How to use the msticpy.sectools.iocextract.IoCType function in msticpy
To help you get started, we’ve selected a few msticpy examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
microsoft / msticpy / msticpy / sectools / tiproviders / ti_provider_base.py View on Github 
def __init__(self, **kwargs):
"""Initialize the provider."""
self._supported_types: Set[IoCType] = set()
self.description: Optional[str] = None
self._supported_types = {
IoCType.parse(ioc_type.split("-")[0]) for ioc_type in self._IOC_QUERIES
}
if IoCType.unknown in self._supported_types:
self._supported_types.remove(IoCType.unknown)
self.require_url_encoding = Falsedef __init__(self, **kwargs):
"""Initialize the provider."""
self._supported_types: Set[IoCType] = set()
self.description: Optional[str] = None
self._supported_types = {
IoCType.parse(ioc_type.split("-")[0]) for ioc_type in self._IOC_QUERIES
}
if IoCType.unknown in self._supported_types:
self._supported_types.remove(IoCType.unknown)
self.require_url_encoding = False"""
Return specific IoCType based on hash length.
Parameters
----------
file_hash : str
File hash string
Returns
-------
IoCType
Specific hash type or unknown.
"""
hashsize_map = {
32: IoCType.md5_hash,
40: IoCType.sha1_hash,
64: IoCType.sha256_hash,
}
hashsize = len(file_hash.strip())
return hashsize_map.get(hashsize, IoCType.unknown)Check that `input_str` matches the regex for the specificed `ioc_type`.
Parameters
----------
input_str : str
the string to test
ioc_type : str
the regex pattern to use
Returns
-------
bool
True if match.
"""
if ioc_type == IoCType.file_hash.name:
val_type = self.file_hash_type(input_str).name
elif ioc_type == IoCType.hostname.name:
val_type = "dns"
else:
val_type = ioc_type
if val_type not in self._content_regex:
raise KeyError(
"Unknown type {}. Valid types are: {}".format(
ioc_type, list(self._content_regex.keys())
)
)
rgx = self._content_regex[val_type]
pattern_match = rgx.comp_regex.fullmatch(input_str)
if val_type == "dns":
return self.dom_val.validate_tld(input_str) and pattern_match
return pattern_match is not Nonedef __init__(self):
"""Intialize new instance of IoCExtract."""
# IP Addresses
self.add_ioc_type(IoCType.ipv4.name, self.IPV4_REGEX, 0, "ipaddress")
self.add_ioc_type(IoCType.ipv6.name, self.IPV6_REGEX, 0)
# Dns Domains
# This also matches IP addresses but IPs have higher
# priority both matching on the same substring will defer
# to the IP regex
self.add_ioc_type(IoCType.dns.name, self.DNS_REGEX, 1)
# Http requests
self.add_ioc_type(IoCType.url.name, self.URL_REGEX, 0)
# File paths
# Windows
self.add_ioc_type(IoCType.windows_path.name, self.WINPATH_REGEX, 2)
self.add_ioc_type(IoCType.linux_path.name, self.LXPATH_REGEX, 2)
# MD5, SHA1, SHA256 hashes
self.add_ioc_type(IoCType.md5_hash.name, self.MD5_REGEX, 1, "hash")
self.add_ioc_type(IoCType.sha1_hash.name, self.SHA1_REGEX, 1, "hash")
self.add_ioc_type(IoCType.sha256_hash.name, self.SHA256_REGEX, 1, "hash")
self.dom_val = DomainValidator()"""
Return parsed IoCType of string.
Parameters
----------
value : str
Enumeration name
Returns
-------
IoCType
IoCType matching name or unknown if no match
"""
try:
ioc_type = IoCType(value.lower())
except ValueError:
ioc_type = IoCType.unknown
return ioc_typeParameters
----------
file_hash : str
File hash string
Returns
-------
IoCType
Specific hash type or unknown.
"""
hashsize_map = {
32: IoCType.md5_hash,
40: IoCType.sha1_hash,
64: IoCType.sha256_hash,
}
hashsize = len(file_hash.strip())
return hashsize_map.get(hashsize, IoCType.unknown)
def __init__(self):
"""Intialize new instance of IoCExtract."""
# IP Addresses
self.add_ioc_type(IoCType.ipv4.name, self.IPV4_REGEX, 0, "ipaddress")
self.add_ioc_type(IoCType.ipv6.name, self.IPV6_REGEX, 0)
# Dns Domains
# This also matches IP addresses but IPs have higher
# priority both matching on the same substring will defer
# to the IP regex
self.add_ioc_type(IoCType.dns.name, self.DNS_REGEX, 1)
# Http requests
self.add_ioc_type(IoCType.url.name, self.URL_REGEX, 0)
# File paths
# Windows
self.add_ioc_type(IoCType.windows_path.name, self.WINPATH_REGEX, 2)
self.add_ioc_type(IoCType.linux_path.name, self.LXPATH_REGEX, 2)"""
Return True if the passed type is supported.
Parameters
----------
ioc_type : Union[str, IoCType]
IoC type name or instance
Returns
-------
bool
True if supported.
"""
if isinstance(ioc_type, str):
ioc_type = IoCType.parse(ioc_type)
return ioc_type.name in self.supported_typesfile_hash : str
File hash string
Returns
-------
IoCType
Specific hash type or unknown.
"""
hashsize_map = {
32: IoCType.md5_hash,
40: IoCType.sha1_hash,
64: IoCType.sha256_hash,
}
hashsize = len(file_hash.strip())
return hashsize_map.get(hashsize, IoCType.unknown)
Popular msticpy functions
- msticpy.analysis.anomalous_sequence.utils.data_structures.Cmd
- msticpy.analysis.anomalous_sequence.utils.data_structures.StateMatrix
- msticpy.common.exceptions.MsticpyException
- msticpy.common.exceptions.MsticpyKqlConnectionError
- msticpy.common.exceptions.MsticpyUserConfigError
- msticpy.common.keyvault_client.MPKeyVaultConfigException
- msticpy.common.pkg_config
- msticpy.common.pkg_config.settings.get
- msticpy.common.provider_settings.get_provider_settings
- msticpy.common.utility.export
- msticpy.common.utility.MsticpyException
- msticpy.data.azure_data.MsticpyAzureException
- msticpy.nbtools.entityschema.Entity
- msticpy.nbtools.entityschema.IpAddress
- msticpy.nbtools.query_defns.DataEnvironment
- msticpy.nbtools.query_defns.DataFamily
- msticpy.sectools.iocextract.IoCType
- msticpy.sectools.tiproviders.ti_provider_base.LookupResult
- msticpy.sectools.tiproviders.ti_provider_base.TISeverity
- msticpy.sectools.tiproviders.ti_provider_base.TISeverity.information