Skip to content

Instantly share code, notes, and snippets.

@kf0jvt

kf0jvt/stolen-laptop.csv

Last active December 22, 2015 01:48
Show Gist options
  • Save kf0jvt/6398430 to your computer and use it in GitHub Desktop.
Save kf0jvt/6398430 to your computer and use it in GitHub Desktop.
Download ZIP
Script I wrote to take a csv file and produce VERIS schema-compatible JSON files representing the security incidents.
Raw
stolen-laptop.csv
github vic.name vic.naics vic.country vic.state vic.employee reference summary discovery data.variety data.total asset.variety notification incident data.subject
111 Company 121212 US MN 25001 to 50000 Personal 82160 Other U - Laptop http://youtu.be/RmFnarFSj_U Something happened Days 12/24/2012 12/25/2012
Raw
stolen-laptop.py
import json
import uuid
import copy
import csv
import datetime
infile = csv.DictReader(open('stolen-laptop.csv','rU'))
template = {u'impact': {u'overall_rating': u'Unknown'}, u'incident_id': '', u'reference': '', u'attribute': {u'confidentiality': {u'notes': u'', u'data_disclosure': u'Potentially', u'data': [{u'variety': u''}], u'state': [u'Stored']}}, u'notes': u'', u'schema_version': u'1.2', u'summary': u'', u'source_id': u'vcdb', u'security_incident': u'Confirmed', u'plus': {u'attribute': {u'confidentiality': {u'credit_monitoring': u'U', u'data_abuse': u'U', u'data_subject': u''}}, u'timeline': {u'notification': {u'year': 2012, u'day': 15, u'month': 6}}, u'f500': u'U', u'master_id': '', u'asset': {u'total': u'No'}}, u'actor': {u'external': {u'motive': [u'Unknown'], u'country': [u'Unknown'], u'variety': [u'Unknown']}}, u'victim': [{u'victim_id': u'Indiana Internal Medicine Consultants', u'revenue': {u'iso_currency_code': u'USD', u'amount': 5000000}, u'country': u'US', u'notes': u'', u'state': u'IN', u'employee_count': u'11 to 100', u'industry': u'621111'}], u'timeline': {u'incident': {u'year': 2012, u'month': 5}}, u'action': {u'physical': {u'vector': [u'Unknown'], u'location':[u'Unknown'], u'variety': [u'Theft']}}, u'discovery_method': u'Unknown', u'asset': {u'assets': [{u'variety': u'U - Laptop'}]}}
template['attribute']['availability'] = {'variety':['Loss']}
for row in infile:
incident = copy.copy(template)
incident['plus']['github'] = row['github']
incident['victim'][0]['victim_id'] = row['vic.name']
incident['victim'][0]['industry'] = row['vic.naics']
incident['victim'][0]['country'] = row['vic.country']
if row['vic.state'] != '':
incident['victim'][0]['state'] = row['vic.state']
if row['vic.employee'] != '':
incident['victim'][0]['employee_count'] = row['vic.employee']
incident['reference'] = row['reference']
incident['summary'] = row['summary'].decode('ascii','ignore').encode('utf-8')
incident['timeline']['discovery'] = {'unit':row['discovery']}
incident['attribute']['confidentiality']['data'][0]['variety'] = row['data.variety']
if row['data.total'] != '':
incident['attribute']['confidentiality']['data_total'] = int(row['data.total'])
incident['asset']['assets'][0]['variety'] = row['asset.variety']
notification_date = datetime.datetime.strptime(row['notification'],'%m/%d/%y')
incident_date = datetime.datetime.strptime(row['incident'],'%m/%d/%y')
incident['plus']['timeline']['notification']['month'] = notification_date.month
incident['plus']['timeline']['notification']['day'] = notification_date.day
incident['plus']['timeline']['notification']['year'] = notification_date.year
incident['plus']['attribute']['confidentiality']['data_subject'] = row['data.subject']
incident['timeline']['incident']['month'] = incident_date.month
incident['timeline']['incident']['day'] = incident_date.day
incident['timeline']['incident']['year'] = incident_date.year
identity = str(uuid.uuid4()).upper()
incident['incident_id'] = identity
incident['plus']['master_id'] = identity
outfile = open('veris/'+ identity+'.json','w')
outfile.write(json.dumps(incident,indent=4, sort_keys=True, separators=(',', ': ')))
outfile.close()
@kf0jvt
Copy link
Author

kf0jvt commented Aug 31, 2013

Expects a csv file called stolen-laptop.csv which has the following headers:

  • vic.name - The proper name for the victim organization (required);
  • vic.naics - the NAICS code for the victim organization (required);
  • vic.count - Two character upper-case country code for the victim (required);
  • vic.state - Two character upper-case state for the victim (not required - leave blank);
  • vic.employee - One of the valid enumerations for employee_count (not required - leave blank);
  • data.variety - One of the valid enumerations for data variety (required);
  • data.total - An integer (not required - leave blank);
  • data.subject - One from 'Unknown','Customer','Partner','Patient','Student','Other' (required);
  • asset.variety - One of the valid enumerations for asset variety (required);
  • reference - URL of a public source of information (required);
  • summary - Short description of what happened (required);
  • discovery - One of the valid enumerations for timeline unit (Days, Weeks, etc.) (required);
  • incident - date in mm/dd/yy format (required);
  • notification - date in mm/dd/yy format (required);

The valid enumerations for the fields can be found in the VERIS schema: https://github.com/vz-risk/veris/blob/master/verisc-enum.json

*Also, this script is for describing STOLEN devices, not lost devices. There is a different action for lost devices *

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment