def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.get_version() if obj.get_version() else cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.identity = Identity.from_obj(obj.get_Identity())
return_obj.types = [Statement.from_obj(x) for x in obj.get_Type()]
return_obj.motivations = [Statement.from_obj(x) for x in obj.get_Motivation()]
return_obj.sophistications = [Statement.from_obj(x) for x in obj.get_Sophistication()]
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.get_Planning_And_Operational_Support()]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.get_Observed_TTPs())
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns())
return_obj.associated_actors = AssociatedActors.from_obj(obj.get_Associated_Actors())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.identity = Identity.from_obj(obj.Identity)
return_obj.types = [Statement.from_obj(x) for x in obj.Type]
return_obj.motivations = [Statement.from_obj(x) for x in obj.Motivation]
return_obj.sophistications = [Statement.from_obj(x) for x in obj.Sophistication]
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect]
return_obj.planning_and_operational_supports = [Statement.from_obj(x) for x in obj.Planning_And_Operational_Support]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs)
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.associated_actors = AssociatedActors.from_obj(obj.Associated_Actors)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.stage = VocabString.from_obj(obj.Stage)
return_obj.type_ = VocabString.from_obj(obj.Type)
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.objective = Objective.from_obj(obj.Objective)
return_obj.parameter_observables = \
Observables.from_obj(obj.Parameter_Observables)
return_obj.impact = Statement.from_obj(obj.Impact)
return_obj.cost = Statement.from_obj(obj.Cost)
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.Related_COAs)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(CourseOfAction, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.title = obj.Title
return_obj.stage = VocabString.from_obj(obj.Stage)
return_obj.type_ = VocabString.from_obj(obj.Type)
return_obj.objective = Objective.from_obj(obj.Objective)
return_obj.parameter_observables = \
Observables.from_obj(obj.Parameter_Observables)
return_obj.impact = Statement.from_obj(obj.Impact)
return_obj.cost = Statement.from_obj(obj.Cost)
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.Related_COAs)
return_obj.related_packages = \
related.RelatedPackageRefs.from_obj(obj.Related_Packages)
return_obj.structured_coa = \
_BaseStructuredCOA.from_obj(obj.Structured_COA)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version')
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.identity = Identity.from_dict(dict_repr.get('identity'))
return_obj.types = [Statement.from_dict(x) for x in dict_repr.get('types', [])]
return_obj.motivations = [Statement.from_dict(x) for x in dict_repr.get('motivations', [])]
return_obj.sophistications = [Statement.from_dict(x) for x in dict_repr.get('sophistications', [])]
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.planning_and_operational_supports = [Statement.from_dict(x)
for x in dict_repr.get('planning_and_operational_supports', [])]
return_obj.observed_ttps = ObservedTTPs.from_dict(dict_repr.get('observed_ttps'))
return_obj.associated_campaigns = AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns'))
return_obj.associated_actors = AssociatedActors.from_dict(dict_repr.get('associated_actors'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.confidence = Confidence.from_dict(dict_repr.get('confidence'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.related_packages = RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(CourseOfAction, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.stage = VocabString.from_dict(get('stage'))
return_obj.type_ = VocabString.from_dict(get('type'))
return_obj.objective = Objective.from_dict(get('objective'))
return_obj.parameter_observables = \
Observables.from_dict(get('parameter_observables'))
return_obj.impact = Statement.from_dict(get('impact'))
return_obj.cost = Statement.from_dict(get('cost'))
return_obj.efficacy = Statement.from_dict(get('efficacy'))
return_obj.related_coas = \
RelatedCOAs.from_dict(get('related_coas'))
return_obj.related_packages = \
related.RelatedPackageRefs.from_dict(get('related_packages'))
return_obj.structured_coa = \
_BaseStructuredCOA.from_dict(get('structured_coa'))
return return_obj
def add_external_or_partner_actor_ttem(item, pkg):
ta = ThreatActor()
ta.identity = CIQIdentity3_0Instance()
identity_spec = STIXCIQIdentity3_0()
country_item = item.get('country')
if not country_item:
error("Required 'country' item is missing in 'actor/external' or 'actor/partner' item")
else:
for c in country_item:
address = Address()
address.country = Country()
address.country.add_name_element(c)
identity_spec.add_address(address)
ta.identity.specification = identity_spec
motive_item = item.get('motive')
if not motive_item:
error("Required 'motive' item is missing in 'actor/external' or 'actor/partner' item")
else:
for m in motive_item:
motivation = Statement()
motivation.value = map_motive_item_to_motivation(m)
ta.add_motivation(motivation)
variety_item = item.get('variety')
if not variety_item:
