def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Indicator, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.producer = None self.observables = None self.indicator_types = IndicatorTypes() self.confidence = None self.indicated_ttps = _IndicatedTTPs() self.test_mechanisms = TestMechanisms() self.alternative_id = None self.suggested_coas = SuggestedCOAs() self.sightings = Sightings() self.composite_indicator_expression = None self.handling = None self.kill_chain_phases = KillChainPhasesReference() self.valid_time_positions = _ValidTimePositions() self.related_indicators = None self.related_campaigns = RelatedCampaignRefs() self.observable_composition_operator = "OR" self.likely_impact = None self.negate = None self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("coa") self.idref = idref self.version = self._version self.title = title self.stage = None self.type_ = None self.description = description self.short_description = short_description self.objective = None self.parameter_observables = None # self.structured_coa = None self.impact = None self.cost = None self.efficacy = None self.information_source = None self.handling = None self.related_coas = RelatedCOAs() self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("Campaign") self.idref = idref self.version = self._version self.title = title self.description = description self.short_description = short_description self.names = None self.intended_effects = None self.status = None self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.attribution = Attribution() self.associated_campaigns = AssociatedCampaigns() self.confidence = None self.activity = [] self.information_source = None self.handling = None self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Campaign, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.names = None self.intended_effects = _IntendedEffects() self.status = None self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.attribution = _AttributionList() self.associated_campaigns = AssociatedCampaigns() self.confidence = None self.activity = _Activities() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Indicator, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.observable = None self.indicator_types = IndicatorTypes() self.test_mechanisms = TestMechanisms() self.alternative_id = None self.suggested_coas = SuggestedCOAs() self.sightings = Sightings() self.composite_indicator_expression = None self.kill_chain_phases = KillChainPhasesReference() self.related_indicators = RelatedIndicators() self.related_campaigns = RelatedCampaignRefs() self.observable_composition_operator = "OR" self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("threatactor") self.idref = idref self.version = None self.title = title self.description = description self.short_description = short_description self.identity = None self.types = None self.motivations = None self.sophistications = None self.intended_effects = None self.planning_and_operational_supports = None self.handling = None self.confidence = None self.information_source = None self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def test_add_stix_package(self): from stix.core import STIXPackage l = RelatedPackageRefs() l.append(STIXPackage()) self.assertEqual(1, len(l))
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ThreatActor, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.identity = None self.types = None self.motivations = None self.sophistications = None self.intended_effects = None self.planning_and_operational_supports = None self.confidence = None self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("et") self.idref = idref self.version = self._version self.title = title self.description = description self.short_description = short_description self.information_source = None self.handling = None self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weaknesses = None self.configuration = None self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.negate = get('negate') return_obj.alternative_id = get('alternative_id') return_obj.indicated_ttps = _IndicatedTTPs.from_dict(get('indicated_ttps')) return_obj.test_mechanisms = TestMechanisms.from_list(get('test_mechanisms')) return_obj.suggested_coas = SuggestedCOAs.from_dict(get('suggested_coas')) return_obj.sightings = Sightings.from_dict(get('sightings')) return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(get('composite_indicator_expression')) return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases')) return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators')) return_obj.likely_impact = Statement.from_dict(get('likely_impact')) return_obj.indicator_types = IndicatorTypes.from_list(get('indicator_types')) return_obj.confidence = Confidence.from_dict(get('confidence')) return_obj.valid_time_positions = _ValidTimePositions.from_dict(get('valid_time_positions')) return_obj.observable = Observable.from_dict(get('observable')) return_obj.producer = InformationSource.from_dict(get('producer')) return_obj.related_campaigns = RelatedCampaignRefs.from_dict(get('related_campaigns')) return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.id return_obj.idref = obj.idref return_obj.timestamp = obj.timestamp if isinstance(obj, cls._binding_class): # ThreatActorType properties return_obj.version = obj.version return_obj.title = obj.Title return_obj.description = StructuredText.from_obj(obj.Description) return_obj.short_description = StructuredText.from_obj(obj.Short_Description) return_obj.identity = Identity.from_obj(obj.Identity) return_obj.types = [Statement.from_obj(x) for x in obj.Type] return_obj.motivations = [Statement.from_obj(x) for x in obj.Motivation] return_obj.sophistications = [Statement.from_obj(x) for x in