def add_related_report(self, related_report):
"""Adds an :class:`.RelatedReport` object to the
:attr:`related_reports` collection.
"""
if self.related_reports is None:
self.related_reports = RelatedReports()
self.related_reports.append(related_report)
def from_obj(cls, obj, return_obj=None):
if not return_obj:
return_obj = cls()
# ReportBaseType fields
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
# ReportType fields
if isinstance(obj, cls._binding_class):
return_obj.header = Header.from_obj(obj.Header)
return_obj.campaigns = Campaigns.from_obj(obj.Campaigns)
return_obj.courses_of_action = CoursesOfAction.from_obj(obj.Courses_Of_Action)
return_obj.exploit_targets = ExploitTargets.from_obj(obj.Exploit_Targets)
return_obj.indicators = Indicators.from_obj(obj.Indicators)
return_obj.observables = Observables.from_obj(obj.Observables)
return_obj.incidents = Incidents.from_obj(obj.Incidents)
return_obj.threat_actors = ThreatActors.from_obj(obj.Threat_Actors)
return_obj.ttps = TTPs.from_obj(obj.TTPs)
return_obj.related_reports = RelatedReports.from_obj(obj.Related_Reports)
# Don't overwrite unless a version is passed in
if obj.version:
return_obj.version = obj.version
return return_obj
def from_obj(cls, obj, return_obj=None):
if not return_obj:
return_obj = cls()
# ReportBaseType fields
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
# ReportType fields
if isinstance(obj, cls._binding_class):
return_obj.header = Header.from_obj(obj.Header)
return_obj.campaigns = Campaigns.from_obj(obj.Campaigns)
return_obj.courses_of_action = CoursesOfAction.from_obj(obj.Courses_Of_Action)
return_obj.exploit_targets = ExploitTargets.from_obj(obj.Exploit_Targets)
return_obj.indicators = Indicators.from_obj(obj.Indicators)
return_obj.observables = Observables.from_obj(obj.Observables)
return_obj.incidents = Incidents.from_obj(obj.Incidents)
return_obj.threat_actors = ThreatActors.from_obj(obj.Threat_Actors)
return_obj.ttps = TTPs.from_obj(obj.TTPs)
return_obj.related_reports = RelatedReports.from_obj(obj.Related_Reports)
# Don't overwrite unless a version is passed in
if obj.version:
return_obj.version = obj.version
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not return_obj:
return_obj = cls()
get = dict_repr.get
return_obj.id_ = get('id')
return_obj.idref = get('idref')
return_obj.timestamp = get('timestamp')
return_obj.version = get('version', cls._version)
return_obj.header = Header.from_dict(get('header'))
return_obj.campaigns = Campaigns.from_dict(get('campaigns'))
return_obj.courses_of_action = CoursesOfAction.from_dict(get('courses_of_action'))
return_obj.exploit_targets = ExploitTargets.from_dict(get('exploit_targets'))
return_obj.indicators = Indicators.from_dict(get('indicators'))
return_obj.observables = Observables.from_dict(get('observables'))
return_obj.incidents = Incidents.from_dict(get('incidents'))
return_obj.threat_actors = ThreatActors.from_dict(get('threat_actors'))
return_obj.ttps = TTPs.from_dict(get('ttps'))
return_obj.related_reports = RelatedReports.from_dict(get('related_reports'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not return_obj:
return_obj = cls()
get = dict_repr.get
return_obj.id_ = get('id')
return_obj.idref = get('idref')
return_obj.timestamp = get('timestamp')
return_obj.version = get('version', cls._version)
return_obj.header = Header.from_dict(get('header'))
return_obj.campaigns = Campaigns.from_dict(get('campaigns'))
return_obj.courses_of_action = CoursesOfAction.from_dict(get('courses_of_action'))
return_obj.exploit_targets = ExploitTargets.from_dict(get('exploit_targets'))
return_obj.indicators = Indicators.from_dict(get('indicators'))
return_obj.observables = Observables.from_dict(get('observables'))
return_obj.incidents = Incidents.from_dict(get('incidents'))
return_obj.threat_actors = ThreatActors.from_dict(get('threat_actors'))
return_obj.ttps = TTPs.from_dict(get('ttps'))
return_obj.related_reports = RelatedReports.from_dict(get('related_reports'))
return return_obj
class Report(stix.Entity):
"""A STIX Report Object.
Args:
id_ (optional): An identifier. If ``None``, a value will be generated
via ``mixbox.idgen.create_id()``. If set, this will unset the
``idref`` property.
idref (optional): An identifier reference. If set this will unset the
``id_`` property.
timestamp (optional): A timestamp value. Can be an instance of
``datetime.datetime`` or ``str``.
header: A Report :class:`.Header` object.
campaigns: A collection of :class:`.Campaign` objects.
course_of_action: A collection of :class:`.CourseOfAction` objects.
exploit_targets: A collection of :class:`.ExploitTarget` objects.
incidents: A collection of :class:`.Incident` objects.
indicators: A collection of :class:`.Indicator` objects.
threat_actors: A collection of :class:`.ThreatActor` objects.
ttps: A collection of :class:`.TTP` objects.
related_reports: A collection of :class:`.RelatedReport` objects.
