Generate MAEC XML from GFI Sandbox XML output
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
gfi
.gitignore
LICENSE.txt
README
__init__.py
gfi_parser.py
gfi_sandbox.py
gfisandbox_to_maec.py

README

****************************************************

GFI Sandbox XML -> MAEC XML Converter Script

Copyright (c) 2015 - The MITRE Corporation

****************************************************

BY USING THE GFI SANDBOX TO MAEC SCRIPT, YOU SIGNIFY YOUR ACCEPTANCE OF THE TERMS AND 
CONDITIONS OF USE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SCRIPT.

For more information, please refer to the LICENSE.txt file.

#########################################################################################################

Generates MAEC Output from a GFI Sandbox v4 XML file

Compatible with Malware Attribute Enumeration and Characterization (MAEC™) Schema v4.1 and
Cyber Observable eXpression (CybOX™) 2.1
                                                               
v0.24 - BETA                                                   
Updated 10/13/2014                                             
                                                              
##########################################################################################################

MAEC - https://maecproject.github.io/                        
ThreatTrack (GFI) Sandbox - http://www.threattracksecurity.com/enterprise-security/sandbox-software.aspx    
CybOX - https://cyboxproject.github.io/     

##########################################################################################################

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Included Files

README: this file.
gfisandbox_to_maec.py: the GFI Sandbox XML to MAEC XML Python converter script.
gfi_sandbox.py: the GFI Sandbox Python bindings which the script imports.
gfi_parser.py: the GFI parser class.
\gfi: the GFI parser classes which the script imports.
LICENSE.txt: the terms of use for this script.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Dependencies

This code has been developed and tested under Python 2.7.x and so may not
be compatible with Python 3.x.

There are three dependencies for this script:
1) The Python lxml library  >= v3.2.x, http://lxml.de/
1) The python-maec library  >= v4.1.0.0, https://pypi.python.org/pypi/maec
2) The python-cybox library >= v2.1.0.0, https://pypi.python.org/pypi/cybox

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Usage Notes

The command-line syntax for the script is:
python gfisandbox_to_maec.py <special argument> <gfisandbox file OR directory> 
<maec output file OR directory>

Special arguments are as follows (all are optional):
-v or --verbose : verbose error mode (prints tracebacks of any errors during execution).
-dd or --deduplicate : deduplicate the MAEC output (Objects only).
-n or --normalize : normalize the MAEC output (Objects only).
-dr or --dereference : dereference the MAEC output (Objects only). 

Thus, a sample command-line would look like:

python gfisandbox_to_maec.py -dd -n gfi_out.xml gfi_maec_out.xml

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

About MAEC

Malware Attribute Enumeration and Characterization (MAEC™) is a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

The goal of the MAEC (pronounced "mike") effort is to provide a basis for transforming malware research and response. MAEC aims to eliminate the ambiguity and inaccuracy that currently exists in malware descriptions and to reduce reliance on signatures. In this way, MAEC seeks to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances. The MAEC Language enables correlation, integration, and automation.

Please visit the MAEC website at https://maecproject.github.io/ for more information about the MAEC Language.

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Getting Help

Join the public MAEC Community Email Discussion List at https://maec.mitre.org/community/discussionlist.html.

Email the MAEC Developers at maec@mitre.org.

--------------------------------------------------------------------------------
-------------------------------------------------------------------------------