Skip to content

Commit 0d0281b

Browse files
committed
Updated to account for parse_xml_instance updates
1 parent 24d39b5 commit 0d0281b

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

scripts/run_comparator.py

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,13 @@
11
# run_comparator script
2-
# v0.1
2+
# v0.11
33
# Runs the MAEC Comparator against a list or folder of MAEC files
44
import pprint
55
import sys
66
import os
77
import maec
88
from maec.bundle.bundle import Bundle
9-
from maec.package.package import Package
109
USAGE_TEXT = """
11-
MAEC Run Comparator Script v0.1 BETA
10+
MAEC Run Comparator Script v0.11 BETA
1211
*Performs Object->Object comparison of 2 or more input MAEC documents
1312
*Prints common/unique Objects between MAEC Bundles
1413
@@ -17,15 +16,15 @@
1716

1817
# Process a set of MAEC binding objects and extract the Bundles as appropriate
1918
def process_maec_file(filename, bundle_list):
20-
binding_objects = maec.parse_xml_instance(filename)
21-
if binding_objects and binding_objects[0]:
22-
package_obj = Package.from_obj(binding_objects[0])
19+
parsed_objects = maec.parse_xml_instance(filename)
20+
if parsed_objects and parsed_objects[0]:
21+
package_obj = parsed_objects[0][1]
2322
if package_obj.malware_subjects:
2423
for malware_subject in package_obj.malware_subjects:
2524
for bundle in malware_subject.get_all_bundles():
2625
bundle_list.append(bundle)
27-
elif binding_objects and binding_objects[1]:
28-
bundle_list.append(Bundle.from_obj(binding_objects[1]))
26+
elif parsed_objects and parsed_objects[1]:
27+
bundle_list.append(parsed_objects[1][1])
2928

3029
def main():
3130
infilenames = []
@@ -61,8 +60,9 @@ def main():
6160

6261
# Matching properties dictionary
6362
match_on_dictionary = {'FileObjectType': ['file_path'],
64-
'WindowsRegistryKeyObjectType': ['hive', 'values.name/data'],
65-
'WindowsMutexObjectType': ['name']}
63+
'WindowsRegistryKeyObjectType': ['hive', 'key'],
64+
'WindowsMutexObjectType': ['name'],
65+
'WindowsProcessObjectType': ['name']}
6666
# Perform the comparison and get the results
6767
comparison_results = Bundle.compare(bundle_list, match_on = match_on_dictionary, case_sensitive = False)
6868
# Pretty print the common and unique Objects

0 commit comments

Comments
 (0)