Hi I am having confusion on how to get started with Cybox. I have installed python library and run one sample code:
Consider,
from cybox.core import Observables
from cybox.objects.file_object import File
from cybox.objects.domain_name_object import DomainName
from cybox.utils import IDGenerator, set_id_method
set_id_method(IDGenerator.METHOD_INT)
f = File()
d = DomainName()
d.value = "1.2.3.4"
f.file_name = "malware.exe"
f.file_path = "C:\Windows\Temp\malware.exe"
print Observables(f).to_xml(include_namespaces=True)
print Observables(d).to_xml(include_namespaces=True)
If the file malware.exe is a malware or domain 1.2.3.4 is a malicious domain, how does this generated XML helps me to identify that these are malware or not? I am required create a program preferably in Python that will get those XML. By getting those Cybox XML document, how can I know if the information given on XML is suspicious or not. Please clarify if I'm wrong.
Thank you.
--
Sarvagya Pant
Kathmandu, Nepal
+9779803468257