obj.Sophistication] return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect] return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.Planning_And_Operational_Support] return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs) return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.Associated_Campaigns) return_obj.associated_actors = AssociatedActors.from_obj(obj.Associated_Actors) return_obj.handling = Marking.from_obj(obj.Handling) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.information_source = InformationSource.from_obj(obj.Information_Source) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(Campaign, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.names = Names.from_obj(obj.Names) return_obj.intended_effects = \ _IntendedEffects.from_obj(obj.Intended_Effect) return_obj.status = VocabString.from_obj(obj.Status) return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs) return_obj.related_incidents = \ RelatedIncidents.from_obj(obj.Related_Incidents) return_obj.related_indicators = \ RelatedIndicators.from_obj(obj.Related_Indicators) return_obj.attribution = _AttributionList.from_obj(obj.Attribution) return_obj.associated_campaigns = \ AssociatedCampaigns.from_obj(obj.Associated_Campaigns) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.activity = _Activities.from_obj(obj.Activity) return_obj.related_packages = \ RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(Campaign, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get # PEP 8 line lengths return_obj.names = Names.from_dict(get('names')) return_obj.intended_effects = \ _IntendedEffects.from_dict(get('intended_effects')) return_obj.status = VocabString.from_dict(get('status')) return_obj.related_ttps = \ RelatedTTPs.from_dict(get('related_ttps')) return_obj.related_incidents = \ RelatedIncidents.from_dict(get('related_incidents')) return_obj.related_indicators = \ RelatedIndicators.from_dict(get('related_indicators')) return_obj.attribution = _AttributionList.from_list(get('attribution')) return_obj.associated_campaigns = \ AssociatedCampaigns.from_dict(get('associated_campaigns')) return_obj.confidence = \ Confidence.from_dict(get('confidence')) return_obj.activity = _Activities.from_dict(get('activity')) return_obj.related_packages = \ RelatedPackageRefs.from_dict(get('related_packages')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() if isinstance(obj, cls._binding_class): # CourseOfActionType properties return_obj.version = obj.get_version() or cls._version return_obj.title = obj.get_Title() return_obj.stage = VocabString.from_obj(obj.get_Stage()) return_obj.type_ = VocabString.from_obj(obj.get_Type()) return_obj.description = StructuredText.from_obj(obj.get_Description()) return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description()) return_obj.objective = Objective.from_obj(obj.get_Objective()) return_obj.parameter_observables = \ Observables.from_obj(obj.get_Parameter_Observables()) return_obj.impact = Statement.from_obj(obj.get_Impact()) return_obj.cost = Statement.from_obj(obj.get_Cost()) return_obj.efficacy = Statement.from_obj(obj.get_Efficacy()) return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.related_coas = \ RelatedCOAs.from_obj(obj.get_Related_COAs()) return_obj.related_packages = \ RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() # not yet implemented if isinstance(obj, cls._binding_class): # TTPType properties return_obj.version = obj.get_version() or cls._version return_obj.title = obj.get_Title() return_obj.description = StructuredText.from_obj(obj.get_Description()) return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description()) return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.potential_coas = PotentialCOAs.from_obj(obj.get_Potential_COAs()) return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.get_Related_Exploit_Targets()) return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.get_Vulnerability()] return_obj.weaknesses = [Weakness.from_obj(x) for x in obj.get_Weakness()] return_obj.configuration = [Configuration.from_obj(x) for x in obj.get_Configuration()] return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(Indicator, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.negate = obj.negate return_obj.producer = InformationSource.from_obj(obj.Producer) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.sightings = Sightings.from_obj(obj.Sightings) return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_obj(obj.Composite_Indicator_Expression) return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.Kill_Chain_Phases) return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators) return_obj.likely_impact = Statement.from_obj(obj.Likely_Impact) return_obj.indicator_types = IndicatorTypes.from_obj(obj.Type) return_obj.test_mechanisms = TestMechanisms.from_obj(obj.Test_Mechanisms) return_obj.suggested_coas = SuggestedCOAs.from_obj(obj.Suggested_COAs) return_obj.alternative_id = obj.Alternative_ID return_obj.indicated_ttps = _IndicatedTTPs.from_obj(obj.Indicated_TTP) return_obj.valid_time_positions = _ValidTimePositions.from_obj(obj.Valid_Time_Position) return_obj.observable = Observable.from_obj(obj.Observable) return_obj.related_campaigns = RelatedCampaignRefs.from_obj(obj.Related_Campaigns) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Indicator, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.producer = None self.observables = None self.indicator_types = IndicatorTypes() self.confidence = None self.indicated_ttps = _IndicatedTTPs() self.test_mechanisms = TestMechanisms() self.alternative_id = None self.suggested_coas = SuggestedCOAs() self.sightings = Sightings() self.composite_indicator_expression = None self.kill_chain_phases = KillChainPhasesReference() self.valid_time_positions = _ValidTimePositions() self.related_indicators = None self.related_campaigns = RelatedCampaignRefs() self.observable_composition_operator = "OR" self.likely_impact = None self.negate = None self.related_packages = RelatedPackageRefs()
