{ "info": { "author": "Philippe Lagadec", "author_email": "decalage at laposte dot net", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Topic :: Security" ], "description": "iodeflib\n========\n\niodeflib is a python library to create, parse and edit cyber incident\nreports using the IODEF XML format (`RFC\n5070 `_).\n\nProject website: http://www.decalage.info/python/iodeflib\n\nOn the one hand, IODEF is a very rich, flexible and extensible XML\nformat to describe cyber incidents. On the other hand, it can be quite\ncomplex to use in practice, because it is difficult to parse IODEF\ncontent due to its rich features and deeply nested structure.\n\niodeflib is an attempt to provide a simple API to ease the development\nof IODEF-aware scripts and applications.\n\niodeflib is different from the\n`iodef `_ python package published on\nPyPI and Sourceforge. In fact I created iodeflib because I was quite\ndisappointed by the complexity of the iodef package. iodef was generated\nautomatically from the IODEF XML schema using\n`GenerateDS `_, which\nindeed exposes the complexity of the IODEF schema.\n\nIn contrast, iodeflib was carefully designed in order to keep the python\ninterface as simple as possible, hiding some unnecessarily nested\nstructures of the IODEF schema, and adding more convenient shortcuts.\nIodeflib is also designed to be extensible.\n\nDownload\n--------\n\nGo to https://bitbucket.org/decalage/iodeflib/downloads\n\nUsage\n-----\n\nThe following sample scripts are provided in the iodeflib package, in\nthe examples subfolder.\n\nHow to parse IODEF data\n~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n import iodeflib\n # open XML file and parse IODEF:\n iodef = iodeflib.parse_file('iodef.xml')\n # print some attributes for each incident:\n for incident in iodef.incidents:\n print 'Incident %s from %s - impact type: %s' % (incident.id,\n incident.id_name, incident.get_first_impact().type)\n for desc in incident.descriptions:\n print desc\n print 'Sources:'\n for system in incident.get_sources(): print system.get_addresses()\n print 'Targets:'\n for system in incident.get_targets(): print system.get_addresses()\n print ''\n\nHow to create IODEF data\n~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n import iodeflib\n # create a new IODEF document:\n iodef = iodeflib.IODEF_Document()\n # create a new incident:\n incident1 = iodeflib.Incident(id='1234', id_name='CSIRT-X',\n report_time='2011-09-13T11:01:00+00:00',\n start_time='2011-09-13T10:19:24+00:00')\n # add description:\n incident1.descriptions = ['Detected denial of service attack']\n # add sources and targets:\n incident1.add_system(category='source', address='192.168.1.2')\n incident1.add_system(category='target', address='192.168.3.7', name='XYZ')\n # add impact assessment:\n incident1.add_impact(description='DoS on system XYZ', type='dos',\n severity='medium', completion='succeeded', occurence='actual',\n restriction='need-to-know')\n iodef.incidents.append(incident1)\n # serialize IODEF to XML, print it and save it to a file:\n print iodef\n open('iodef2.xml', 'w').write(str(iodef))\n\nHow to edit IODEF data\n~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n # open XML file and parse IODEF:\n iodef = iodeflib.parse_file('iodef2.xml')\n # get incident, add end time and history item:\n incident1 = iodef.incidents[0]\n histitem = iodeflib.HistoryItem(descriptions=['Blocked source IP.'],\n datetime='2011-09-13T13:47:12+00:00')\n incident1.history.append(histitem)\n incident1.end_time='2011-09-13T13:47:12+00:00'\n incident1.report_time='2011-09-13T13:52:00+00:00'\n # save IODEF back to an XML file:\n print iodef\n open('iodef2_updated.xml', 'w').write(str(iodef))\n\nMore info on the API\n~~~~~~~~~~~~~~~~~~~~\n\nSee iodeflib.html in the iodeflib folder, or check the docstrings in the\nsource code.\n\nStatus\n------\n\nNot all the features of RFC 5070 are implemented in iodeflib yet.\nHowever, the most useful classes are already available.\n\nHow to contribute\n-----------------\n\nEither send an e-mail to the author, or use the fork / pull request\nfeatures of Bitbucket to propose improvements to the code.\n\nSee the TODO section in the source code for a list of potential\nimprovements.\n\nHow to report bugs\n------------------\n\nYou may create an issue ticket on\nhttps://bitbucket.org/decalage/iodeflib/issues, or send an e-mail to the\nauthor.\n\nPlease provide enough information to reproduce the bug: which version\nyou use, which operating system and version of Python, etc. Please also\nprovide sample code and data files to reproduce the bug.\n\nLicense\n-------\n\nCopyright (c) 2011-2012, Philippe Lagadec (http://www.decalage.info).\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n- Redistributions of source code must retain the above copyright\n notice, this list of conditions and the following disclaimer.\n- Redistributions in binary form must reproduce the above copyright\n notice, this list of conditions and the following disclaimer in the\n documentation and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\nIS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED\nTO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A\nPARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nHOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED\nTO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.", "description_content_type": null, "docs_url": null, "download_url": "https://bitbucket.org/decalage/iodeflib/downloads", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://www.decalage.info/python/iodeflib", "keywords": null, "license": "BSD", "maintainer": null, "maintainer_email": null, "name": "iodeflib", "package_url": "https://pypi.org/project/iodeflib/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/iodeflib/", "project_urls": { "Download": "https://bitbucket.org/decalage/iodeflib/downloads", "Homepage": "http://www.decalage.info/python/iodeflib" }, "release_url": "https://pypi.org/project/iodeflib/0.07/", "requires_dist": null, "requires_python": null, "summary": "a python library to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070)", "version": "0.07" }, "last_serial": 407071, "releases": { "0.07": [ { "comment_text": "", "digests": { "md5": "3e86064122729d49bd812e58d895715c", "sha256": "40b43b19d4d34adf79a663457d5a2852e9d14656a62fac2d1bde853e2723b126" }, "downloads": -1, "filename": "iodeflib-0.07.zip", "has_sig": false, "md5_digest": "3e86064122729d49bd812e58d895715c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35283, "upload_time": "2012-04-19T06:50:15", "url": "https://files.pythonhosted.org/packages/14/81/53e871a7a713c0adaf9e0296bff43b6848c080b9ead1f0cd4b3bf58e2db9/iodeflib-0.07.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "3e86064122729d49bd812e58d895715c", "sha256": "40b43b19d4d34adf79a663457d5a2852e9d14656a62fac2d1bde853e2723b126" }, "downloads": -1, "filename": "iodeflib-0.07.zip", "has_sig": false, "md5_digest": "3e86064122729d49bd812e58d895715c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35283, "upload_time": "2012-04-19T06:50:15", "url": "https://files.pythonhosted.org/packages/14/81/53e871a7a713c0adaf9e0296bff43b6848c080b9ead1f0cd4b3bf58e2db9/iodeflib-0.07.zip" } ] }