"""
_binding = report_binding
_binding_class = _binding.ReportType
_namespace = 'http://stix.mitre.org/Report-1'
_version = "1.0"
id_ = fields.IdField("id")
idref = fields.IdrefField("idref")
timestamp = fields.TypedField("timestamp")
version = fields.TypedField("version")
header = fields.TypedField("Header", Header)
campaigns = fields.TypedField("Campaigns", type_="stix.report.Campaigns")
courses_of_action = fields.TypedField("Courses_Of_Action",
type_="stix.report.CoursesOfAction")
exploit_targets = fields.TypedField("Exploit_Targets",
type_="stix.report.ExploitTargets")
observables = fields.TypedField("Observables", Observables)
indicators = fields.TypedField("Indicators",
type_="stix.report.Indicators")
incidents = fields.TypedField("Incidents", type_="stix.report.Incidents")
threat_actors = fields.TypedField("Threat_Actors",
type_="stix.report.ThreatActors")
ttps = fields.TypedField("TTPs", type_="stix.core.ttps.TTPs")
related_reports = fields.TypedField("Related_Reports",
type_="stix.report.RelatedReports")
def __init__(self,
id_=None,
idref=None,
timestamp=None,
header=None,
courses_of_action=None,
exploit_targets=None,
indicators=None,
observables=None,
incidents=None,
threat_actors=None,
ttps=None,
campaigns=None,
related_reports=None):
super(Report, self).__init__()
self.id_ = id_ or idgen.create_id("Report")
self.idref = idref
self.version = self._version
self.header = header
self.campaigns = campaigns
self.courses_of_action = courses_of_action
self.exploit_targets = exploit_targets
self.observables = observables
self.indicators = indicators
self.incidents = incidents
self.threat_actors = threat_actors
self.ttps = ttps
self.related_reports = related_reports
if timestamp:
self.timestamp = timestamp
else:
self.timestamp = utils.dates.now() if not idref else None
def add_indicator(self, indicator):
"""Adds an :class:`.Indicator` object to the :attr:`indicators`
collection.
"""
if self.indicators is None:
self.indicators = Indicators()
self.indicators.append(indicator)
def add_campaign(self, campaign):
"""Adds a :class:`Campaign` object to the :attr:`campaigns` collection.
"""
if self.campaigns is None:
self.campaigns = Campaigns()
self.campaigns.append(campaign)
def add_observable(self, observable):
"""Adds an ``Observable`` object to the :attr:`observables` collection.
If `observable` is not an ``Observable`` instance, an effort will be
made to convert it to one.
"""
if not self.observables:
self.observables = Observables(observables=observable)
else:
self.observables.add(observable)
def add_incident(self, incident):
"""Adds an :class:`.Incident` object to the :attr:`incidents`
collection.
"""
if self.incidents is None:
self.incidents = Incidents()
self.incidents.append(incident)
def add_threat_actor(self, threat_actor):
"""Adds an :class:`.ThreatActor` object to the :attr:`threat_actors`
collection.
"""
if self.threat_actors is None:
self.threat_actors = ThreatActors()
self.threat_actors.append(threat_actor)
def add_course_of_action(self, course_of_action):
"""Adds an :class:`.CourseOfAction` object to the
:attr:`courses_of_action` collection.
"""
if self.courses_of_action is None:
self.courses_of_action = CoursesOfAction()
self.courses_of_action.append(course_of_action)
def add_exploit_target(self, exploit_target):
"""Adds an :class:`.ExploitTarget` object to the
:attr:`exploit_targets` collection.
"""
if self.exploit_targets is None:
self.exploit_targets = ExploitTargets()
self.exploit_targets.append(exploit_target)
def add_ttp(self, ttp):
"""Adds an :class:`.TTP` object to the :attr:`ttps` collection.
"""
if self.ttps is None:
self.ttps = TTPs()
self.ttps.append(ttp)
def add_related_report(self, related_report):
"""Adds an :class:`.RelatedReport` object to the
:attr:`related_reports` collection.
"""
if self.related_reports is None:
self.related_reports = RelatedReports()
self.related_reports.append(related_report)
def add(self, entity):
"""Adds `entity` to a top-level collection. For example, if `entity` is
an Indicator object, the `entity` will be added to the ``indicators``
top-level collection.
"""
if utils.is_cybox(entity):
self.add_observable(entity)
return
tlo_adds = {
Campaign: self.add_campaign,
CourseOfAction: self.add_course_of_action,
ExploitTarget: self.add_exploit_target,
Incident: self.add_incident,
Indicator: self.add_indicator,
ThreatActor: self.add_threat_actor,
TTP: self.add_ttp,
Observable: self.add_observable,
}
try:
add = tlo_adds[entity.__class__]
add(entity)
except KeyError:
error = "Cannot add type '{0}' to a top-level collection"
error = error.format(type(entity))
raise TypeError(error)
def related_reports(self, value):
if isinstance(value, RelatedReports):
self._related_reports = value
else:
self._related_reports = RelatedReports(value)