error("Required 'variety' item is missing in 'actor/external' or 'actor/partner' item")
else:
for v in variety_item:
ta_type = Statement()
ta_type.value = map_actor_variety_item_to_threat_actor_type(v)
ta.add_type(ta_type)
notes_item = item.get('notes')
if notes_item:
ta.description = "Notes: " + escape(notes_item)
pkg.add_threat_actor(ta)
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version')
return_obj.title = dict_repr.get('title')
return_obj.stage = VocabString.from_dict(dict_repr.get('stage'))
return_obj.type_ = VocabString.from_dict(dict_repr.get('type'))
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.objective = Objective.from_dict(dict_repr.get('objective'))
return_obj.parameter_observables = \
Observables.from_dict(dict_repr.get('parameter_observables'))
return_obj.impact = Statement.from_dict(dict_repr.get('impact'))
return_obj.cost = Statement.from_dict(dict_repr.get('cost'))
return_obj.efficacy = Statement.from_dict(dict_repr.get('efficacy'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_coas = \
RelatedCOAs.from_dict(dict_repr.get('related_coas'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class): # CourseOfActionType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.stage = VocabString.from_obj(obj.get_Stage())
return_obj.type_ = VocabString.from_obj(obj.get_Type())
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.objective = Objective.from_obj(obj.get_Objective())
return_obj.parameter_observables = \
Observables.from_obj(obj.get_Parameter_Observables())
return_obj.impact = Statement.from_obj(obj.get_Impact())
return_obj.cost = Statement.from_obj(obj.get_Cost())
return_obj.efficacy = Statement.from_obj(obj.get_Efficacy())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_coas = \
RelatedCOAs.from_obj(obj.get_Related_COAs())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def add_coa_items(corrective_action_item, cost_corrective_action_item, pkg):
coa = CourseOfAction()
if corrective_action_item:
coa.title = corrective_action_item
if cost_corrective_action_item:
cost = Statement()
cost.value = map_cost_corrective_action_item_to_high_medium_low(cost_corrective_action_item)
coa.cost = cost
pkg.coa = coa
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.negate = obj.negate
return_obj.producer = InformationSource.from_obj(obj.Producer)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.sightings = Sightings.from_obj(obj.Sightings)
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_obj(obj.Composite_Indicator_Expression)
return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.Kill_Chain_Phases)
return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.likely_impact = Statement.from_obj(obj.Likely_Impact)
return_obj.indicator_types = IndicatorTypes.from_obj(obj.Type)
return_obj.test_mechanisms = TestMechanisms.from_obj(obj.Test_Mechanisms)
return_obj.suggested_coas = SuggestedCOAs.from_obj(obj.Suggested_COAs)
return_obj.alternative_id = obj.Alternative_ID
return_obj.indicated_ttps = _IndicatedTTPs.from_obj(obj.Indicated_TTP)
return_obj.valid_time_positions = _ValidTimePositions.from_obj(obj.Valid_Time_Position)
return_obj.observable = Observable.from_obj(obj.Observable)
return_obj.related_campaigns = RelatedCampaignRefs.from_obj(obj.Related_Campaigns)
return_obj.related_packages = RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.time = Time.from_obj(obj.get_Time())
if obj.get_Victim():
return_obj.victims = [Identity.from_obj(x) for x in obj.get_Victim()]
if obj.get_Categories():
return_obj.categories = [IncidentCategory.from_obj(x) for x in obj.get_Categories().get_Category()]
if obj.get_Intended_Effect():
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()]
if obj.get_Affected_Assets():
return_obj.affected_assets = [AffectedAsset.from_obj(x) for x in obj.get_Affected_Assets().get_Affected_Asset()]
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.get_Attributed_Threat_Actors())
return_obj.related_indicators = RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.related_observables = RelatedObservable.from_obj(obj.get_Related_Observables())
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.get_Leveraged_TTPs())
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.time = Time.from_dict(dict_repr.get('time'))
return_obj.victims = [Identity.from_dict(x) for x in dict_repr.get('victims', [])]
return_obj.categories = [IncidentCategory.from_dict(x) for x in dict_repr.get('categories', [])]
return_obj.attributed_threat_actors = AttributedThreatActors.from_dict(dict_repr.get('attributed_threat_actors'))
return_obj.related_indicators = RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.related_observables = RelatedObservables.from_dict(dict_repr.get('related_observables'))
return_obj.related_incidents = RelatedIncidents.from_dict(dict_repr.get('related_incidents'))
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.leveraged_ttps = LeveragedTTPs.from_dict(dict_repr.get('leveraged_ttps'))
return_obj.affected_assets = [AffectedAsset.from_dict(x) for x in dict_repr.get('affected_assets', [])]
return_obj.discovery_methdos = [DiscoveryMethod.from_dict(x) for x in dict_repr.get('discovery_methods', [])]
return_obj.reporter = InformationSource.from_dict(dict_repr.get('reporter'))
return_obj.responders = [InformationSource.from_dict(x) for x in dict_repr.get('responders', [])]
