1# Copyright (c) 2020, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4from mixbox import entities, fields 5 6import cybox.bindings.network_flow_object as network_flow_binding 7from cybox.common import ( 8 BaseProperty, HexBinary, Integer, ObjectProperties, PlatformSpecification, 9 PositiveInteger, String 10) 11from cybox.objects.address_object import Address 12from cybox.objects.network_packet_object import TCPFlags 13from cybox.objects.socket_address_object import SocketAddress 14 15 16class NetflowV5FlowRecord(entities.Entity): 17 _binding = network_flow_binding 18 _binding_class = network_flow_binding.NetflowV5FlowRecordType 19 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 20 21 nexthop_ipv4_addr = fields.TypedField("Nexthop_IPv4_Addr", Address) 22 packet_count = fields.TypedField("Packet_Count", Integer) 23 byte_count = fields.TypedField("Byte_Count", Integer) 24 sysuptime_start = fields.TypedField("SysUpTime_Start", Integer) 25 sysuptime_end = fields.TypedField("SysUpTime_End", Integer) 26 padding1 = fields.TypedField("Padding1", HexBinary) 27 tcp_flags = fields.TypedField("TCP_Flags", HexBinary) 28 src_autonomous_system = fields.TypedField("Src_Autonomous_System", Integer) 29 dest_autonomous_system = fields.TypedField("Dest_Autonomous_System", Integer) 30 src_ip_mask_bit_count = fields.TypedField("Src_IP_Mask_Bit_Count", String) 31 dest_ip_mask_bit_count = fields.TypedField("Dest_IP_Mask_Bit_Count", String) 32 padding2 = fields.TypedField("Padding2", HexBinary) 33 34 35class NetflowV5FlowHeader(entities.Entity): 36 _binding = network_flow_binding 37 _binding_class = network_flow_binding.NetflowV5FlowHeaderType 38 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 39 40 version = fields.TypedField("Version", HexBinary) 41 count = fields.TypedField("Count", Integer) 42 sys_up_time = fields.TypedField("Sys_Up_Time", Integer) 43 unix_secs = fields.TypedField("Unix_Secs", Integer) 44 unix_nsecs = fields.TypedField("Unix_Nsecs", Integer) 45 flow_sequence = fields.TypedField("Flow_Sequence", Integer) 46 engine_type = fields.TypedField("Engine_Type", String) 47 engine_id = fields.TypedField("Engine_ID", Integer) 48 sampling_interval = fields.TypedField("Sampling_Interval", HexBinary) 49 50 def __init__(self): 51 super(NetflowV5FlowHeader, self).__init__() 52 self.version = "05" 53 54 55class NetflowV5Packet(entities.Entity): 56 _binding = network_flow_binding 57 _binding_class = network_flow_binding.NetflowV5PacketType 58 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 59 60 flow_header = fields.TypedField("Flow_Header", NetflowV5FlowHeader) 61 flow_record = fields.TypedField("Flow_Record", NetflowV5FlowRecord, multiple=True) 62 63 64class NetflowV9PacketHeader(entities.Entity): 65 _binding = network_flow_binding 66 _binding_class = network_flow_binding.NetflowV9PacketHeaderType 67 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 68 69 version = fields.TypedField("Version", HexBinary) 70 record_count = fields.TypedField("Record_Count", Integer) 71 sys_up_time = fields.TypedField("Sys_Up_Time", Integer) 72 unix_secs = fields.TypedField("Unix_Secs", Integer) 73 sequence_number = fields.TypedField("Sequence_Number", Integer) 74 source_id = fields.TypedField("Source_ID", HexBinary) 75 76 def __init__(self, version=None): 77 super(NetflowV9PacketHeader, self).__init__() 78 self.version = version or "09" 79 80 81class NetflowV9ScopeField(BaseProperty): 82 _binding = network_flow_binding 83 _binding_class = network_flow_binding.NetflowV9ScopeFieldType 84 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 85 86 TERM_SYSTEM = "System(1)" 87 TERM_INTERFACE = "Interface(2)" 88 TERM_LINE_CARD = "LineCard(3)" 89 TERM_CACHE = "Cache(4)" 90 TERM_TEMPLATE = "Template(5)" 91 92 93class NetflowV9Field(BaseProperty): 94 _binding = network_flow_binding 95 _binding_class = network_flow_binding.NetflowV9FieldType 96 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 97 98 TERM_IN_BYTES = "IN_BYTES(1)" 99 TERM_IN_PKTS = "IN_PKTS(2)" 100 TERM_FLOWS = "FLOWS(3)" 101 TERM_PROTOCOL = "PROTOCOL(4)" 102 TERM_TOS = "SRC_TOS(5)" 103 TERM_TCP_FLAGS = "TCP_FLAGS(6)" 104 TERM_L4_SRC_PORT = "L4_SRC_PORT(7)" 105 TERM_IPV4_SRC_ADDR = "IPV4_SRC_ADDR(8)" 106 TERM_SRC_MASK = "SRC_MASK(9)" 107 TERM_INPUT_SNMP = "INPUT_SNMP(10)" 108 TERM_L4_DST_PORT= "L4_DST_PORT(11)" 109 TERM_IPV4_DST_ADDR = "IPV4_DST_ADDR(12)" 110 TERM_DST_MASK= "DST_MASK(13)" 111 TERM_OUTPUT_SNMP = "OUTPUT_SNMP(14)" 112 TERM_IPV4_NEXT_HOP = "IPV4_NEXT_HOP(15)" 113 TERM_SRC_AS = "SRC_AS(16)" 114 TERM_DST_AS = "DST_AS(17)" 115 TERM_BGP_IPV4_NEXT_HOP = "BGP_IPV4_NEXT_HOP(18)" 116 TERM_MUL_DST_PKTS = "MUL_DST_PKTS(19)" 117 TERM_MUL_DST_BYTES = "MUL_DST_BYTES(20)" 118 119 120class NetflowV9TemplateRecord(entities.Entity): 121 _binding = network_flow_binding 122 _binding_class = network_flow_binding.NetflowV9TemplateRecordType 123 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 124 125 template_id = fields.TypedField("Template_ID", Integer) 126 field_count = fields.TypedField("Field_Count", Integer) 127 field_type = fields.TypedField("Field_Type", NetflowV9Field) 128 field_length = fields.TypedField("Field_Length", HexBinary) 129 130 131class NetflowV9TemplateFlowSet(entities.Entity): 132 _binding = network_flow_binding 133 _binding_class = network_flow_binding.NetflowV9TemplateFlowSetType 134 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 135 136 flow_set_id = fields.TypedField("Flow_Set_ID", HexBinary) 137 length = fields.TypedField("Length", Integer) 138 template_record = fields.TypedField("Template_Record", NetflowV9TemplateRecord, multiple=True) 139 140 def __init__(self): 141 super(NetflowV9TemplateFlowSet, self).__init__() 142 self.flow_set_id = "00" 143 144 145class NetflowV9OptionsTemplateRecord(entities.Entity): 146 _binding = network_flow_binding 147 _binding_class = network_flow_binding.NetflowV9OptionsTemplateRecordType 148 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 149 150 template_id = fields.TypedField("Template_ID", Integer) 151 option_scope_length = fields.TypedField("Option_Scope_Length", HexBinary) 152 option_length = fields.TypedField("Option_Length", HexBinary) 153 scope_field_type = fields.TypedField("Scope_Field_Type", NetflowV9ScopeField) 154 scope_field_length = fields.TypedField("Scope_Field_Length", HexBinary) 155 option_field_type = fields.TypedField("Option_Field_Type", NetflowV9Field) 156 option_field_length = fields.TypedField("Option_Field_Length", HexBinary) 157 158 159class NetflowV9OptionsTemplateFlowSet(entities.Entity): 160 _binding = network_flow_binding 161 _binding_class = network_flow_binding.NetflowV9OptionsTemplateFlowSetType 162 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 163 164 flow_set_id = fields.TypedField("Flow_Set_ID", HexBinary) 165 length = fields.TypedField("Length", Integer) 166 options_template_record = fields.TypedField("Options_Template_Record", NetflowV9OptionsTemplateRecord, multiple=True) 167 padding = fields.TypedField("Padding", HexBinary) 168 169 def __init__(self): 170 super(NetflowV9OptionsTemplateFlowSet, self).__init__() 171 self.flow_set_id = "01" 172 173 174class FlowCollectionElement(entities.Entity): 175 _binding = network_flow_binding 176 _binding_class = network_flow_binding.FlowCollectionElementType 177 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 178 179 flow_record_field_value = fields.TypedField("Flow_Record_Field_Value", String, multiple=True) 180 181 182class FlowDataRecord(entities.Entity): 183 _binding = network_flow_binding 184 _binding_class = network_flow_binding.FlowDataRecordType 185 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 186 187 flow_record_collection_element = fields.TypedField("Flow_Record_Collection_Element", FlowCollectionElement, multiple=True) 188 189 190class OptionCollectionElement(entities.Entity): 191 _binding = network_flow_binding 192 _binding_class = network_flow_binding.OptionCollectionElementType 193 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 194 195 option_record_field_value = fields.TypedField("Option_Record_Field_Value", String, multiple=True) 196 