Re: [CYBOX] [STIX] Guide for subclassing CybOX objects?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [CYBOX] [STIX] Guide for subclassing CybOX objects?

Jon Baker
Administrator

“This page is intended to explain the process of creating a new CybOX Object for characterizing cyber observable data outside the scope of the current CybOX Object set. The concept of a CybOX Object referred to here is, more specifically, a set of schema-defined properties that can be used to characterize a given object in the cyber domain.”

 

http://cyboxproject.github.io/documentation/creating-objects/

 

That page should get you started. Let us know if you have any questions after reviewing the walk through.

 

Thanks,

 

Jon

 

============================================

Jonathan O. Baker

J83D - Cyber Security Partnerships, Sharing, and Automation

The MITRE Corporation

Email: [hidden email]

 

From: John-Mark Gurney [mailto:[hidden email]]
Sent: Wednesday, May 06, 2015 1:31 PM
To: stix-discussion-list Structured Threat Information Expression/ST
Subject: [STIX] Guide for subclassing CybOX objects?

 

Is there a good guide for subclassing CybOX objects?  I've seen some references that seem to say that you can subclass/expand existing objects (otherwise how does CustomObj work?), but I'm not familiar enough w/ XML schema design to know how to do that myself.

 

Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: [CYBOX] [STIX] Guide for subclassing CybOX objects?

juandiana
Greetings,

I'd like to know more regarding the next steps. Suppose I have finished my new object schema definition (following the guidelines explained in the link you mentioned). How would I go about extending python-cybox to support this new object?

As mentioned in this issue, there are two ways to extend python-cybox to support new objects. For the first one (which does not use a XSD), documentation has been merged into master recently, and the way to proceed is clear. However, the second approach looks more interesting to me.

From what I understand the following should work fine:
  1. Using generate_ds, create the binding class from the new object's XSD. Then place the generated class into cybox.bindings (or perhaps in a new directory in cybox.bindings.extensions?).
  2. Create a new object class (by subclassing ObjectProperties) which references the generated binding class, declares its corresponding namespace and declares each of the new object's fields (using cybox.TypedField). Then place the new class into cybox.objects.
  3. Use the new object as you would do with the other pre-defined objects in cybox.objects.
Doing a quick test, it seems to work. Not sure if there's a better approach for maintaining custom objects (w/ XSD) though, especially in order to be able to use the pypi package.

Note: generated_ds link provided in python-cybox README is dead. Added an issue.

Thanks,
- J. D.


On Wed, May 6, 2015 at 3:37 PM, Baker, Jon <[hidden email]> wrote:

“This page is intended to explain the process of creating a new CybOX Object for characterizing cyber observable data outside the scope of the current CybOX Object set. The concept of a CybOX Object referred to here is, more specifically, a set of schema-defined properties that can be used to characterize a given object in the cyber domain.”

 

http://cyboxproject.github.io/documentation/creating-objects/

 

That page should get you started. Let us know if you have any questions after reviewing the walk through.

 

Thanks,

 

Jon

 

============================================

Jonathan O. Baker

J83D - Cyber Security Partnerships, Sharing, and Automation

The MITRE Corporation

Email: [hidden email]

 

From: John-Mark Gurney [mailto:[hidden email]]
Sent: Wednesday, May 06, 2015 1:31 PM
To: stix-discussion-list Structured Threat Information Expression/ST
Subject: [STIX] Guide for subclassing CybOX objects?

 

Is there a good guide for subclassing CybOX objects?  I've seen some references that seem to say that you can subclass/expand existing objects (otherwise how does CustomObj work?), but I'm not familiar enough w/ XML schema design to know how to do that myself.

 

Thanks.


Reply | Threaded
Open this post in threaded view
|

Re: [CYBOX] [STIX] Guide for subclassing CybOX objects?

Back, Greg
If you already have an XSD, you shouldn't use the Custom object (for which support in python-cybox was added in version 2.1.0.10, and recently documented on ReadTheDocs). The Custom object is a more lightweight alterative in case you don't want to define your own XSD (for one-to-one sharing, for example).

Off the top of my head, you're basically on track with the steps you outline. There are a couple additional things, though.