return_obj.coordinators = [InformationSource.from_dict(x) for x in dict_repr.get('coordinators', [])]
return_obj.external_ids = [ExternalID.from_dict(x) for x in dict_repr.get('external_ids', [])]
return_obj.impact_assessment = ImpactAssessment.from_dict(dict_repr.get('impact_assessment'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.security_compromise = SecurityCompromise.from_dict(dict_repr.get('security_compromise'))
return_obj.confidence = Confidence.from_dict(dict_repr.get('confidence'))
return_obj.coa_taken = [COATaken.from_dict(x) for x in dict_repr.get('coa_taken', [])]
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # TTPType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.behavior = Behavior.from_obj(obj.Behavior)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.exploit_targets = ExploitTargets.from_obj(obj.Exploit_Targets)
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
return_obj.resources = Resource.from_obj(obj.Resources)
return_obj.victim_targeting = VictimTargeting.from_obj(obj.Victim_Targeting)
return_obj.handling = Marking.from_obj(obj.Handling)
if obj.Intended_Effect:
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect]
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.negate = get('negate')
return_obj.alternative_id = get('alternative_id')
return_obj.indicated_ttps = _IndicatedTTPs.from_dict(get('indicated_ttps'))
return_obj.test_mechanisms = TestMechanisms.from_list(get('test_mechanisms'))
return_obj.suggested_coas = SuggestedCOAs.from_dict(get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(get('composite_indicator_expression'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(get('likely_impact'))
return_obj.indicator_types = IndicatorTypes.from_list(get('indicator_types'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.valid_time_positions = _ValidTimePositions.from_dict(get('valid_time_positions'))
return_obj.observable = Observable.from_dict(get('observable'))
return_obj.producer = InformationSource.from_dict(get('producer'))
return_obj.related_campaigns = RelatedCampaignRefs.from_dict(get('related_campaigns'))
return_obj.related_packages = RelatedPackageRefs.from_dict(get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp() # not yet implemented
if isinstance(obj, cls._binding_class): # TTPType properties
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.behavior = Behavior.from_obj(obj.get_Behavior())
return_obj.related_ttps = RelatedTTPs.from_obj(obj.get_Related_TTPs())
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
return_obj.resources = Resource.from_obj(obj.get_Resources())
return_obj.victim_targeting = VictimTargeting.from_obj(obj.get_Victim_Targeting())
if obj.get_Intended_Effect():
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return return_obj
def add_sophistication(self, value):
if not value:
return
elif isinstance(value, Statement):
self.sophistications.append(value)
else:
sophistication = ThreatActorSophistication(value)
self.sophistications.append(Statement(value=sophistication))
def add_planning_and_operational_support(self, value):
if not value:
return
elif isinstance(value, Statement):
self.planning_and_operational_supports.append(value)
else:
pos = PlanningAndOperationalSupport(value)
self.planning_and_operational_supports.append(Statement(value=pos))
def add_motivation(self, value):
if not value:
return
elif isinstance(value, Statement):
self.motivations.append(value)
else:
motivation = Motivation(value)
self.motivations.append(Statement(value=motivation))
def add_intended_effect(self, value):
if not value:
return
elif isinstance(value, Statement):
self.intended_effects.append(value)
else:
intended_effect = IntendedEffect(value)
self.intended_effects.append(Statement(value=intended_effect))
def add_type(self, value):
if not value:
return
elif isinstance(value, Statement):
self.types.append(value)
else:
type_ = ThreatActorType(value)
self.types.append(Statement(value=type_))
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class): # ThreatActorType properties
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(
obj.Short_Description)
return_obj.identity = Identity.from_obj(obj.Identity)
return_obj.types = [Statement.from_obj(x) for x in obj.Type]
return_obj.motivations = [
Statement.from_obj(x) for x in obj.Motivation
]
return_obj.sophistications = [
Statement.from_obj(x) for x in obj.Sophistication
]
return_obj.intended_effects = [
Statement.from_obj(x) for x in obj.Intended_Effect
]
return_obj.planning_and_operational_supports = [
Statement.from_obj(x)
for x in obj.Planning_And_Operational_Support
]
return_obj.observed_ttps = ObservedTTPs.from_obj(obj.Observed_TTPs)
return_obj.associated_campaigns = AssociatedCampaigns.from_obj(
obj.Associated_Campaigns)
return_obj.associated_actors = AssociatedActors.from_obj(
obj.Associated_Actors)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.information_source = InformationSource.from_obj(
obj.Information_Source)
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class):
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.time = Time.from_obj(obj.Time)
if obj.Victim:
return_obj.victims = [Identity.from_obj(x) for x in obj.Victim]
if obj.Categories:
return_obj.categories = [IncidentCategory.from_obj(x) for x in obj.Categories.Category]
if obj.Intended_Effect:
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect]
if obj.Affected_Assets:
return_obj.affected_assets = [AffectedAsset.from_obj(x) for x in obj.Affected_Assets.Affected_Asset]
if obj.Discovery_Method:
return_obj.discovery_methods = [DiscoveryMethod.from_obj(x) for x in obj.Discovery_Method]
if obj.Reporter:
return_obj.reporter = InformationSource.from_obj(obj.Reporter)
if obj.Responder:
return_obj.responders = [InformationSource.from_obj(x) for x in obj.Responder]
if obj.Coordinator:
return_obj.coordinators = [InformationSource.from_obj(x) for x in obj.Coordinator]
if obj.External_ID:
return_obj.external_ids = [ExternalID.from_obj(x) for x in obj.External_ID]
if obj.Impact_Assessment:
return_obj.impact_assessment = ImpactAssessment.from_obj(obj.Impact_Assessment)
if obj.Information_Source:
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
if obj.Security_Compromise:
return_obj.security_compromise = SecurityCompromise.from_obj(obj.Security_Compromise)
return_obj.coa_taken = [COATaken.from_obj(x) for x in obj.COA_Taken]
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.Attributed_Threat_Actors)
return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.related_observables = RelatedObservables.from_obj(obj.Related_Observables)
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.Leveraged_TTPs)
return_obj.related_incidents = RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.history = History.from_obj(obj.History)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class):
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = StructuredText.from_obj(obj.Short_Description)
return_obj.time = Time.from_obj(obj.Time)
if obj.Victim:
return_obj.victims = [Identity.from_obj(x) for x in obj.Victim]
if obj.Categories:
return_obj.categories = [IncidentCategory.from_obj(x) for x in obj.Categories.Category]
if obj.Intended_Effect:
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.Intended_Effect]
if obj.Affected_Assets:
return_obj.affected_assets = [AffectedAsset.from_obj(x) for x in obj.Affected_Assets.Affected_Asset]
if obj.Discovery_Method:
return_obj.discovery_methods = [DiscoveryMethod.from_obj(x) for x in obj.Discovery_Method]
if obj.Reporter:
return_obj.reporter = InformationSource.from_obj(obj.Reporter)
if obj.Responder:
return_obj.responders = [InformationSource.from_obj(x) for x in obj.Responder]
if obj.Coordinator:
return_obj.coordinators = [InformationSource.from_obj(x) for x in obj.Coordinator]
if obj.External_ID:
return_obj.external_ids = [ExternalID.from_obj(x) for x in obj.External_ID]
if obj.Impact_Assessment:
return_obj.impact_assessment = ImpactAssessment.from_obj(obj.Impact_Assessment)
if obj.Information_Source:
return_obj.information_source = InformationSource.from_obj(obj.Information_Source)
if obj.Security_Compromise:
return_obj.security_compromise = SecurityCompromise.from_obj(obj.Security_Compromise)
return_obj.coa_taken = [COATaken.from_obj(x) for x in obj.COA_Taken]
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.Attributed_Threat_Actors)
return_obj.related_indicators = RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.related_observables = RelatedObservables.from_obj(obj.Related_Observables)
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.Leveraged_TTPs)
return_obj.related_incidents = RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.history = History.from_obj(obj.History)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.time = Time.from_obj(obj.get_Time())
if obj.get_Victim():
return_obj.victims = [Identity.from_obj(x) for x in obj.get_Victim()]
if obj.get_Categories():
return_obj.categories = [IncidentCategory.from_obj(x) for x in obj.get_Categories().get_Category()]
if obj.get_Intended_Effect():
return_obj.intended_effects = [Statement.from_obj(x) for x in obj.get_Intended_Effect()]
if obj.get_Affected_Assets():
return_obj.affected_assets = [AffectedAsset.from_obj(x) for x in obj.get_Affected_Assets().get_Affected_Asset()]
if obj.get_Discovery_Method():
return_obj.discovery_methods = [DiscoveryMethod.from_obj(x) for x in obj.get_Discovery_Method()]
if obj.get_Reporter():
return_obj.reporter = InformationSource.from_obj(obj.get_Reporter())
if obj.get_Responder():
return_obj.responders = [InformationSource.from_obj(x) for x in obj.get_Responder()]
if obj.get_Coordinator():
return_obj.coordinators = [InformationSource.from_obj(x) for x in obj.get_Coordinator()]
if obj.get_External_ID():
return_obj.external_ids = [ExternalID.from_obj(x) for x in obj.get_External_ID()]
if obj.get_Impact_Assessment():
return_obj.impact_assessment = ImpactAssessment.from_obj(obj.get_Impact_Assessment())
if obj.get_Information_Source():
return_obj.information_source = InformationSource.from_obj(obj.get_Information_Source())
if obj.get_Security_Compromise():
return_obj.security_compromise = SecurityCompromise.from_obj(obj.get_Security_Compromise())
return_obj.coa_taken = [COATaken.from_obj(x) for x in obj.get_COA_Taken()]
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.attributed_threat_actors = AttributedThreatActors.from_obj(obj.get_Attributed_Threat_Actors())
return_obj.related_indicators = RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.related_observables = RelatedObservables.from_obj(obj.get_Related_Observables())
return_obj.leveraged_ttps = LeveragedTTPs.from_obj(obj.get_Leveraged_TTPs())