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id') return_obj.idref = dict_repr.get('idref') return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version') return_obj.title = dict_repr.get('title') return_obj.description = StructuredText.from_dict(dict_repr.get('description')) return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description')) return_obj.identity = Identity.from_dict(dict_repr.get('identity')) return_obj.types = [Statement.from_dict(x) for x in dict_repr.get('types', [])] return_obj.motivations = [Statement.from_dict(x) for x in dict_repr.get('motivations', [])] return_obj.sophistications = [Statement.from_dict(x) for x in dict_repr.get('sophistications', [])] return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])] return_obj.planning_and_operational_supports = [Statement.from_dict(x) for x in dict_repr.get('planning_and_operational_supports', [])] return_obj.observed_ttps = ObservedTTPs.from_dict(dict_repr.get('observed_ttps')) return_obj.associated_campaigns = AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns')) return_obj.associated_actors = AssociatedActors.from_dict(dict_repr.get('associated_actors')) return_obj.handling = Marking.from_dict(dict_repr.get('handling')) return_obj.confidence = Confidence.from_dict(dict_repr.get('confidence')) return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source')) return_obj.related_packages = RelatedPackageRefs.from_dict(dict_repr.get('related_packages')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() # not yet implemented if isinstance(obj, cls._binding_class): # TTPType properties return_obj.version = obj.get_version() or cls._version return_obj.title = obj.get_Title() return_obj.description = StructuredText.from_obj(obj.get_Description()) return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description()) return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.potential_coas = PotentialCOAs.from_obj(obj.get_Potential_COAs()) return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.get_Related_Exploit_Targets()) return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.get_Vulnerability()] return_obj.weakness = [Weakness.from_obj(x) for x in obj.get_Weakness()] return_obj.configuration = [Configuration.from_obj(x) for x in obj.get_Configuration()] return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() if isinstance(obj, cls._binding_class): # ThreatActorType properties return_obj.version = obj.get_version() if obj.get_version() else cls._version return_obj.title = obj.get_Title() return_obj.description = StructuredText.from_obj(obj.get_Description()) return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description()) return_obj.identity = Identity.from_obj(obj.get_Identity()) return_obj.types = [Statement.from_obj(x) for x in obj.get_Type()] return_obj.motivations = [Statement.from_obj(x) for x in obj.get_Motivation()] return_obj.sophistications = [Statement.from_obj(x) for x in obj.get_Sophistication()] return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()] return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.get_Planning_And_Operational_Support()] return_obj.observed_ttps = ObservedTTPs.from_obj(obj.get_Observed_TTPs()) return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns()) return_obj.associated_actors = AssociatedActors.from_obj(obj.get_Associated_Actors()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.confidence = Confidence.from_obj(obj.get_Confidence()) return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source()) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() if isinstance(obj, cls._binding_class): # CourseOfActionType properties return_obj.version = obj.get_version() or cls._version return_obj.title = obj.get_Title() return_obj.stage = VocabString.from_obj(obj.get_Stage()) return_obj.type_ = VocabString.from_obj(obj.get_Type()) return_obj.description = StructuredText.from_obj( obj.get_Description()) return_obj.short_description = StructuredText.from_obj( obj.get_Short_Description()) return_obj.objective = Objective.from_obj(obj.get_Objective()) return_obj.parameter_observables = \ Observables.from_obj(obj.get_Parameter_Observables()) return_obj.impact = Statement.from_obj(obj.get_Impact()) return_obj.cost = Statement.from_obj(obj.get_Cost()) return_obj.efficacy = Statement.from_obj(obj.get_Efficacy()) return_obj.information_source = InformationSource.from_obj( obj.get_Information_Source()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.related_coas = \ RelatedCOAs.from_obj(obj.get_Related_COAs()) return_obj.related_packages = \ RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(ThreatActor, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): # ThreatActorType properties return_obj.identity = Identity.from_obj(obj.Identity) return_obj.types = _Types.from_obj(obj.Type) return_obj.motivations = _Motivations.from_obj(obj.Motivation) return_obj.sophistications = _Sophistications.from_obj( obj.Sophistication) return_obj.intended_effects = _IntendedEffects.from_obj( obj.Intended_Effect) return_obj.planning_and_operational_supports = \ _PlanningAndOperationalSupports.from_obj(obj.Planning_And_Operational_Support) return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs) return_obj.associated_campaigns = AssociatedCampaigns.from_obj( obj.Associated_Campaigns) return_obj.associated_actors = AssociatedActors.from_obj( obj.Associated_Actors) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.related_packages = RelatedPackageRefs.from_obj( obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id') return_obj.idref = dict_repr.get('idref') return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version', cls._version) return_obj.title = dict_repr.get('title') return_obj.stage = VocabString.from_dict(dict_repr.get('stage')) return_obj.type_ = VocabString.from_dict(dict_repr.get('type')) return_obj.description = StructuredText.from_dict( dict_repr.get('description')) return_obj.short_description = StructuredText.from_dict( dict_repr.get('short_description')) return_obj.objective = Objective.from_dict(dict_repr.get('objective')) return_obj.parameter_observables = \ Observables.from_dict(dict_repr.get('parameter_observables')) return_obj.impact = Statement.from_dict(dict_repr.get('impact')) return_obj.cost = Statement.from_dict(dict_repr.get('cost')) return_obj.efficacy = Statement.from_dict(dict_repr.get('efficacy')) return_obj.information_source = InformationSource.from_dict( dict_repr.get('information_source')) return_obj.handling = Marking.from_dict(dict_repr.get('handling')) return_obj.related_coas = \ RelatedCOAs.from_dict(dict_repr.get('related_coas')) return_obj.related_packages = \ RelatedPackageRefs.from_dict(dict_repr.get('related_packages')) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(ThreatActor, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.identity = Identity.from_dict(get('identity')) return_obj.types = _Types.from_dict(get('types')) return_obj.motivations = _Motivations.from_dict(get('motivations')) return_obj.sophistications = _Sophistications.from_dict( get('sophistications')) return_obj.intended_effects = _IntendedEffects.from_dict( get('intended_effects')) return_obj.planning_and_operational_supports = \ _PlanningAndOperationalSupports.from_dict(get('planning_and_operational_supports')) return_obj.observed_ttps = ObservedTTPs.from_dict(get('observed_ttps')) return_obj.associated_campaigns = AssociatedCampaigns.from_dict( get('associated_campaigns')) return_obj.associated_actors = AssociatedActors.from_dict( get('associated_actors')) return_obj.confidence = Confidence.from_dict(get('confidence')) return_obj.related_packages = RelatedPackageRefs.from_dict( get('related_packages')) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(ThreatActor, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.identity = Identity.from_dict(get('identity')) return_obj.types = _Types.from_dict(get('types')) return_obj.motivations = _Motivations.from_dict(get('motivations')) return_obj.sophistications = _Sophistications.from_dict(get('sophistications')) return_obj.intended_effects = _IntendedEffects.from_dict(get('intended_effects')) return_obj.planning_and_operational_supports = \ _PlanningAndOperationalSupports.from_dict(get('planning_and_operational_supports')) return_obj.observed_ttps = ObservedTTPs.from_dict(get('observed_ttps')) return_obj.associated_campaigns = AssociatedCampaigns.from_dict(get('associated_campaigns')) return_obj.associated_actors = AssociatedActors.from_dict(get('associated_actors')) return_obj.handling = Marking.from_dict(get('handling')) return_obj.confidence = Confidence.from_dict(get('confidence')) return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.id return_obj.idref = obj.idref return_obj.timestamp = obj.timestamp if isinstance(obj, cls._binding_class): # CourseOfActionType properties return_obj.version = obj.version return_obj.title = obj.Title return_obj.stage = VocabString.from_obj(obj.Stage) return_obj.type_ = VocabString.from_obj(obj.Type) return_obj.description = StructuredText.from_obj(obj.Description) return_obj.short_description = StructuredText.from_obj(obj.Short_Description) return_obj.objective = Objective.from_obj(obj.Objective) return_obj.parameter_observables = \ Observables.from_obj(obj.Parameter_Observables) return_obj.impact = Statement.from_obj(obj.Impact) return_obj.cost = Statement.from_obj(obj.Cost) return_obj.efficacy = Statement.from_obj(obj.Efficacy) return_obj.information_source = InformationSource.from_obj(obj.Information_Source) return_obj.handling = Marking.from_obj(obj.Handling) return_obj.related_coas = \ RelatedCOAs.from_obj(obj.Related_COAs) return_obj.related_packages = \ RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id') return_obj.idref = dict_repr.get('idref') return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version') return_obj.title = dict_repr.get('title') return_obj.stage = VocabString.from_dict(dict_repr.get('stage')) return_obj.type_ = VocabString.from_dict(dict_repr.get('type')) return_obj.description = StructuredText.from_dict(dict_repr.get('description')) return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description')) return_obj.objective = Objective.from_dict(dict_repr.get('objective')) return_obj.parameter_observables = \ Observables.from_dict(dict_repr.get('parameter_observables')) return_obj.impact = Statement.from_dict(dict_repr.get('impact')) return_obj.cost = Statement.from_dict(dict_repr.get('cost')) return_obj.efficacy = Statement.from_dict(dict_repr.get('efficacy')) return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source')) return_obj.handling = Marking.from_dict(dict_repr.get('handling')) return_obj.related_coas = \ RelatedCOAs.from_dict(dict_repr.get('related_coas')) return_obj.related_packages = \ RelatedPackageRefs.from_dict(dict_repr.get('related_packages')) return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Incident, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_indicators = RelatedIndicators() self.related_observables = RelatedObservables() self.related_incidents = RelatedIncidents() self.related_packages = RelatedPackageRefs() self.categories = IncidentCategories() self.affected_assets = AffectedAssets() self.leveraged_ttps = LeveragedTTPs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("Campaign") self.idref = idref self.version = None # self._version self.title = title self.description = description self.short_description = short_description self.names = None self.intended_effects = None self.status = None self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.attribution = AttributionList() self.associated_campaigns = AssociatedCampaigns() self.confidence = None self.activity = [] self.information_source = None self.handling = None self.related_packages = RelatedPackageRefs() if timestamp: self.timestamp = timestamp else: self.timestamp = datetime.now(tzutc()) if not idref else None