1. Generate the bindings with GenerateDS. For reference, we used version 2.9a to create the bindings initially in 2013, and have heavily modified the resulting output since then, so you may want to look at the changes to an existing object (such as [1]) to make the equivalent adjustments in your binding file. This file doesn't need to be added to the "cybox.bindings" package, but should probably be in some other package related to your project.
2. In the code that uses your new object, you should call cybox.bindings.cybox_core.add_external_class() [2] before trying to use it, particularly if your code is trying to parse XML content with that object. This is how the parser knows where to find the binding implementation of your object.
3. Create a new object class (again, it doesn't have to be in the cybox package, but should be in some package. Use TypedFields and look at the other objects if you have any problems.
4. You'll also need to update the namespace metadata. Add tuples to the NS_LIST and OBJ_LIST variables in cybox/utils/nsparser.py. The second item in the OBJ_LIST tuple is the name of Python class you created in step 3. Then, regenerate the META object using `cybox.META = Metadata(NEW_NS_LIST, NEW_OBJ_LIST)` where the NEW_ lists are the ones that have your object added.

It has been a while since I've had to do this, so I may have forgotten something. Let me know if you run into any problems! And thanks for pointing out the broken link!

Greg Back
MITRE

[1] https://github.com/CybOXProject/python-cybox/commits/master/cybox/bindings/port_object.py
[2] https://github.com/CybOXProject/python-cybox/blob/85bc959b5dcebe4a199d4d1181bb568ed779d180/cybox/bindings/cybox_core.py#L4015 


>-----Original Message-----
>From: Juan Andrés Diana [mailto:[hidden email]]
>Sent: Wednesday, May 06, 2015 10:35 PM
>To: cybox-discussion-list Cyber Observable Expression/CybOX Discussi
>Subject: Re: [CYBOX] [STIX] Guide for subclassing CybOX objects?
>
>Greetings,
>
>I'd like to know more regarding the next steps. Suppose I have finished my
>new object schema definition (following the guidelines explained in the
>link you mentioned). How would I go about extending python-cybox to
>support this new object?
>
>As mentioned in this issue <https://github.com/CybOXProject/python-
>cybox/issues/217> , there are two ways to extend python-cybox to support
>new objects. For the first one (which does not use a XSD), documentation
>has been merged into master recently, and the way to proceed is clear.
>However, the second approach looks more interesting to me.
>
>From what I understand the following should work fine:
>
>1. Using generate_ds, create the binding class from the new object's
>XSD. Then place the generated class into cybox.bindings (or perhaps in a
>new directory in cybox.bindings.extensions?).
>
>2. Create a new object class (by subclassing ObjectProperties) which
>references the generated binding class, declares its corresponding
>namespace and declares each of the new object's fields (using
>cybox.TypedField). Then place the new class into cybox.objects.
>
>3. Use the new object as you would do with the other pre-defined
>objects in cybox.objects.
>
>
>Doing a quick test, it seems to work. Not sure if there's a better
>approach for maintaining custom objects (w/ XSD) though, especially in
>order to be able to use the pypi package.
>
>Note: generated_ds link provided in python-cybox README is dead. Added an
>issue <https://github.com/CybOXProject/python-cybox/issues/248> .
>
>Thanks,
>- J. D.
>
>
>On Wed, May 6, 2015 at 3:37 PM, Baker, Jon <[hidden email]
><mailto:[hidden email]> > wrote:
>
>
> “This page is intended to explain the process of creating a new
>CybOX Object for characterizing cyber observable data outside the scope of
>the current CybOX Object set
><http://cyboxproject.github.io/documentation/objects> . The concept of a
>CybOX Object referred to here is, more specifically, a set of schema-
>defined properties that can be used to characterize a given object in the
>cyber domain.”
>
>
>
> http://cyboxproject.github.io/documentation/creating-objects/
>
>
>
> That page should get you started. Let us know if you have any
>questions after reviewing the walk through.
>
>
>
> Thanks,
>
>
>
> Jon
>
>
>
> ============================================
>
> Jonathan O. Baker
>
> J83D - Cyber Security Partnerships, Sharing, and Automation
>
> The MITRE Corporation
>
> Email: [hidden email] <mailto:[hidden email]>
>
>
>
> From: John-Mark Gurney [mailto:[hidden email]
><mailto:[hidden email]> ]
> Sent: Wednesday, May 06, 2015 1:31 PM
> To: stix-discussion-list Structured Threat Information Expression/ST
> Subject: [STIX] Guide for subclassing CybOX objects?
>
>
>
> Is there a good guide for subclassing CybOX objects?  I've seen some
>references that seem to say that you can subclass/expand existing objects
>(otherwise how does CustomObj work?), but I'm not familiar enough w/ XML
>schema design to know how to do that myself.
>
>
>
> Thanks.
>


smime.p7s (8K) Download Attachment