Created
September 1, 2013 03:31
-
-
Save kf0jvt/6402160 to your computer and use it in GitHub Desktop.
Script I wrote to take a csv file and produce VERIS schema-compatible JSON files representing the security incidents. This script is for incidents where an activist or activist group launches a Denial of Service attack against a victim's web service.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import uuid | |
| import copy | |
| import csv | |
| import datetime | |
| infile = csv.DictReader(open('list.csv','rU')) | |
| template = {u'impact': {u'loss': [{u'rating': u'Minor', u'variety': u'Asset and fraud'}, {u'rating': u'Minor', u'variety': u'Brand damage'}, {u'rating': u'Minor', u'variety': u'Business disruption'}, {u'rating': u'Minor', u'variety': u'Operating costs'}, {u'rating': u'Minor', u'variety': u'Legal and regulatory'}, {u'rating': u'Minor', u'variety': u'Competitive advantage'}, {u'rating': u'Minor', u'variety': u'Response and recovery'}], u'overall_rating': u'Unknown'}, u'incident_id': u'osint1016', u'reference': u'http://news.softpedia.com/news/Dutch-Government-Identity-Management-Platform-DigiD-Disrupted-by-DDOS-Attack-376189.shtml (20130821) http://www.nrc.nl/nieuws/2013/08/16/digid-deels-plat-door-ddos-aanval/ (20130821)', u'attribute': {u'availability': {u'duration': {u'unit': u'Hours'}, u'notes': u'', u'variety': [u'Interruption']}}, u'discovery_method': u'Unknown', u'schema_version': u'1.2', u'summary': u'Dutch Government Identity Management Platform DigiD Disrupted by DDOS Attack', u'source_id': u'osint', u'security_incident': u'Confirmed', u'plus': {u'attribute': {u'confidentiality': {u'credit_monitoring': u'U', u'data_abuse': u'U', u'data_subject': u''}}, u'timeline': {u'notification': {u'year': 2013, u'day': 16, u'month': 8}}, u'f500': u'N', u'master_id': u'osint1016', u'asset': {u'total': u'No'}}, u'actor': {u'external': {u'motive': [u'Ideology'], u'country': [u'Unknown'], u'variety': [u'Activist']}}, u'victim': [{u'country': u'NL', u'notes': u'', u'industry': u'921', u'victim_id': u'DigiD Dutch Government', u'employee_count': u'Unknown'}], u'timeline': {u'exfiltration': {u'unit': u'NA'}, u'incident': {u'year': 2013, u'day': 16, u'month': 8}, u'containment': {u'unit': u'Hours'}, u'compromise': {u'unit': u'Unknown'}, u'discovery': {u'unit': u'Unknown'}}, u'action': {u'hacking': {u'notes': u'', u'vector': [u'Web application'], u'variety': [u'DoS']}}, u'notes': u'', u'asset': {u'assets': [{u'variety': u'S - Web application'}]}} | |
| for row in infile: | |
| incident = copy.copy(template) | |
| incident['victim'][0]['victim_id'] = row['vic.name'] | |
| incident['victim'][0]['industry'] = row['vic.naics'] | |
| incident['victim'][0]['country'] = row['vic.country'] | |
| incident['reference'] = row['reference'] | |
| incident['summary'] = row['summary'].decode('ascii','ignore').encode('utf-8') | |
| incident['timeline']['discovery'] = row['discovery'] | |
| notification_date = datetime.datetime.strptime(row['notification'],'%m/%d/%y') | |
| incident_date = datetime.datetime.strptime(row['incident'],'%m/%d/%y') | |
| incident['plus']['timeline']['notification']['month'] = notification_date.month | |
| incident['plus']['timeline']['notification']['day'] = notification_date.day | |
| incident['plus']['timeline']['notification']['year'] = notification_date.year | |
| incident['timeline']['incident']['month'] = incident_date.month | |
| incident['timeline']['incident']['day'] = incident_date.day | |
| incident['timeline']['incident']['year'] = incident_date.year | |
| identity = str(uuid.uuid4()).upper() | |
| incident['incident_id'] = identity | |
| incident['plus']['master_id'] = identity | |
| outfile = open(identity+'.json','w') | |
| outfile.write(json.dumps(incident,indent=4, separators=(',', ': '))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment