": "0000"}, "action": {"hacking": {"variety": ["Unknown"], "vector": ["Unknown"]}}, "actor": {"unknown": {"notes": "unknown"}}, "asset": {"assets": [{"variety": "Unknown"}], "cloud": ["Unknown"], "role": ["Unknown"]}, "attribute": {"confidentiality": {"data_disclosure": "Unknown"}}, "discovery_method": {"unknown": true}, "plus": {"modified": "2021-08-26T23:08:42.848Z", "created": "2021-08-26T23:08:34.240Z", "master_id": "9e090f7d-7536-4888-98df-2a96262ce26e", "analysis_status": "Ineligible", "dbir_year": 2022, "analyst": "autoencoder", "github": 4}, "incident_id": "034c39bb-816f-4a93-a3ef-9c78cb2acfce", "security_incident": "Confirmed", "targeted": "Unknown", "schema_version": "1.3.5", "summary": "Despite an alert from NYS DFS, some insurance companies with \u201cinstant quote\u201d portals were victimized - MetroMile, Root Insurance, Hagerty Insur |