def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("coa")
self.idref = idref
self.version = self._version
self.title = title
self.stage = None
self.type_ = None
self.description = description
self.short_description = short_description
self.objective = None
self.parameter_observables = None
# self.structured_coa = None
self.impact = None
self.cost = None
self.efficacy = None
self.information_source = None
self.handling = None
self.related_coas = RelatedCOAs()
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def test_add_stix_package(self):
from stix.core import STIXPackage
l = RelatedPackageRefs()
l.append(STIXPackage())
self.assertEqual(1, len(l))
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Indicator, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.producer = None
self.observables = None
self.indicator_types = IndicatorTypes()
self.confidence = None
self.indicated_ttps = _IndicatedTTPs()
self.test_mechanisms = TestMechanisms()
self.alternative_id = None
self.suggested_coas = SuggestedCOAs()
self.sightings = Sightings()
self.composite_indicator_expression = None
self.handling = None
self.kill_chain_phases = KillChainPhasesReference()
self.valid_time_positions = _ValidTimePositions()
self.related_indicators = None
self.related_campaigns = RelatedCampaignRefs()
self.observable_composition_operator = "OR"
self.likely_impact = None
self.negate = None
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("Campaign")
self.idref = idref
self.version = self._version
self.title = title
self.description = description
self.short_description = short_description
self.names = None
self.intended_effects = None
self.status = None
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.attribution = Attribution()
self.associated_campaigns = AssociatedCampaigns()
self.confidence = None
self.activity = []
self.information_source = None
self.handling = None
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("threatactor")
self.idref = idref
self.version = None
self.title = title
self.description = description
self.short_description = short_description
self.identity = None
self.types = None
self.motivations = None
self.sophistications = None
self.intended_effects = None
self.planning_and_operational_supports = None
self.handling = None
self.confidence = None
self.information_source = None
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Indicator, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.observable = None
self.indicator_types = IndicatorTypes()
self.test_mechanisms = TestMechanisms()
self.alternative_id = None
self.suggested_coas = SuggestedCOAs()
self.sightings = Sightings()
self.composite_indicator_expression = None
self.kill_chain_phases = KillChainPhasesReference()
self.related_indicators = RelatedIndicators()
self.related_campaigns = RelatedCampaignRefs()
self.observable_composition_operator = "OR"
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
self.id_ = id_ or stix.utils.create_id("et")
self.idref = idref
self.version = self._version
self.title = title
self.description = description
self.short_description = short_description
self.information_source = None
self.handling = None
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weaknesses = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(ThreatActor, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.identity = None
self.types = None
self.motivations = None
self.sophistications = None
self.intended_effects = None
self.planning_and_operational_supports = None
self.confidence = None
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Campaign, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.names = None
self.intended_effects = _IntendedEffects()
self.status = None
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.attribution = _AttributionList()
self.associated_campaigns = AssociatedCampaigns()
self.confidence = None
self.activity = _Activities()
self.related_packages = RelatedPackageRefs()
def test_add_bad_type(self):
from stix.indicator import Indicator
l = RelatedPackageRefs()
self.assertRaises(
TypeError,
l.append,
Indicator()
)
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(CourseOfAction, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_coas = RelatedCOAs()
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(ExploitTarget, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(ThreatActor, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.observed_ttps = ObservedTTPs()
self.associated_campaigns = AssociatedCampaigns()
self.associated_actors = AssociatedActors()
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None,
description=None, short_description=None):
super(Campaign, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_ttps = RelatedTTPs()
self.related_incidents = RelatedIncidents()
self.related_indicators = RelatedIndicators()
self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
super(Incident, self).__init__(
id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description
)
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.categories = IncidentCategories()
self.affected_assets = AffectedAssets()
self.leveraged_ttps = LeveragedTTPs()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(TTP, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.related_packages = RelatedPackageRefs()
self.exploit_targets = ExploitTargets()
self.related_ttps = RelatedTTPs()
self.kill_chain_phases = KillChainPhasesReference()
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(Incident, self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.status = None
self.time = None
self.victims = None
self.attributed_threat_actors = AttributedThreatActors()
self.related_indicators = RelatedIndicators()
self.related_observables = RelatedObservables()
self.related_incidents = RelatedIncidents()
self.related_packages = RelatedPackageRefs()
self.affected_assets = None
self.categories = None
self.intended_effects = None
self.leveraged_ttps = LeveragedTTPs()
self.discovery_methods = None
self.reporter = None
self.responders = None
self.coordinators = None
self.external_ids = None
self.impact_assessment = None
self.security_compromise = None
self.confidence = None
self.coa_taken = None
self.coa_requested = None
self.history = History()
self._contacts = None
self._url = None
def __init__(self,
id_=None,
idref=None,
timestamp=None,
title=None,
description=None,
short_description=None):
super(ExploitTarget,
self).__init__(id_=id_,
idref=idref,
timestamp=timestamp,
title=title,
description=description,
short_description=short_description)
self.handling = None
self.potential_coas = PotentialCOAs()
self.related_exploit_targets = RelatedExploitTargets()
self.vulnerabilities = None
self.weaknesses = None
self.configuration = None
self.related_packages = RelatedPackageRefs()
def related_packages(self, value):
self._related_packages = RelatedPackageRefs(value)
def test_deprecated_warning(self):
from stix.core import STIXPackage
l = RelatedPackageRefs()
l.append(STIXPackage())