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Incident, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.status = None self.time = None self.victims = None self.attributed_threat_actors = AttributedThreatActors() self.related_indicators = RelatedIndicators() self.related_observables = RelatedObservables() self.related_incidents = RelatedIncidents() self.related_packages = RelatedPackageRefs() self.affected_assets = None self.categories = None self.intended_effects = None self.leveraged_ttps = LeveragedTTPs() self.discovery_methods = None self.reporter = None self.responders = None self.coordinators = None self.external_ids = None self.impact_assessment = None self.security_compromise = None self.confidence = None self.coa_taken = None self.coa_requested = None self.history = History()
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(Incident, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.time = Time.from_obj(obj.Time) return_obj.victims = _Victims.from_obj(obj.Victim) return_obj.categories = IncidentCategories.from_obj(obj.Categories) return_obj.intended_effects = _IntendedEffects.from_obj(obj.Intended_Effect) return_obj.affected_assets = AffectedAssets.from_obj(obj.Affected_Assets) return_obj.discovery_methods = DiscoveryMethods.from_obj(obj.Discovery_Method) return_obj.coa_taken = _COAsTaken.from_obj(obj.COA_Taken) return_obj.coa_requested = _COAsRequested.from_obj(obj.COA_Requested) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.Attributed_Threat_Actors) return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators) return_obj.related_observables = RelatedObservables.from_obj(obj.Related_Observables) return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.Leveraged_TTPs) return_obj.related_incidents = RelatedIncidents.from_obj(obj.Related_Incidents) return_obj.status = VocabString.from_obj(obj.Status) return_obj.history = History.from_obj(obj.History) return_obj.responders = _InformationSources.from_obj(obj.Responder) return_obj.coordinators = _InformationSources.from_obj(obj.Coordinator) return_obj.external_ids = _ExternalIDs.from_obj(obj.External_ID) return_obj.reporter = InformationSource.from_obj(obj.Reporter) return_obj.impact_assessment = ImpactAssessment.from_obj(obj.Impact_Assessment) return_obj.security_compromise = VocabString.from_obj(obj.Security_Compromise) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(Incident, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.time = Time.from_dict(get('time')) return_obj.victims = _Victims.from_dict(get('victims')) return_obj.categories = IncidentCategories.from_dict(get('categories')) return_obj.attributed_threat_actors = AttributedThreatActors.from_dict(get('attributed_threat_actors')) return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators')) return_obj.related_observables = RelatedObservables.from_dict(get('related_observables')) return_obj.related_incidents = RelatedIncidents.from_dict(get('related_incidents')) return_obj.intended_effects = _IntendedEffects.from_list(get('intended_effects')) return_obj.leveraged_ttps = LeveragedTTPs.from_dict(get('leveraged_ttps')) return_obj.affected_assets = AffectedAssets.from_dict(get('affected_assets')) return_obj.discovery_methods = DiscoveryMethods.from_dict(get('discovery_methods')) return_obj.reporter = InformationSource.from_dict(get('reporter')) return_obj.responders = _InformationSources.from_dict(get('responders')) return_obj.coordinators = _InformationSources.from_dict(get('coordinators')) return_obj.external_ids = _ExternalIDs.from_dict(get('external_ids')) return_obj.impact_assessment = ImpactAssessment.from_dict(get('impact_assessment')) return_obj.security_compromise = VocabString.from_dict(get('security_compromise')) return_obj.confidence = Confidence.from_dict(get('confidence')) return_obj.coa_taken = _COAsTaken.from_dict(get('coa_taken')) return_obj.coa_requested = _COAsRequested.from_dict(get('coa_requested')) return_obj.status = VocabString.from_dict(get('status')) return_obj.history = History.from_dict(get('history')) return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.id return_obj.idref = obj.idref return_obj.timestamp = obj.timestamp # not yet implemented if isinstance(obj, cls._binding_class): # TTPType properties return_obj.version = obj.version return_obj.title = obj.Title return_obj.description = StructuredText.from_obj(obj.Description) return_obj.short_description = StructuredText.from_obj(obj.Short_Description) return_obj.information_source = InformationSource.from_obj(obj.Information_Source) return_obj.handling = Marking.from_obj(obj.Handling) return_obj.potential_coas = PotentialCOAs.from_obj(obj.Potential_COAs) return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.Related_Exploit_Targets) return_obj.vulnerabilities = [Vulnerability.from_obj(x) for x in obj.Vulnerability] return_obj.weaknesses = [Weakness.from_obj(x) for x in obj.Weakness] return_obj.configuration = [Configuration.from_obj(x) for x in obj.Configuration] return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def test_add_bad_type(self): from stix.indicator import Indicator l = RelatedPackageRefs() self.assertRaises( TypeError, l.append, Indicator() )
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(TTP, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.related_packages = RelatedPackageRefs() self.exploit_targets = ExploitTargets() self.related_ttps = RelatedTTPs() self.kill_chain_phases = KillChainPhasesReference()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ExploitTarget, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weaknesses = None self.configuration = None self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Incident, self).__init__(id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description) self.status = None self.time = None self.victims = None self.attributed_threat_actors = AttributedThreatActors() self.related_indicators = RelatedIndicators() self.related_observables = RelatedObservables() self.related_incidents = RelatedIncidents() self.related_packages = RelatedPackageRefs() self.affected_assets = None self.categories = None self.intended_effects = None self.leveraged_ttps = LeveragedTTPs() self.discovery_methods = None self.reporter = None self.responders = None self.coordinators = None self.external_ids = None self.impact_assessment = None self.security_compromise = None self.confidence = None self.coa_taken = None self.coa_requested = None self.history = History() self._contacts = None self._url = None
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(Incident, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.time = Time.from_dict(get('time')) return_obj.victims = _Victims.from_dict(get('victims')) return_obj.categories = IncidentCategories.from_dict(get('categories')) return_obj.attributed_threat_actors = AttributedThreatActors.from_dict( get('attributed_threat_actors')) return_obj.related_indicators = RelatedIndicators.from_dict( get('related_indicators')) return_obj.related_observables = RelatedObservables.from_dict( get('related_observables')) return_obj.related_incidents = RelatedIncidents.from_dict( get('related_incidents')) return_obj.intended_effects = _IntendedEffects.from_list( get('intended_effects')) return_obj.leveraged_ttps = LeveragedTTPs.from_dict( get('leveraged_ttps')) return_obj.affected_assets = AffectedAssets.from_dict( get('affected_assets')) return_obj.discovery_methods = DiscoveryMethods.from_dict( get('discovery_methods')) return_obj.reporter = InformationSource.from_dict(get('reporter')) return_obj.responders = _InformationSources.from_dict( get('responders')) return_obj.coordinators = _InformationSources.from_dict( get('coordinators')) return_obj.external_ids = _ExternalIDs.from_dict(get('external_ids')) return_obj.impact_assessment = ImpactAssessment.from_dict( get('impact_assessment')) return_obj.security_compromise = VocabString.from_dict( get('security_compromise')) return_obj.confidence = Confidence.from_dict(get('confidence')) return_obj.coa_taken = _COAsTaken.from_dict(get('coa_taken')) return_obj.coa_requested = _COAsRequested.from_dict( get('coa_requested')) return_obj.status = VocabString.from_dict(get('status')) return_obj.history = History.from_dict(get('history')) return_obj.related_packages = RelatedPackageRefs.from_dict( get('related_packages')) return_obj.contacts = _InformationSources.from_dict(get('contacts')) return_obj.url = get('url') return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(CourseOfAction, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_coas = RelatedCOAs() self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(Incident, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.time = Time.from_obj(obj.Time) return_obj.victims = _Victims.from_obj(obj.Victim) return_obj.categories = IncidentCategories.from_obj(obj.Categories) return_obj.intended_effects = _IntendedEffects.from_obj( obj.Intended_Effect) return_obj.affected_assets = AffectedAssets.from_obj( obj.Affected_Assets) return_obj.discovery_methods = DiscoveryMethods.from_obj( obj.Discovery_Method) return_obj.coa_taken = _COAsTaken.from_obj(obj.COA_Taken) return_obj.coa_requested = _COAsRequested.from_obj( obj.COA_Requested) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.attributed_threat_actors = AttributedThreatActors.from_obj( obj.Attributed_Threat_Actors) return_obj.related_indicators = RelatedIndicators.from_obj( obj.Related_Indicators) return_obj.related_observables = RelatedObservables.from_obj( obj.Related_Observables) return_obj.leveraged_ttps = LeveragedTTPs.from_obj( obj.Leveraged_TTPs) return_obj.related_incidents = RelatedIncidents.from_obj( obj.Related_Incidents) return_obj.status = VocabString.from_obj(obj.Status) return_obj.history = History.from_obj(obj.History) return_obj.responders = _InformationSources.from_obj(obj.Responder) return_obj.coordinators = _InformationSources.from_obj( obj.Coordinator) return_obj.external_ids = _ExternalIDs.from_obj(obj.External_ID) return_obj.reporter = InformationSource.from_obj(obj.Reporter) return_obj.impact_assessment = ImpactAssessment.from_obj( obj.Impact_Assessment) return_obj.security_compromise = VocabString.from_obj( obj.Security_Compromise) return_obj.related_packages = RelatedPackageRefs.from_obj( obj.Related_Packages) return_obj.contacts = _InformationSources.from_obj(obj.Contact) return_obj.url = obj.URL return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id') return_obj.idref = dict_repr.get('idref') return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version') return_obj.title = dict_repr.get('title') return_obj.description = StructuredText.from_dict( dict_repr.get('description')) return_obj.short_description = StructuredText.from_dict( dict_repr.get('short_description')) return_obj.identity = Identity.from_dict(dict_repr.get('identity')) return_obj.types = [ Statement.from_dict(x) for