return_obj.related_incidents = RelatedIncidents.from_obj(obj.get_Related_Incidents())
return_obj.status = VocabString.from_obj(obj.get_Status())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.history = History.from_obj(obj.get_History())
return return_obj
def add_internal_actor_item(internal_item, pkg):
ta = ThreatActor()
motive_item = internal_item.get('motive')
if not motive_item:
error("Required 'motive' item is missing in 'actor/internal' item")
else:
for item in motive_item:
motivation = Statement()
motivation.value = map_motive_item_to_motivation(item)
ta.add_motivation(motivation)
# job_change added in 1.3
variety_item = internal_item.get('variety')
if not variety_item:
error("Required 'variety' item is missing in 'actor/internal' item")
else:
for v in variety_item:
ta_type = Statement()
ta_type.value = ThreatActorType(ThreatActorType.TERM_INSIDER_THREAT)
ta_type.description = v
ta.add_type(ta_type)
notes_item = internal_item.get('notes')
if notes_item:
ta.description = "Notes: " + escape(notes_item)
pkg.add_threat_actor(ta)
def from_dict(cls, d, return_obj=None):
if not d:
return None
from stix.extensions.test_mechanism.snort_test_mechanism import SnortTestMechanism
if not return_obj:
klass = _BaseTestMechanism.lookup_class(d.get('xsi:type'))
return_obj = klass.from_dict(d)
else:
return_obj.id_ = d.get('id')
return_obj.idref = d.get('idref')
return_obj.efficacy = Statement.from_dict(d.get('efficacy'))
return_obj.producer = InformationSource.from_dict(d.get('producer'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
from stix.extensions.test_mechanism.snort_test_mechanism import SnortTestMechanism
if not return_obj:
klass = _BaseTestMechanism.lookup_class(obj.xml_type)
return_obj = klass.from_obj(obj)
else:
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.efficacy = Statement.from_obj(obj.get_Efficacy())
return_obj.producer = InformationSource.from_obj(obj.get_Producer())
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.title = dict_repr.get('title')
return_obj.version = dict_repr.get('version', cls._version)
observable_dict = dict_repr.get('observable')
producer_dict = dict_repr.get('producer')
description_dict = dict_repr.get('description')
indicator_type_list = dict_repr.get('indicator_types', [])
confidence_dict = dict_repr.get('confidence')
alternative_id_dict = dict_repr.get('alternative_id')
valid_time_position_dict = dict_repr.get('valid_time_positions')
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.indicated_ttps = [RelatedTTP.from_dict(x) for x in dict_repr.get('indicated_ttps', [])]
return_obj.test_mechanisms = [_BaseTestMechanism.from_dict(x) for x in dict_repr.get('test_mechanisms', [])]
return_obj.suggested_coas = SuggestedCOAs.from_dict(dict_repr.get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(dict_repr.get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(dict_repr.get('composite_indicator_expression'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(dict_repr.get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(dict_repr.get('likely_impact'))
if observable_dict:
return_obj.add_observable(Observable.from_dict(observable_dict))
if producer_dict:
return_obj.producer = InformationSource.from_dict(producer_dict)
if description_dict:
return_obj.description = StructuredText.from_dict(description_dict)
for indicator_type_dict in indicator_type_list:
return_obj.add_indicator_type(VocabString.from_dict(indicator_type_dict))
if confidence_dict:
return_obj.confidence = Confidence.from_dict(confidence_dict)
if alternative_id_dict:
return_obj.alternative_id = alternative_id_dict
if valid_time_position_dict:
for valid_time_position_type_dict in valid_time_position_dict:
return_obj.add_valid_time_position(ValidTime.from_dict(valid_time_position_type_dict))
return return_obj
def from_dict(cls, d, return_obj=None):
if not d:
return None
from stix.extensions.test_mechanism.snort_test_mechanism import SnortTestMechanism
from stix.extensions.test_mechanism.open_ioc_2010_test_mechanism import OpenIOCTestMechanism
if not return_obj:
klass = _BaseTestMechanism.lookup_class(d.get('xsi:type'))
return_obj = klass.from_dict(d)
else:
return_obj.id_ = d.get('id')
return_obj.idref = d.get('idref')
return_obj.efficacy = Statement.from_dict(d.get('efficacy'))
return_obj.producer = InformationSource.from_dict(
d.get('producer'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
from stix.extensions.test_mechanism.snort_test_mechanism import SnortTestMechanism
from stix.extensions.test_mechanism.open_ioc_2010_test_mechanism import OpenIOCTestMechanism
if not return_obj:
klass = _BaseTestMechanism.lookup_class(obj.xml_type)
return_obj = klass.from_obj(obj)
else:
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.efficacy = Statement.from_obj(obj.get_Efficacy())
return_obj.producer = InformationSource.from_obj(
obj.get_Producer())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
from stix.extensions.test_mechanism.snort_test_mechanism import SnortTestMechanism
from stix.extensions.test_mechanism.open_ioc_2010_test_mechanism import OpenIOCTestMechanism
from stix.extensions.test_mechanism.yara_test_mechanism import YaraTestMechanism
if not return_obj:
klass = _BaseTestMechanism.lookup_class(obj.xml_type)
return_obj = klass.from_obj(obj)
else:
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.producer = InformationSource.from_obj(obj.Producer)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = StructuredText.from_obj(obj.get_Short_Description())
return_obj.producer = InformationSource.from_obj(obj.get_Producer())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.sightings = Sightings.from_obj(obj.get_Sightings())
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_obj(obj.get_Composite_Indicator_Expression())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(obj.get_Kill_Chain_Phases())
return_obj.related_indicators = RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.likely_impact = Statement.from_obj(obj.get_Likely_Impact())
if obj.get_version():
return_obj.version = obj.get_version()
if obj.get_Type():
for indicator_type in obj.get_Type():
return_obj.add_indicator_type(VocabString.from_obj(indicator_type))
if obj.get_Observable():
observable_obj = obj.get_Observable()
observable = Observable.from_obj(observable_obj)
return_obj.observables.append(observable)
if obj.get_Indicated_TTP():
return_obj.indicated_ttps = [RelatedTTP.from_obj(x) for x in obj.get_Indicated_TTP()]
if obj.get_Test_Mechanisms():
return_obj.test_mechanisms = [_BaseTestMechanism.from_obj(x) for x in obj.get_Test_Mechanisms().get_Test_Mechanism()]
if obj.get_Suggested_COAs():
return_obj.suggested_coas = SuggestedCOAs.from_obj(obj.get_Suggested_COAs())
if obj.get_Alternative_ID():
return_obj.alternative_id = obj.get_Alternative_ID()
if obj.get_Valid_Time_Position():
return_obj.valid_time_positions = [ValidTime.from_obj(x) for x in obj.get_Valid_Time_Position()]
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
import stix.extensions.test_mechanism.snort_test_mechanism # noqa
import stix.extensions.test_mechanism.open_ioc_2010_test_mechanism # noqa
import stix.extensions.test_mechanism.yara_test_mechanism # noqa
import stix.extensions.test_mechanism.generic_test_mechanism # noqa
if not return_obj:
klass = stix.lookup_extension(obj)
return_obj = klass.from_obj(obj)
else:
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.producer = InformationSource.from_obj(obj.Producer)
return return_obj
def from_dict(cls, d, return_obj=None):
if not d:
return None
import stix.extensions.test_mechanism.snort_test_mechanism # noqa
import stix.extensions.test_mechanism.open_ioc_2010_test_mechanism # noqa
import stix.extensions.test_mechanism.yara_test_mechanism # noqa
import stix.extensions.test_mechanism.generic_test_mechanism # noqa
if not return_obj:
klass = stix.lookup_extension(d.get('xsi:type'))
return_obj = klass.from_dict(d)
else:
return_obj.id_ = d.get('id')
return_obj.idref = d.get('idref')
return_obj.efficacy = Statement.from_dict(d.get('efficacy'))
return_obj.producer = InformationSource.from_dict(d.get('producer'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
import stix.extensions.test_mechanism.snort_test_mechanism # noqa
import stix.extensions.test_mechanism.open_ioc_2010_test_mechanism # noqa
import stix.extensions.test_mechanism.yara_test_mechanism # noqa
import stix.extensions.test_mechanism.generic_test_mechanism # noqa
if not return_obj:
klass = stix.lookup_extension(obj)
return_obj = klass.from_obj(obj)
else:
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.efficacy = Statement.from_obj(obj.Efficacy)
return_obj.producer = InformationSource.from_obj(obj.Producer)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = \
StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = \
StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.names = Names.from_dict(dict_repr.get('names'))
return_obj.intended_effects = \
[Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.status = VocabString.from_dict(dict_repr.get('status'))
return_obj.related_ttps = \
RelatedTTPs.from_dict(dict_repr.get('related_ttps'))
return_obj.related_incidents = \
RelatedIncidents.from_dict(dict_repr.get('related_incidents'))
return_obj.related_indicators = \
RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.attribution = \
[Attribution.from_dict(x) for x in
dict_repr.get('attribution', [])]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns'))
return_obj.confidence = \
Confidence.from_dict(dict_repr.get('confidence'))
return_obj.activity = \
[Activity.from_dict(x) for x in dict_repr.get('activity', [])]
return_obj.information_source = \
InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = \
StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = \
StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.names = Names.from_dict(dict_repr.get('names'))
return_obj.intended_effect = \
[Statement.from_dict(x) for x in dict_repr.get('intended_effect', [])]
return_obj.status = VocabString.from_dict(dict_repr.get('status'))
return_obj.related_ttps = \
RelatedTTPs.from_dict(dict_repr.get('related_ttps'))
return_obj.related_incidents = \
RelatedIncidents.from_dict(dict_repr.get('related_incidents'))
return_obj.related_indicators = \
RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.attribution = \
[Attribution.from_dict(x) for x in
dict_repr.get('attribution', [])]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_dict(dict_repr.get('associated_campaigns'))
return_obj.confidence = \
Confidence.from_dict(dict_repr.get('confidence'))
return_obj.activity = \
[Activity.from_dict(x) for x in dict_repr.get('activity', [])]
return_obj.information_source = \
InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return_obj.related_packages = \
RelatedPackageRefs.from_dict(dict_repr.get('related_packages'))
return return_obj
def from_dict(cls, d, return_obj=None):
if not d:
return None
import stix.extensions.test_mechanism.snort_test_mechanism # noqa
import stix.extensions.test_mechanism.open_ioc_2010_test_mechanism # noqa
import stix.extensions.test_mechanism.yara_test_mechanism # noqa
import stix.extensions.test_mechanism.generic_test_mechanism # noqa
if not return_obj:
klass = stix.lookup_extension(d.get('xsi:type'))
return_obj = klass.from_dict(d)
else:
return_obj.id_ = d.get('id')
return_obj.idref = d.get('idref')
return_obj.efficacy = Statement.from_dict(d.get('efficacy'))
return_obj.producer = InformationSource.from_dict(
d.get('producer'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(
obj.get_Description())
return_obj.short_description = \
StructuredText.from_obj(obj.get_Short_Description())
return_obj.names = Names.from_obj(obj.get_Names())
return_obj.intended_effects = \
[Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return_obj.status = VocabString.from_obj(obj.get_Status())
return_obj.related_ttps = RelatedTTPs.from_obj(
obj.get_Related_TTPs())
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.get_Related_Incidents())
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.attribution = \
[Attribution.from_obj(x) for x in obj.get_Attribution()]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.activity = \
[Activity.from_obj(x) for x in obj.get_Activity()]
return_obj.information_source = \
InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.behavior = Behavior.from_dict(dict_repr.get('behavior'))
return_obj.related_ttps = RelatedTTPs.from_dict(dict_repr.get('related_ttps'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.resources = Resource.from_dict(dict_repr.get('resources'))
return_obj.victim_targeting = VictimTargeting.from_dict(dict_repr.get('victim_targeting'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_dict(dict_repr, return_obj=return_obj)
get = dict_repr.get
return_obj.negate = get('negate')
return_obj.alternative_id = get('alternative_id')
return_obj.indicated_ttps = _IndicatedTTPs.from_dict(
get('indicated_ttps'))
return_obj.test_mechanisms = TestMechanisms.from_list(
get('test_mechanisms'))
return_obj.suggested_coas = SuggestedCOAs.from_dict(
get('suggested_coas'))
return_obj.sightings = Sightings.from_dict(get('sightings'))
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_dict(
get('composite_indicator_expression'))
return_obj.handling = Marking.from_dict(get('handling'))
return_obj.kill_chain_phases = KillChainPhasesReference.from_dict(
get('kill_chain_phases'))
return_obj.related_indicators = RelatedIndicators.from_dict(
get('related_indicators'))
return_obj.likely_impact = Statement.from_dict(get('likely_impact'))
return_obj.indicator_types = IndicatorTypes.from_list(
get('indicator_types'))
return_obj.confidence = Confidence.from_dict(get('confidence'))
return_obj.valid_time_positions = _ValidTimePositions.from_dict(
get('valid_time_positions'))
return_obj.observable = Observable.from_dict(get('observable'))
return_obj.producer = InformationSource.from_dict(get('producer'))
return_obj.related_campaigns = RelatedCampaignRefs.from_dict(
get('related_campaigns'))
return_obj.related_packages = RelatedPackageRefs.from_dict(
get('related_packages'))
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class):
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = \
StructuredText.from_obj(obj.Short_Description)
return_obj.names = Names.from_obj(obj.Names)
return_obj.intended_effects = \
[Statement.from_obj(x) for x in obj.Intended_Effect]
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.attribution = \
[Attribution.from_obj(x) for x in obj.Attribution]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.activity = \
[Activity.from_obj(x) for x in obj.Activity]
return_obj.information_source = \
InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.id
return_obj.idref = obj.idref
return_obj.timestamp = obj.timestamp
if isinstance(obj, cls._binding_class):
return_obj.version = obj.version
return_obj.title = obj.Title
return_obj.description = StructuredText.from_obj(obj.Description)
return_obj.short_description = \
StructuredText.from_obj(obj.Short_Description)
return_obj.names = Names.from_obj(obj.Names)
return_obj.intended_effects = \
[Statement.from_obj(x) for x in obj.Intended_Effect]
return_obj.status = VocabString.from_obj(obj.Status)
return_obj.related_ttps = RelatedTTPs.from_obj(obj.Related_TTPs)
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.Related_Incidents)
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.Related_Indicators)
return_obj.attribution = \
[Attribution.from_obj(x) for x in obj.Attribution]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.Associated_Campaigns)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.activity = \
[Activity.from_obj(x) for x in obj.Activity]
return_obj.information_source = \
InformationSource.from_obj(obj.Information_Source)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.Related_Packages)
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = obj.get_id()
return_obj.idref = obj.get_idref()
return_obj.timestamp = obj.get_timestamp()
if isinstance(obj, cls._binding_class):
