Adding BaseNormalization Class (#820)

* Added utils/normalization folder which includes BaseNormalization class that can be used to create identity, indicator, extension-definition, malware, and infrastructure SDO, and creates relationship SRO

* Added ReversingLabs STIX Shifter Connector that uses BaseNormalization

stix_shifter_modules/reversinglabs/README.md

@@ -0,0 +1,29 @@
+# ReversingLabs
+
+## ReversingLabs Supported STIX Pattern values (Querying):
+
+The following STIX Patterns are supported by ReversingLabs:
+
+```bash
+* ipv4-addr:value
+* ipv6-addr:value
+* file:hashes.MD5
+* file:hashes.SHA-1
+* file:hashes.SHA-256   
+* domain-name:value
+* url:value
+```
+
+### Execute a STIX pattern on a ReversingLabs instance
+
+```bash
+$ python3 main.py execute reversinglabs reversinglabs "<data_source>" "<connection>" "<configuration>" "<stix_pattern_query>"
+```
+
+
+```bash
+python3 main.py execute reversinglabs reversinglabs '{"name": "ReversingLabs", "identity_class": "system"}' '{"host":"www.example.reversinglabs.com", "namespace": "01234567-0123-4567-8901-234567890123"}' '{"auth": {"username": "abc", "password": "xyz"}}' "[file:hashes.MD5 = 'dccbda7c9ad6201ccb088078765e035d']"
+```
+
+## Exclusions
+ReversingLabs only supports one IOC pattern at a time, and will ignore a query with more AND, OR - it will check the IOC for the first pattern in the query, and return a bundle for that query

stix_shifter_modules/reversinglabs/configuration/config.json

@@ -0,0 +1,32 @@
+{
+    "connection": {
+        "type": {
+            "displayName": "ReversingLabs"
+        },
+        "host": {
+            "type": "text"
+        },
+        "port": {
+            "type": "number",
+            "default": 443
+        },
+        "help": {
+            "type": "link",
+            "default": "www.ibm.com"
+        },
+        "namespace":{
+            "type": "text"
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type" : "fields",
+            "username" : {
+                "type": "text"
+            },
+            "password": {
+                "type": "password"
+            }
+        }
+    }
+}

stix_shifter_modules/reversinglabs/configuration/lang_en.json

@@ -0,0 +1,36 @@
+{
+    "connection": {
+        "host": {
+            "label": "Management IP address or Hostname",
+            "placeholder": "https://mundy.threatqtie.com",
+            "description": "Specify the OCP Cluster hostname or the XForce API host URL"
+        },
+        "port": {
+            "label": "Host Port",
+            "description": "Set the port number that is associated with the Host name or IP"
+        },
+        "help": {
+            "label": "Need additional help?"
+        },
+        "selfSignedCert": {
+            "label": "X-Force Exchange Connection Certificate",
+            "description": "Paste your certificate"
+        },
+        "sni": {
+            "label": "Server Name Indicator",
+            "description": "The Server Name Indicator (SNI) enables a separate hostname to be provided for SSL authentication"
+        }
+    },
+    "configuration": {
+        "auth": {
+            "username": {
+                "label": "Username",
+                "description": "Username to login to your RL instance"
+            },
+            "password": {
+                "label": "Password",
+                "description": "Password for your RL instance"
+            }
+        }
+    }
+}

stix_shifter_modules/reversinglabs/entry_point.py

@@ -0,0 +1,42 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+from stix_shifter_utils.modules.base.stix_transmission.base_sync_connector import BaseSyncConnector
+from .stix_transmission.ping_connector import PingConnector
+from .stix_transmission.delete_connector import DeleteConnector
+from .stix_transmission.results_connector import ResultsConnector
+from .stix_transmission.api_client import APIClient
+from .stix_translation.query_translator import QueryTranslator
+from .stix_translation.results_translator import ResultsTranslator
+from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import JSONToStix
+import os
+
+
+class EntryPoint(BaseEntryPoint):
+
+    # python main.py translate ibmxfe results '{"type": "identity","id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff","name": "IBM X-Force","identity_class": "system"}' '' < ../xfe_result.json --stix-validator
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        self.set_async(False)
+
+        if connection:
+            api_client = APIClient(connection, configuration)
+            base_sync_connector = BaseSyncConnector()
+            ping_connector = PingConnector(api_client)
+            query_connector = base_sync_connector
+            status_connector = base_sync_connector
+            results_connector = ResultsConnector(api_client)
+            delete_connector = DeleteConnector(api_client)
+
+            self.set_results_connector(results_connector)
+            self.set_status_connector(status_connector)
+            self.set_delete_connector(delete_connector)
+            self.set_query_connector(query_connector)
+            self.set_ping_connector(ping_connector)
+
+        basepath = os.path.dirname(__file__)
+        filepath = os.path.abspath(os.path.join(basepath, "stix_translation"))
+
+        dialect = 'default'
+        query_translator = QueryTranslator(options, dialect, filepath)
+        results_translator = ResultsTranslator(options, dialect, filepath)
+        self.add_dialect(dialect, query_translator=query_translator, results_translator=results_translator, default=True)

stix_shifter_modules/reversinglabs/requirements.txt

@@ -0,0 +1 @@
+uuid==1.30

stix_shifter_modules/reversinglabs/stix_translation/json/from_stix_map.json

@@ -0,0 +1,30 @@
+{
+  "url": {
+    "fields": {
+        "value": ["Url"]
+    }
+  },
+  "ipv4-addr": {
+    "fields": {
+      "value":["SourceIpV4", "DestinationIpV4"]
+    }
+  },
+  "ipv6-addr": {
+    "fields":{
+      "value":["SourceIpV6", "DestinationIpV6"]
+    }
+  },
+  "domain-name":{
+    "fields":{
+      "value":["Url"]
+    }
+  },
+  "file":{
+    "fields":{
+      "hashes.'SHA-256'": ["sha256hash"],
+      "hashes.MD5": ["md5hash"],
+      "hashes.'MD5'": ["md5hash"],
+      "hashes.'SHA-1'": ["sha1hash"]
+    }
+  }
+}

stix_shifter_modules/reversinglabs/stix_translation/json/operators.json

@@ -0,0 +1,16 @@
+{
+  "ComparisonExpressionOperators.And": "AND",
+  "ComparisonExpressionOperators.Or": "OR",
+  "ComparisonComparators.GreaterThan": ">",
+  "ComparisonComparators.GreaterThanOrEqual": ">=",
+  "ComparisonComparators.LessThan": "<",
+  "ComparisonComparators.LessThanOrEqual": "<=",
+  "ComparisonComparators.Equal": "=",
+  "ComparisonComparators.NotEqual": "!=",
+  "ComparisonComparators.Like": "=",
+  "ComparisonComparators.In": "IN",
+  "ComparisonComparators.Matches": "CONTAINS",
+  "ComparisonComparators.IsSubSet": "insubnet",
+  "ObservationOperators.Or": "OR",
+  "ObservationOperators.And": "AND"
+}

stix_shifter_modules/reversinglabs/stix_translation/json/to_stix_map.json

@@ -0,0 +1,3 @@
+{
+
+}