x in dict_repr.get('types', []) ] return_obj.motivations = [ Statement.from_dict(x) for x in dict_repr.get('motivations', []) ] return_obj.sophistications = [ Statement.from_dict(x) for x in dict_repr.get('sophistications', []) ] return_obj.intended_effects = [ Statement.from_dict(x) for x in dict_repr.get('intended_effects', []) ] return_obj.planning_and_operational_supports = [ Statement.from_dict(x) for x in dict_repr.get('planning_and_operational_supports', []) ] return_obj.observed_ttps = ObservedTTPs.from_dict( dict_repr.get('observed_ttps')) return_obj.associated_campaigns = AssociatedCampaigns.from_dict( dict_repr.get('associated_campaigns')) return_obj.associated_actors = AssociatedActors.from_dict( dict_repr.get('associated_actors')) return_obj.handling = Marking.from_dict(dict_repr.get('handling')) return_obj.confidence = Confidence.from_dict( dict_repr.get('confidence')) return_obj.information_source = InformationSource.from_dict( dict_repr.get('information_source')) return_obj.related_packages = RelatedPackageRefs.from_dict( dict_repr.get('related_packages')) return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("et") self.idref = idref self.timestamp = timestamp or datetime.now() self.version = self._version self.title = title self.description = description self.short_description = short_description self.information_source = None self.handling = None self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weakness = None self.configuration = None self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ThreatActor, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.observed_ttps = ObservedTTPs() self.associated_campaigns = AssociatedCampaigns() self.associated_actors = AssociatedActors() self.related_packages = RelatedPackageRefs()
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(Campaign, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.related_ttps = RelatedTTPs() self.related_incidents = RelatedIncidents() self.related_indicators = RelatedIndicators() self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() if isinstance(obj, cls._binding_class): # ThreatActorType properties return_obj.version = obj.get_version() if obj.get_version( ) else cls._version return_obj.title = obj.get_Title() return_obj.description = StructuredText.from_obj( obj.get_Description()) return_obj.short_description = StructuredText.from_obj( obj.get_Short_Description()) return_obj.identity = Identity.from_obj(obj.get_Identity()) return_obj.types = [Statement.from_obj(x) for x in obj.get_Type()] return_obj.motivations = [ Statement.from_obj(x) for x in obj.get_Motivation() ] return_obj.sophistications = [ Statement.from_obj(x) for x in obj.get_Sophistication() ] return_obj.intended_effects = [ Statement.from_obj(x) for x in obj.get_Intended_Effect() ] return_obj.planning_and_operational_supports = [ Statement.from_obj(x) for x in obj.get_Planning_And_Operational_Support() ] return_obj.observed_ttps = ObservedTTPs.from_obj( obj.get_Observed_TTPs()) return_obj.associated_campaigns = AssociatedCampaigns.from_obj( obj.get_Associated_Campaigns()) return_obj.associated_actors = AssociatedActors.from_obj( obj.get_Associated_Actors()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.confidence = Confidence.from_obj(obj.get_Confidence()) return_obj.information_source = InformationSource.from_obj( obj.get_Information_Source()) return_obj.related_packages = RelatedPackageRefs.from_obj( obj.get_Related_Packages()) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(ExploitTarget, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.potential_coas = PotentialCOAs.from_obj(obj.Potential_COAs) return_obj.related_exploit_targets = RelatedExploitTargets.from_obj(obj.Related_Exploit_Targets) return_obj.vulnerabilities = _Vulnerabilities.from_obj(obj.Vulnerability) return_obj.weaknesses = _Weaknesses.from_obj(obj.Weakness) return_obj.configuration = _Configurations.from_obj(obj.Configuration) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(ExploitTarget, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.potential_coas = PotentialCOAs.from_dict(get('potential_coas')) return_obj.related_exploit_targets = RelatedExploitTargets.from_dict(get('related_exploit_targets')) return_obj.vulnerabilities = _Vulnerabilities.from_dict(get('vulnerabilities')) return_obj.weaknesses = _Weaknesses.from_dict(get('weaknesses')) return_obj.configuration = _Configurations.from_dict(get('configuration')) return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages')) return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): super(ExploitTarget, self).__init__( id_=id_, idref=idref, timestamp=timestamp, title=title, description=description, short_description=short_description ) self.potential_coas = PotentialCOAs() self.related_exploit_targets = RelatedExploitTargets() self.vulnerabilities = None self.weaknesses = None self.configuration = None self.related_packages = RelatedPackageRefs()
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.id return_obj.idref = obj.idref return_obj.timestamp = obj.timestamp if isinstance(obj, cls._binding_class): # ThreatActorType properties return_obj.version = obj.version return_obj.title = obj.Title return_obj.description = StructuredText.from_obj(obj.Description) return_obj.short_description = StructuredText.from_obj( obj.Short_Description) return_obj.identity = Identity.from_obj(obj.Identity) return_obj.types = [Statement.from_obj(x) for x in obj.Type] return_obj.motivations = [ Statement.from_obj(x) for x in obj.Motivation ] return_obj.sophistications = [ Statement.from_obj(x) for x in obj.Sophistication ] return_obj.intended_effects = [ Statement.from_obj(x) for x in obj.Intended_Effect ] return_obj.planning_and_operational_supports = [ Statement.from_obj(x) for x in obj.Planning_And_Operational_Support ] return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs) return_obj.associated_campaigns = AssociatedCampaigns.from_obj( obj.Associated_Campaigns) return_obj.associated_actors = AssociatedActors.from_obj( obj.Associated_Actors) return_obj.handling = Marking.from_obj(obj.Handling) return_obj.confidence = Confidence.from_obj(obj.Confidence) return_obj.information_source = InformationSource.from_obj( obj.Information_Source) return_obj.related_packages = RelatedPackageRefs.from_obj( obj.Related_Packages) return return_obj
