Skip to content

MAECProject/gfi-sandbox-to-maec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

202 Commits
gfi
gfi
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README
README
 
 
__init__.py
__init__.py
 
 
gfi_parser.py
gfi_parser.py
 
 
gfi_sandbox.py
gfi_sandbox.py
 
 
gfisandbox_to_maec.py
gfisandbox_to_maec.py
 
 

Repository files navigation

****************************************************

GFI Sandbox XML -> MAEC XML Converter Script

Copyright (c) 2015 - The MITRE Corporation

****************************************************

BY USING THE GFI SANDBOX TO MAEC SCRIPT, YOU SIGNIFY YOUR ACCEPTANCE OF THE TERMS AND 
CONDITIONS OF USE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SCRIPT.

For more information, please refer to the LICENSE.txt file.

#########################################################################################################

Generates MAEC Output from a GFI Sandbox v4 XML file

Compatible with Malware Attribute Enumeration and Characterization (MAEC™) Schema v4.1 and
Cyber Observable eXpression (CybOX™) 2.1
                                                               
v0.24 - BETA                                                   
Updated 10/13/2014                                             
                                                              
##########################################################################################################

MAEC - https://maecproject.github.io/                        
ThreatTrack (GFI) Sandbox - http://www.threattracksecurity.com/enterprise-security/sandbox-software.aspx    
CybOX - https://cyboxproject.github.io/     

##########################################################################################################

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Included Files

README: this file.
gfisandbox_to_maec.py: the GFI Sandbox XML to MAEC XML Python converter script.
gfi_sandbox.py: the GFI Sandbox Python bindings which the script imports.
gfi_parser.py: the GFI parser class.
\gfi: the GFI parser classes which the script imports.
LICENSE.txt: the terms of use for this script.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Dependencies

This code has been developed and tested under Python 2.7.x and so may not
be compatible with Python 3.x.

There are three dependencies for this script:
1) The Python lxml library  >= v3.2.x, http://lxml.de/
1) The python-maec library  >= v4.1.0.0, https://pypi.python.org/pypi/maec
2) The python-cybox library >= v2.1.0.0, https://pypi.python.org/pypi/cybox

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Usage Notes

The command-line syntax for the script is:
python gfisandbox_to_maec.py <special argument> <gfisandbox file OR directory> 
<maec output file OR directory>

Special arguments are as follows (all are optional):
-v or --verbose : verbose error mode (prints tracebacks of any errors during execution).
-dd or --deduplicate : deduplicate the MAEC output (Objects only).
-n or --normalize : normalize the MAEC output (Objects only).
-dr or --dereference : dereference the MAEC output (Objects only). 

Thus, a sample command-line would look like:

python gfisandbox_to_maec.py -dd -n gfi_out.xml gfi_maec_out.xml

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

About MAEC

Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

The goal of the MAEC (pronounced "mike") effort is to provide a basis for transforming malware research and response. MAEC aims to eliminate the ambiguity and inaccuracy that currently exists in malware descriptions and to reduce reliance on signatures. In this way, MAEC seeks to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. The MAEC Language enables correlation, integration, and automation.

Please visit the MAEC website at https://maecproject.github.io/ for more information about the MAEC Language.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Getting Help

Join the public MAEC Community Email Discussion List at https://maec.mitre.org/community/discussionlist.html.

Email the MAEC Developers at [email protected].

--------------------------------------------------------------------------------
-------------------------------------------------------------------------------

About

Generate MAEC XML from GFI Sandbox XML output

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

5 stars

Watchers

11 watching

Forks

5 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 5

Languages