[52da40]: / HOW-TO-USE.txt  Maximize  Restore  History

Download this file

61 lines (48 with data), 2.4 kB

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
This is the documentation for example scripts used to submit data to the APWG repositories. Although marked as 'examples' the scripts should perform flawlessly if used to submit data.
I. Overview
Some of the repositories receive IODEF-formatted XML via an HTTP/SSL interface.
Data is encoded in 'wrappers', like:
IODEF-Document
Incident-#1
Time, Criticality, other data and an ...
EventData for #1, which includes:
One of:
PhraudReport (for reporting phishing lures)
BotDetails (for reporting infected systems)
Time, Date, and other Information
To submit data to these places requires a three-step operation:
1. Encode your data into an appropriate PhraudReport (RFC5190) or BotDetails or other EventData Element.
2. Encode your data into an IETF IODEF (RFC5070) IODEF-Document.
3. Submit to the APWG.
The contents of this directory:
phish - Code to build and deliver a PhraudReport Document.
askquestions_phish.py - Not used for phish reports
build_phish.py - Assemble the EventData Element.
iodef_phish_config.ini - Static variables used in the scripts.
phish_fromStruct.py - Code to take phishStruct and generate an IODEF Document.
phish_fromMessage.py - Sample code to take a mail message and create
an IODEF Document.
phishStruct.py - Data to be encoded into the IODEF Document
phishStruct_test.py - Test data to be encoded into the IODEF Document.
bot - Code to build and deliver a BotDetails Document.
askQuestions.py - Get bot data via asking questions.
bot_fromStruct.py - Code to take botStruct and generate an IODEF
Document.
botStruct.pc - Data to be encoded into the IODEF Document.
botStruct_test.py - Test data to be encoded into the IODEF
Document.
iodef_bot_config.ini - Static variables used in the script.
common - Common code.
buildIODEF.py - Assemble EventData into an IODEF-Document.
send_to_apwg.py - code to send the completed IODEF to the
APWG.
iodef - The IODEF library implemented in python.
II. Data submission using a template:
1. Verify iodef_*_config.ini is correct.
2. Craft a routine to take *your* data and put it into a *Struct.
3. Run python *_fromStruct.py
- Your input data will be XML-encoded into an IODEF-Document.
- The Document will be sent to the repository.
III. Data submission using a function
You could also create your own encoding and submission functions using
the phish_fromStruct or bot_fromStruct as a guide.