def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("coa") self.idref = idref self.version = self._version self.title = title self.stage = None self.type_ = None self.description = description self.short_description = short_description self.objective = None self.parameter_observables = None # self.structured_coa = None self.impact = None self.cost = None self.efficacy = None self.information_source = None self.handling = None self.related_coas = RelatedCOAs() self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def test_add_stix_package(self): from stix.core import STIXPackage l = RelatedPackageRefs() l.append(STIXPackage()) self.assertEqual(1, len(l))
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Indicator, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.producer = None self.observables = None self.indicator_types = IndicatorTypes() self.confidence = None self.indicated_ttps = _IndicatedTTPs() self.test_mechanisms = TestMechanisms() self.alternative_id = None self.suggested_coas = SuggestedCOAs() self.sightings = Sightings() self.composite_indicator_expression = None self.handling = None self.kill_chain_phases = KillChainPhasesReference() self.valid_time_positions = _ValidTimePositions() self.related_indicators = None self.related_campaigns = RelatedCampaignRefs() self.observable_composition_operator = "OR" self.likely_impact = None self.negate = None self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("Campaign") self.idref = idref self.version = self._version self.title = title self.description = description self.short_description = short_description self.names = None self.intended_effects = None self.status = None self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.attribution = Attribution() self.associated_campaigns = AssociatedCampaigns() self.confidence = None self.activity = [] self.information_source = None self.handling = None self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("threatactor") self.idref = idref self.version = None self.title = title self.description = description self.short_description = short_description self.identity = None self.types = None self.motivations = None self.sophistications = None self.intended_effects = None self.planning_and_operational_supports = None self.handling = None self.confidence = None self.information_source = None self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Indicator, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.observable = None self.indicator_types = IndicatorTypes() self.test_mechanisms = TestMechanisms() self.alternative_id = None self.suggested_coas = SuggestedCOAs() self.sightings = Sightings() self.composite_indicator_expression = None self.kill_chain_phases = KillChainPhasesReference() self.related_indicators = RelatedIndicators() self.related_campaigns = RelatedCampaignRefs() self.observable_composition_operator = "OR" self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("et") self.idref = idref self.version = self._version self.title = title self.description = description self.short_description = short_description self.information_source = None self.handling = None self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weaknesses = None self.configuration = None self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ThreatActor, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.identity = None self.types = None self.motivations = None self.sophistications = None self.intended_effects = None self.planning_and_operational_supports = None self.confidence = None self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Campaign, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.names = None self.intended_effects = _IntendedEffects() self.status = None self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.attribution = _AttributionList() self.associated_campaigns = AssociatedCampaigns() self.confidence = None self.activity = _Activities() self.related_packages = RelatedPackageRefs()
def test_add_bad_type(self): from stix.indicator import Indicator l = RelatedPackageRefs() self.assertRaises( TypeError, l.append, Indicator() )
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(CourseOfAction, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_coas = RelatedCOAs() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ExploitTarget, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ThreatActor, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Campaign, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Incident, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_indicators = RelatedIndicators() self.related_observables = RelatedObservables() self.related_incidents = RelatedIncidents() self.related_packages = RelatedPackageRefs() self.categories = IncidentCategories() self.affected_assets = AffectedAssets() self.leveraged_ttps = LeveragedTTPs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(TTP, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.related_packages = RelatedPackageRefs() self.exploit_targets = ExploitTargets() self.related_ttps = RelatedTTPs() self.kill_chain_phases = KillChainPhasesReference()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Incident, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.status = None self.time = None self.victims = None self.attributed_threat_actors = AttributedThreatActors() self.related_indicators = RelatedIndicators() self.related_observables = RelatedObservables() self.related_incidents = RelatedIncidents() self.related_packages = RelatedPackageRefs() self.affected_assets = None self.categories = None self.intended_effects = None self.leveraged_ttps = LeveragedTTPs() self.discovery_methods = None self.reporter = None self.responders = None self.coordinators = None self.external_ids = None self.impact_assessment = None self.security_compromise = None self.confidence = None self.coa_taken = None self.coa_requested = None self.history = History() self._contacts = None self._url = None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ExploitTarget, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.handling = None self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weaknesses = None self.configuration = None self.related_packages = RelatedPackageRefs()
def related_packages(self, value): self._related_packages = RelatedPackageRefs(value)
def test_deprecated_warning(self): from stix.core import STIXPackage l = RelatedPackageRefs() l.append(STIXPackage())