opencybersecurityalliance · delliott90 · May 12, 2023 · Apr 21, 2023 · Apr 21, 2023 · Apr 21, 2023
diff --git a/stix_shifter_modules/intezer/.coveragerc b/stix_shifter_modules/intezer/.coveragerc
@@ -0,0 +1,2 @@
+[run]
+omit = tests/*
diff --git a/stix_shifter_modules/intezer/__init__.py b/stix_shifter_modules/intezer/__init__.py
diff --git a/stix_shifter_modules/intezer/configuration/config.json b/stix_shifter_modules/intezer/configuration/config.json
@@ -0,0 +1,105 @@
+{
+    "connection": {
+        "type": {
+            "id": "Intezer_Connector",
+            "displayName": "Intezer",
+            "description": "Analyze files, endpoints, and memory dumps, to detect and classify threats."
+        },
+        "help": {
+            "default": "www.ibm.com",
+            "type": "link"
+        },
+        "options": {
+            "type": "fields",
+            "concurrent": {
+                "default": 4,
+                "min": 1,
+                "max": 100,
+                "type": "number",
+                "previous": "connection.maxConcurrentSearches"
+            },
+            "result_limit": {
+                "default": 10000,
+                "min": 1,
+                "max": 500000,
+                "type": "number",
+                "previous": "connection.resultSizeLimit",
+                "hidden": true
+            },
+            "time_range": {
+                "default": 5,
+                "min": 1,
+                "max": 10000,
+                "type": "number",
+                "previous": "connection.timerange",
+                "nullable": true,
+                "hidden": true
+            },
+            "timeout": {
+                "default": 30,
+                "min": 1,
+                "max": 60,
+                "type": "number",
+                "previous": "connection.timeoutLimit"
+            }
+        },
+        "namespace":{
+            "type": "text",
+            "default": "9d4bedaf-d351-4f50-930f-f8eb121e5bae",
+            "hidden": true
+        },
+        "host": {
+            "type": "text",
+            "default": "",
+            "hidden": true
+        },
+        "port": {
+            "default": 443,
+            "type": "number",
+            "min": 1,
+            "max": 65535,
+            "hidden": true
+        }
+    },
+    "configuration": {
+        "auth": {
+            "type" : "fields",
+            "key":{
+                "type":"password"
+            }
+        },
+        "rateLimit": {
+            "type": "fields",
+            "rateLimit": {
+                "default": 3000,
+                "type": "number",
+                "hidden": true
+            },
+            "rateUnit": {
+                "default": "Minute",
+                "type": "text",
+                "hidden": true
+            }
+        },
+        "cacheDuration": {
+            "type": "fields",
+            "cacheDuration": {
+                "default": 10,
+                "type": "number",
+                "hidden": true
+            },
+            "unit": {
+                "default": "Minute",
+                "type": "text",
+                "hidden": true
+            }
+        },
+        "dataTypeList": {
+            "type": "fields",
+            "hash": {
+                "type": "checkbox",
+                "default": true
+            }
+        }
+    }
+}
diff --git a/stix_shifter_modules/intezer/configuration/lang_en.json b/stix_shifter_modules/intezer/configuration/lang_en.json
@@ -0,0 +1,61 @@
+{
+    "connection": {
+        "options": {
+            "concurrent": {
+                "label": "Concurrent Search Limit",
+                "description": "The number of simultaneous connections that can be made between the host and the data source.  Valid input range is {{min}} to {{max}}."
+            },
+            "search_timeout": {
+                "label": "Query Search Timeout Limit",
+                "description": "The limit on how long the query will run, in minutes, on the data source."
+            }
+        },
+        "host": {
+            "label": "Management IP address or Hostname",
+            "placeholder": "192.168.1.10",
+            "description": "Specify the OCP Cluster hostname or the XForce API host URL"
+        },
+        "port": {
+            "label": "Host Port",
+            "description": "Set the port number that is associated with the Host name or IP"
+        },
+        "namespace": {
+            "label": "The UUID Namespace to generate unique ",
+            "description": "Supply a UUID to generate deterministic UUIDs for the resulting STIX bundle"
+        }
+    },
+    "configuration": {
+        "auth": {
+            "key": {
+                "label": "key",
+                "description": "APIKey to query Intezer"
+            }
+        },
+        "rateLimit": {
+            "rateLimit": {
+                "label": "Rate Limit",
+                "description": "The number of queries allowed by Intezer"
+            },
+            "rateUnit": {
+                "label": "Rate Unit",
+                "description": "The rate unit for rate limit in [seconds, minutes, days, months, years ...]"
+            }
+        },
+        "cacheDuration": {
+            "cacheDuration": {
+                "label": "Cache Duration",
+                "description": "How long should we cache the results of the STIX Bundle execution?"
+            },
+            "unit": {
+                "label": "Rate Unit",
+                "description": "The unit for cache in [seconds, minutes, days, months, years ...]"
+            }
+        },
+        "dataTypeList": {
+            "hash": {
+                "label": "Hash",
+                "description": "Whether Hash queries are supported by Intezer based on the User's API Provisioning"
+            }
+        }
+    }
+}
diff --git a/stix_shifter_modules/intezer/entry_point.py b/stix_shifter_modules/intezer/entry_point.py
@@ -0,0 +1,38 @@
+from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint
+from .stix_transmission.api_client import APIClient
+from .stix_transmission.ping_connector import PingConnector
+from .stix_transmission.results_connector import ResultsConnector
+from .stix_transmission.delete_connector import DeleteConnector
+from .stix_translation.query_translator import QueryTranslator
+from .stix_translation.results_translator import ResultsTranslator
+from stix_shifter_utils.modules.base.stix_transmission.base_sync_connector import BaseSyncConnector
+import os
+
+
+class EntryPoint(BaseEntryPoint):
+
+    def __init__(self, connection={}, configuration={}, options={}):
+        super().__init__(connection, configuration, options)
+        if connection:
+            api_client = APIClient(connection, configuration)
+            base_sync_connector = BaseSyncConnector()
+            ping_connector = PingConnector(api_client)
+            query_connector = base_sync_connector
+            status_connector = base_sync_connector
+            results_connector = ResultsConnector(api_client)
+            delete_connector = DeleteConnector(api_client)
+
+            self.set_ping_connector(ping_connector)
+            self.set_query_connector(query_connector)
+            self.set_status_connector(status_connector)
+            self.set_results_connector(results_connector)
+            self.set_delete_connector(delete_connector)
+
+        basepath = os.path.dirname(__file__)
+        filepath = os.path.abspath(
+            os.path.join(basepath, "stix_translation"))
+
+        dialect = 'default'
+        query_translator = QueryTranslator(options, dialect, filepath)
+        results_translator = ResultsTranslator(options, dialect, filepath)
+        self.add_dialect(dialect, query_translator=query_translator, results_translator=results_translator, default=True)
diff --git a/stix_shifter_modules/intezer/requirements.txt b/stix_shifter_modules/intezer/requirements.txt
@@ -0,0 +1 @@
+uuid==1.30
diff --git a/stix_shifter_modules/intezer/stix_translation/__init__.py b/stix_shifter_modules/intezer/stix_translation/__init__.py
diff --git a/stix_shifter_modules/intezer/stix_translation/json/from_stix_map.json b/stix_shifter_modules/intezer/stix_translation/json/from_stix_map.json
@@ -0,0 +1,20 @@
+{
+  "url": {
+    "fields": {
+        "value": ["Url"]
+    }
+  },
+  "domain-name":{
+    "fields":{
+      "value":["Url"]
+    }
+  },
+  "file":{
+    "fields":{
+      "hashes.'SHA-256'": ["sha256hash"],
+      "hashes.MD5": ["md5hash"],
+      "hashes.'MD5'": ["md5hash"],
+      "hashes.'SHA-1'": ["sha1hash"]
+    }
+  }
+}
diff --git a/stix_shifter_modules/intezer/stix_translation/json/operators.json b/stix_shifter_modules/intezer/stix_translation/json/operators.json
@@ -0,0 +1,16 @@
+{
+  "ComparisonExpressionOperators.And": "AND",
+  "ComparisonExpressionOperators.Or": "OR",
+  "ComparisonComparators.GreaterThan": ">",
+  "ComparisonComparators.GreaterThanOrEqual": ">=",
+  "ComparisonComparators.LessThan": "<",
+  "ComparisonComparators.LessThanOrEqual": "<=",
+  "ComparisonComparators.Equal": "=",
+  "ComparisonComparators.NotEqual": "!=",
+  "ComparisonComparators.Like": "=",
+  "ComparisonComparators.In": "IN",
+  "ComparisonComparators.Matches": "CONTAINS",
+  "ComparisonComparators.IsSubSet": "insubnet",
+  "ObservationOperators.Or": "OR",
+  "ObservationOperators.And": "AND"
+}
diff --git a/stix_shifter_modules/intezer/stix_translation/json/to_stix_map.json b/stix_shifter_modules/intezer/stix_translation/json/to_stix_map.json
@@ -0,0 +1,3 @@
+{
+
+}