197 198class OptionsDataRecord(entities.Entity): 199 _binding = network_flow_binding 200 _binding_class = network_flow_binding.OptionsDataRecordType 201 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 202 203 scope_field_value = fields.TypedField("Scope_Field_Value", String) 204 option_record_collection_element = fields.TypedField("Option_Record_Collection_Element", OptionCollectionElement, multiple=True) 205 206 207class NetflowV9DataRecord(entities.Entity): 208 _binding = network_flow_binding 209 _binding_class = network_flow_binding.NetflowV9DataRecordType 210 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 211 212 flow_data_record = fields.TypedField("Flow_Data_Record", FlowDataRecord, multiple=True) 213 options_data_record = fields.TypedField("Options_Data_Record", OptionsDataRecord, multiple=True) 214 215 216class NetflowV9DataFlowSet(entities.Entity): 217 _binding = network_flow_binding 218 _binding_class = network_flow_binding.NetflowV9DataFlowSetType 219 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 220 221 flow_set_id_template_id = fields.TypedField("Flow_Set_ID_Template_ID", Integer) 222 length = fields.TypedField("Length", Integer) 223 data_record = fields.TypedField("Data_Record", NetflowV9DataRecord, multiple=True) 224 padding = fields.TypedField("Padding", HexBinary) 225 226 227class NetflowV9FlowSet(entities.Entity): 228 _binding = network_flow_binding 229 _binding_class = network_flow_binding.NetflowV9FlowSetType 230 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 231 232 template_flow_set = fields.TypedField("Template_Flow_Set", NetflowV9TemplateFlowSet) 233 options_template_flow_set = fields.TypedField("Options_Template_Flow_Set", NetflowV9OptionsTemplateFlowSet) 234 data_flow_set = fields.TypedField("Data_Flow_Set", NetflowV9DataFlowSet) 235 236 237class NetflowV9ExportPacket(entities.Entity): 238 _binding = network_flow_binding 239 _binding_class = network_flow_binding.NetflowV9ExportPacketType 240 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 241 242 flow_header = fields.TypedField("Packet_Header", NetflowV9PacketHeader) 243 flow_set = fields.TypedField("Flow_Set", NetflowV9FlowSet, multiple=True) 244 245 246class SiLKSensorDirection(BaseProperty): 247 _binding = network_flow_binding 248 _binding_class = network_flow_binding.SiLKDirectionType 249 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 250 251 TERM_IN = "in" 252 TERM_IN_WEB = "inweb" 253 TERM_IN_NULL = "innull" 254 TERM_OUT = "out" 255 TERM_OUT_WEB = "outweb" 256 TERM_OUT_NULL = "outnull" 257 258 259class SiLKSensorClass(BaseProperty): 260 _binding = network_flow_binding 261 _binding_class = network_flow_binding.SiLKSensorClassType 262 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 263 264 TERM_ALL = "all" 265 266 267class SiLKCountryCode(BaseProperty): 268 _binding = network_flow_binding 269 _binding_class = network_flow_binding.SiLKCountryCodeType 270 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 271 272 273class SiLKAddress(BaseProperty): 274 _binding = network_flow_binding 275 _binding_class = network_flow_binding.SiLKAddressType 276 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 277 278 TERM_NON_ROUTABLE = "non-routable (0)" 279 TERM_INTERNAL = "internal(1)" 280 TERM_EXTERNAL = "routable_external(2)" 281 282 283class SiLKFlowAttributes(BaseProperty): 284 _binding = network_flow_binding 285 _binding_class = network_flow_binding.SiLKAddressType 286 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 287 288 TERM_F = "F (FIN flag)" 289 TERM_T = "T (Timeout)" 290 TERM_C = "C (Continuation)" 291 292 293class SiLKSensorInfo(entities.Entity): 294 _binding = network_flow_binding 295 _binding_class = network_flow_binding.SiLKSensorInfoType 296 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 297 298 sensor_id = fields.TypedField("Sensor_ID", String) 299 class_ = fields.TypedField("Class", SiLKSensorClass) 300 type_ = fields.TypedField("Type", SiLKSensorDirection) 301 302 303class SiLKRecord(entities.Entity): 304 _binding = network_flow_binding 