Thatguy031415 Thatguy031415 - 1 month ago 15
Python Question

How to convert IOC files to database entries using Python?

I'm an old assembly coder trying to join the 21st century. I'm not really trying to get you to write my program for me, just wondering if any of you can point out the best references to use, as there seem to be more Python books and courses on the market than there are people on Earth.

Essentially, what I need to do is take IOC files (Mandiant's OpenIOC format) as input, and output the information to a database. Since I'll be building a fresh machine to handle this, I'm open to suggestions on the best database software to use, but at this point, I'm planning for SQLite.

Can anyone give me a push in the right direction in regards to a good desk reference or 'down and dirty' course? I plan to learn the language more comprehensively, but I need to be able to push this program out pretty quickly in the meantime.

Answer

I would recommend having a look at a package that provides you with an Object-relational mapping, examples here:

What are some good Python ORM solutions?

Doing so, your code is independent from what database you use. Django for instance supports mysql, postgres and sqlite.

In Django speak, you would want to create a model class that represents one database record. So all fields you want to parse from your IOC files are a field of your model.

If I understand correctly your input is based on XML, so you may want to use the xml.etree.ElementTree class to parse one file at a time, loop over the nodes and create model instances.

Voila, they are in the database of your choice.

Comments