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() return_obj.id_ = dict_repr.get('id') return_obj.idref = dict_repr.get('idref') return_obj.timestamp = dict_repr.get('timestamp') return_obj.version = dict_repr.get('version', cls._version) return_obj.title = dict_repr.get('title') return_obj.description = \ StructuredText.from_dict(dict_repr.get('description')) return_obj.short_description = \ StructuredText.from_dict(dict_repr.get('short_description')) return_obj.names = Names.from_dict(dict_repr.get('names')) return_obj.intended_effect = \ [Statement.from_dict(x) for x in dict_repr.get('intended_effect', [])] return_obj.status = VocabString.from_dict(dict_repr.get('status')) return_obj.related_ttps = \ RelatedTTPs.from_dict(dict_repr.get('related_ttps')) return_obj.related_incidents = \ RelatedIncidents.from_dict(dict_repr.get('related_incidents')) return_obj.related_indicators = \ RelatedIndicators.from_dict(dict_repr.get('related_indicators')) return_obj.attribution = \ [Attribution.from_dict(x) for x in dict_repr.get('attribution', [])] return_obj.associated_campaigns = \ AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns')) return_obj.confidence = \ Confidence.from_dict(dict_repr.get('confidence')) return_obj.activity = \ [Activity.from_dict(x) for x in dict_repr.get('activity', [])] return_obj.information_source = \ InformationSource.from_dict(dict_repr.get('information_source')) return_obj.handling = Marking.from_dict(dict_repr.get('handling')) return_obj.related_packages = \ RelatedPackageRefs.from_dict(dict_repr.get('related_packages')) return return_obj
def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None): self.id_ = id_ or stix.utils.create_id("coa") self.idref = idref self.timestamp = timestamp or datetime.now() self.version = self._version self.title = title self.stage = None self.type_ = None self.description = description self.short_description = short_description self.objective = None self.parameter_observables = None # self.structured_coa = None self.impact = None self.cost = None self.efficacy = None self.information_source = None self.handling = None self.related_coas = RelatedCOAs() self.related_packages = RelatedPackageRefs()
def from_dict(cls, dict_repr, return_obj=None): if not dict_repr: return None if not return_obj: return_obj = cls() super(TTP, cls).from_dict(dict_repr, return_obj=return_obj) get = dict_repr.get return_obj.behavior = Behavior.from_dict(get('behavior')) return_obj.related_ttps = RelatedTTPs.from_dict(get('related_ttps')) return_obj.exploit_targets = ExploitTargets.from_dict(get('exploit_targets')) return_obj.intended_effects = _IntendedEffects.from_dict(get('intended_effects')) return_obj.resources = Resource.from_dict(get('resources')) return_obj.victim_targeting = VictimTargeting.from_dict(get('victim_targeting')) return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages')) return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases')) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() super(TTP, cls).from_obj(obj, return_obj=return_obj) if isinstance(obj, cls._binding_class): return_obj.behavior = Behavior.from_obj(obj.Behavior) return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs) return_obj.exploit_targets = ExploitTargets.from_obj(obj.Exploit_Targets) return_obj.resources = Resource.from_obj(obj.Resources) return_obj.victim_targeting = VictimTargeting.from_obj(obj.Victim_Targeting) return_obj.intended_effects = _IntendedEffects.from_obj(obj.Intended_Effect) return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.Kill_Chain_Phases) return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages) return return_obj
def from_obj(cls, obj, return_obj=None): if not obj: return None if not return_obj: return_obj = cls() return_obj.id_ = obj.get_id() return_obj.idref = obj.get_idref() return_obj.timestamp = obj.get_timestamp() if isinstance(obj, cls._binding_class): return_obj.version = obj.get_version() or cls._version return_obj.title = obj.get_Title() return_obj.description = StructuredText.from_obj(obj.get_Description()) return_obj.short_description = \ StructuredText.from_obj(obj.get_Short_Description()) return_obj.names = Names.from_obj(obj.get_Names()) return_obj.intended_effect = \ [Statement.from_obj(x) for x in obj.get_Intended_Effect()] return_obj.status = VocabString.from_obj(obj.get_Status()) return_obj.related_ttps = RelatedTTPs.from_obj(obj.get_Related_TTPs()) return_obj.related_incidents = \ RelatedIncidents.from_obj(obj.get_Related_Incidents()) return_obj.related_indicators = \ RelatedIndicators.from_obj(obj.get_Related_Indicators()) return_obj.attribution = \ [Attribution.from_obj(x) for x in obj.get_Attribution()] return_obj.associated_campaigns = \ AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns()) return_obj.confidence = Confidence.from_obj(obj.get_Confidence()) return_obj.activity = \ [Activity.from_obj(x) for x in obj.get_Activity()] return_obj.information_source = \ InformationSource.from_obj(obj.get_Information_Source()) return_obj.handling = Marking.from_obj(obj.get_Handling()) return_obj.related_packages = \ RelatedPackageRefs.from_obj(obj.get_Related_Packages()) return return_obj