305 _binding_class = network_flow_binding.SiLKRecordType 306 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 307 308 packet_count = fields.TypedField("Packet_Count", Integer) 309 byte_count = fields.TypedField("Byte_Count", Integer) 310 tcp_flags = fields.TypedField("TCP_Flags", HexBinary) 311 start_time = fields.TypedField("Start_Time", Integer) 312 duration = fields.TypedField("Duration", Integer) 313 end_time = fields.TypedField("End_Time", Integer) 314 sensor_info = fields.TypedField("Sensor_Info", SiLKSensorInfo) 315 icmp_type = fields.TypedField("ICMP_Type", Integer) 316 icmp_code = fields.TypedField("ICMP_Code", Integer) 317 router_next_hop_ip = fields.TypedField("Router_Next_Hop_IP", Address) 318 initial_tcp_flags = fields.TypedField("Initial_TCP_Flags", TCPFlags) 319 session_tcp_flags = fields.TypedField("Session_TCP_Flags", HexBinary) 320 flow_attributes = fields.TypedField("Flow_Attributes", SiLKFlowAttributes) 321 flow_application = fields.TypedField("Flow_Application", String) 322 src_ip_type = fields.TypedField("Src_IP_Type", SiLKAddress) 323 dest_ip_type = fields.TypedField("Dest_IP_Type", SiLKAddress) 324 src_country_code = fields.TypedField("Src_Country_Code", SiLKCountryCode) 325 dest_country_code = fields.TypedField("Dest_Country_Code", SiLKCountryCode) 326 src_mapname = fields.TypedField("Src_MAPNAME", String) 327 dest_mapname = fields.TypedField("Dest_MAPNAME", String) 328 329 330class IPFIXMessageHeader(entities.Entity): 331 _binding = network_flow_binding 332 _binding_class = network_flow_binding.IPFIXMessageHeaderType 333 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 334 335 version = fields.TypedField("Version", HexBinary) 336 byte_length = fields.TypedField("Byte_Length", HexBinary) 337 export_timestamp = fields.TypedField("Export_Timestamp", Integer) 338 sequence_number = fields.TypedField("Sequence_Number", Integer) 339 observation_domain_id = fields.TypedField("Observation_Domain_ID", Integer) 340 341 def __init__(self): 342 super(IPFIXMessageHeader, self).__init__() 343 self.version = "0a" 344 345 346class IPFIXSetHeader(entities.Entity): 347 _binding = network_flow_binding 348 _binding_class = network_flow_binding.IPFIXSetHeaderType 349 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 350 351 set_id = fields.TypedField("Set_ID", Integer) 352 length = fields.TypedField("Length", Integer) 353 354 355class IPFIXTemplateRecordHeader(entities.Entity): 356 _binding = network_flow_binding 357 _binding_class = network_flow_binding.IPFIXTemplateRecordHeaderType 358 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 359 360 template_id = fields.TypedField("Template_ID", Integer) 361 field_count = fields.TypedField("Field_Count", HexBinary) 362 363 364class IPFIXTemplateRecordFieldSpecifiers(entities.Entity): 365 _binding = network_flow_binding 366 _binding_class = network_flow_binding.IPFIXTemplateRecordFieldSpecifiersType 367 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 368 369 enterprise_bit = fields.TypedField("Enterprise_Bit") 370 information_element_id = fields.TypedField("Information_Element_ID", String) 371 field_length = fields.TypedField("Field_Length", String) 372 enterprise_number = fields.TypedField("Enterprise_Number", String) 373 374 375class IPFIXTemplateRecord(entities.Entity): 376 _binding = network_flow_binding 377 _binding_class = network_flow_binding.IPFIXTemplateRecordType 378 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 379 380 template_record_header = fields.TypedField("Template_Record_Header", IPFIXTemplateRecordHeader) 381 field_specifier = fields.TypedField("Field_Specifier", IPFIXTemplateRecordFieldSpecifiers, multiple=True) 382 383 384class IPFIXTemplateSet(entities.Entity): 385 _binding = network_flow_binding 386 _binding_class = network_flow_binding.IPFIXTemplateSetType 387 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 388 389 set_header = fields.TypedField("Set_Header", IPFIXSetHeader) 390 template_record = fields.TypedField("Template_Record", IPFIXTemplateRecord, multiple=True) 391 padding = fields.TypedField("Padding", HexBinary) 392 393 394class IPFIXOptionsTemplateRecordHeader(entities.Entity): 395 _binding = network_flow_binding 396 _binding_class = network_flow_binding.IPFIXOptionsTemplateRecordHeaderType 397 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 398 399 template_id = fields.TypedField("Template_ID", Integer) 400 field_count = fields.TypedField("Field_Count", HexBinary) 401 scope_field_count = fields.TypedField("Scope_Field_Count", PositiveInteger) 402 403 404class IPFIXOptionsTemplateRecord(entities.Entity): 405 _binding = network_flow_binding 406 _binding_class = network_flow_binding.IPFIXOptionsTemplateRecordType 407 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 408 409 options_template_record_header = fields.TypedField("Options_Template_Record_Header", IPFIXOptionsTemplateRecordHeader) 410 field_specifier = fields.TypedField("Field_Specifier", IPFIXTemplateRecordFieldSpecifiers, multiple=True) 411 412 413class IPFIXOptionsTemplateSet(entities.Entity): 414 _binding = network_flow_binding 415 _binding_class = network_flow_binding.IPFIXOptionsTemplateSetType 416 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 417 418 set_header = fields.TypedField("Set_Header", IPFIXSetHeader) 419 options_template_record = fields.TypedField("Options_Template_Record", IPFIXOptionsTemplateRecord, multiple=True) 420 padding = fields.TypedField("Padding", HexBinary) 421 422 423class IPFIXDataRecord(entities.Entity): 424 _binding = network_flow_binding 425 _binding_class = network_flow_binding.IPFIXDataRecordType 426 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 427 428 field_value = fields.TypedField("Field_Value", String, multiple=True) 429 430 431class IPFIXDataSet(entities.Entity): 432 _binding = network_flow_binding 433 _binding_class = network_flow_binding.IPFIXDataSetType 434 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 435 436 set_header = fields.TypedField("Set_Header", IPFIXSetHeader) 437 data_record = fields.TypedField("Data_Record", IPFIXDataRecord, multiple=True) 438 padding = fields.TypedField("Padding", HexBinary) 439 440 441class IPFIXSet(entities.Entity): 442 _binding = network_flow_binding 443 _binding_class = network_flow_binding.IPFIXSetType 444 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 445 446 template_set = fields.TypedField("Template_Set", IPFIXTemplateSet) 447 options_template_set = fields.TypedField("Options_Template_Set", IPFIXOptionsTemplateSet) 448 data_set = fields.TypedField("Data_Set", IPFIXDataSet) 449 450 451class IPFIXMessage(entities.Entity): 452 _binding = network_flow_binding 453 _binding_class = network_flow_binding.IPFIXMessageType 454 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 455 456 message_header = fields.TypedField("Message_Header", IPFIXMessageHeader) 457 set_ = fields.TypedField("Set", IPFIXSet, multiple=True) 458 459 460class UnidirectionalRecord(entities.Entity): 461 _binding = network_flow_binding 462 _binding_class = network_flow_binding.UnidirectionalRecordType 463 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 464 465 ipfix_message = fields.TypedField("IPFIX_Message", IPFIXMessage) 466 netflowv9_export_packet = fields.TypedField("NetflowV9_Export_Packet", NetflowV9ExportPacket) 467 netflowv5_packet = fields.TypedField("NetflowV5_Packet", NetflowV5Packet) 468 silk_record = fields.TypedField("SiLK_Record", SiLKRecord) 469 470 471class NetworkLayerInfo(entities.Entity): 472 _binding = network_flow_binding 473 _binding_class = network_flow_binding.NetworkLayerInfoType 474 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 475 476 src_socket_address = fields.TypedField("Src_Socket_Address", SocketAddress) 477 dest_socket_address = fields.TypedField("Dest_Socket_Address", SocketAddress) 478 ip_protocol = fields.TypedField("IP_Protocol", String) 479 480 481class NetworkFlowLabel(NetworkLayerInfo): 482 _binding = network_flow_binding 483 _binding_class = network_flow_binding.NetworkFlowLabelType 484 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 485 486 ingress_interface_index = fields.TypedField("Ingress_Interface_Index", Integer) 487 egress_interface_index = fields.TypedField("Egress_Interface_Index", Integer) 488 ip_type_of_service = fields.TypedField("IP_Type_Of_Service", HexBinary) 489 490 491class YAFTCPFlow(entities.Entity): 492 _binding = network_flow_binding 493 _binding_class = network_flow_binding.YAFTCPFlowType 494 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 495 496 tcp_sequence_number = fields.TypedField("TCP_Sequence_Number", Integer) 497 initial_tcp_flags = fields.TypedField("Initial_TCP_Flags", TCPFlags) 498 union_tcp_flags = fields.TypedField("Union_TCP_Flags", HexBinary) 499 500 501class YAFFlow(entities.Entity): 502 _binding = network_flow_binding 503 _binding_class = network_flow_binding.YAFFlowType 504 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 505 506 flow_start_milliseconds = fields.TypedField("Flow_Start_Milliseconds", Integer) 507 flow_end_milliseconds = fields.TypedField("Flow_End_Milliseconds", Integer) 508 octet_total_count = fields.TypedField("Octet_Total_Count", Integer) 509 packet_total_count = fields.TypedField("Packet_Total_Count", Integer) 510 flow_end_reason = fields.TypedField("Flow_End_Reason", HexBinary) 511 silk_app_label = fields.TypedField("SiLK_App_Label", Integer) 512 payload_entropy = fields.TypedField("Payload_Entropy", Integer) 513 ml_app_label = fields.TypedField("ML_App_Label", HexBinary) 514 tcp_flow = fields.TypedField("TCP_Flow", YAFTCPFlow) 515 vlan_id_mac_addr = fields.TypedField("Vlan_ID_MAC_Addr", Address) 516 passive_os_fingerprinting = fields.TypedField("Passive_OS_Fingerprinting", PlatformSpecification) 517 first_packet_banner = fields.TypedField("First_Packet_Banner", HexBinary) 518 second_packet_banner = fields.TypedField("Second_Packet_Banner", HexBinary) 519 n_bytes_payload = fields.TypedField("N_Bytes_Payload", HexBinary) 520 521 522class YAFReverseFlow(entities.Entity): 523 _binding = network_flow_binding 524 _binding_class = network_flow_binding.YAFReverseFlowType 525 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 526 527 reverse_octet_total_count = fields.TypedField("Reverse_Octet_Total_Count", Integer) 528 reverse_packet_total_count = fields.TypedField("Reverse_Packet_Total_Count", Integer) 529 reverse_payload_entropy = fields.TypedField("Reverse_Payload_Entropy", Integer) 530 reverse_flow_delta_milliseconds = fields.TypedField("Reverse_Flow_Delta_Milliseconds", Integer) 531 tcp_reverse_flow = fields.TypedField("TCP_Reverse_Flow", YAFTCPFlow) 532 reverse_vlan_id_mac_addr = fields.TypedField("Reverse_Vlan_ID_MAC_Addr", Address) 533 reverse_passive_os_fingerprinting = fields.TypedField("Reverse_Passive_OS_Fingerprinting", PlatformSpecification) 534 reverse_first_packet = fields.TypedField("Reverse_First_Packet", HexBinary) 535 reverse_n_bytes_payload = fields.TypedField("Reverse_N_Bytes_Payload", HexBinary) 536 537 538class YAFRecord(entities.Entity): 539 _binding = network_flow_binding 540 _binding_class = network_flow_binding.YAFRecordType 541 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 542 543 flow = fields.TypedField("Flow", YAFFlow) 544 reverse_flow = fields.TypedField("Reverse_Flow", YAFReverseFlow) 545 546 547class BidirectionalRecord(entities.Entity): 548 _binding = network_flow_binding 549 _binding_class = network_flow_binding.BidirectionalRecordType 550 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 551 552 yaf_record = fields.TypedField("YAF_Record", YAFRecord) 553 554 555class NetworkFlow(ObjectProperties): 556 _binding = network_flow_binding 557 _binding_class = network_flow_binding.NetworkFlowObjectType 558 _namespace = "http://cybox.mitre.org/objects#NetworkFlowObject-2" 559 _XSI_NS = "NetFlowObj" 560 _XSI_TYPE = "NetworkFlowObjectType" 561 562 network_flow_label = fields.TypedField("Network_Flow_Label", NetworkFlowLabel) 563 unidirectional_flow_record = fields.TypedField("Unidirectional_Flow_Record", UnidirectionalRecord) 564 bidirectional_flow_record = fields.TypedField("Bidirectional_Flow_Record", BidirectionalRecord) 565