return_obj.version = obj.get_version() or cls._version
return_obj.title = obj.get_Title()
return_obj.description = StructuredText.from_obj(obj.get_Description())
return_obj.short_description = \
StructuredText.from_obj(obj.get_Short_Description())
return_obj.names = Names.from_obj(obj.get_Names())
return_obj.intended_effect = \
[Statement.from_obj(x) for x in obj.get_Intended_Effect()]
return_obj.status = VocabString.from_obj(obj.get_Status())
return_obj.related_ttps = RelatedTTPs.from_obj(obj.get_Related_TTPs())
return_obj.related_incidents = \
RelatedIncidents.from_obj(obj.get_Related_Incidents())
return_obj.related_indicators = \
RelatedIndicators.from_obj(obj.get_Related_Indicators())
return_obj.attribution = \
[Attribution.from_obj(x) for x in obj.get_Attribution()]
return_obj.associated_campaigns = \
AssociatedCampaigns.from_obj(obj.get_Associated_Campaigns())
return_obj.confidence = Confidence.from_obj(obj.get_Confidence())
return_obj.activity = \
[Activity.from_obj(x) for x in obj.get_Activity()]
return_obj.information_source = \
InformationSource.from_obj(obj.get_Information_Source())
return_obj.handling = Marking.from_obj(obj.get_Handling())
return_obj.related_packages = \
RelatedPackageRefs.from_obj(obj.get_Related_Packages())
return return_obj
def from_obj(cls, obj, return_obj=None):
if not obj:
return None
if not return_obj:
return_obj = cls()
super(Indicator, cls).from_obj(obj, return_obj=return_obj)
if isinstance(obj, cls._binding_class):
return_obj.negate = obj.negate
return_obj.producer = InformationSource.from_obj(obj.Producer)
return_obj.confidence = Confidence.from_obj(obj.Confidence)
return_obj.sightings = Sightings.from_obj(obj.Sightings)
return_obj.composite_indicator_expression = CompositeIndicatorExpression.from_obj(
obj.Composite_Indicator_Expression)
return_obj.handling = Marking.from_obj(obj.Handling)
return_obj.kill_chain_phases = KillChainPhasesReference.from_obj(
obj.Kill_Chain_Phases)
return_obj.related_indicators = RelatedIndicators.from_obj(
obj.Related_Indicators)
return_obj.likely_impact = Statement.from_obj(obj.Likely_Impact)
return_obj.indicator_types = IndicatorTypes.from_obj(obj.Type)
return_obj.test_mechanisms = TestMechanisms.from_obj(
obj.Test_Mechanisms)
return_obj.suggested_coas = SuggestedCOAs.from_obj(
obj.Suggested_COAs)
return_obj.alternative_id = obj.Alternative_ID
return_obj.indicated_ttps = _IndicatedTTPs.from_obj(
obj.Indicated_TTP)
return_obj.valid_time_positions = _ValidTimePositions.from_obj(
obj.Valid_Time_Position)
return_obj.observable = Observable.from_obj(obj.Observable)
return_obj.related_campaigns = RelatedCampaignRefs.from_obj(
obj.Related_Campaigns)
return_obj.related_packages = RelatedPackageRefs.from_obj(
obj.Related_Packages)
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.time = Time.from_dict(dict_repr.get('time'))
return_obj.victims = [Identity.from_dict(x) for x in dict_repr.get('victims', [])]
return_obj.categories = [IncidentCategory.from_dict(x) for x in dict_repr.get('categories', [])]
return_obj.attributed_threat_actors = AttributedThreatActors.from_dict(dict_repr.get('attributed_threat_actors'))
return_obj.related_indicators = RelatedIndicators.from_dict(dict_repr.get('related_indicators'))
return_obj.related_observables = RelatedObservables.from_dict(dict_repr.get('related_observables'))
return_obj.related_incidents = RelatedIncidents.from_dict(dict_repr.get('related_incidents'))
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.leveraged_ttps = LeveragedTTPs.from_dict(dict_repr.get('leveraged_ttps'))
return_obj.affected_assets = [AffectedAsset.from_dict(x) for x in dict_repr.get('affected_assets', [])]
return_obj.discovery_methdos = [DiscoveryMethod.from_dict(x) for x in dict_repr.get('discovery_methods', [])]
return_obj.reporter = InformationSource.from_dict(dict_repr.get('reporter'))
return_obj.responders = [InformationSource.from_dict(x) for x in dict_repr.get('responders', [])]
return_obj.coordinators = [InformationSource.from_dict(x) for x in dict_repr.get('coordinators', [])]
return_obj.external_ids = [ExternalID.from_dict(x) for x in dict_repr.get('external_ids', [])]
return_obj.impact_assessment = ImpactAssessment.from_dict(dict_repr.get('impact_assessment'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.security_compromise = SecurityCompromise.from_dict(dict_repr.get('security_compromise'))
return_obj.confidence = Confidence.from_dict(dict_repr.get('confidence'))
return_obj.coa_taken = [COATaken.from_dict(x) for x in dict_repr.get('coa_taken', [])]
return_obj.status = VocabString.from_dict(dict_repr.get('status'))
return_obj.handling = Marking.from_obj(dict_repr.get('handling'))
return_obj.history = History.from_dict(dict_repr.get('history'))
return return_obj
def from_dict(cls, dict_repr, return_obj=None):
if not dict_repr:
return None
if not return_obj:
return_obj = cls()
return_obj.id_ = dict_repr.get('id')
return_obj.idref = dict_repr.get('idref')
return_obj.timestamp = dict_repr.get('timestamp')
return_obj.version = dict_repr.get('version', cls._version)
return_obj.title = dict_repr.get('title')
return_obj.description = StructuredText.from_dict(dict_repr.get('description'))
return_obj.short_description = StructuredText.from_dict(dict_repr.get('short_description'))
return_obj.behavior = Behavior.from_dict(dict_repr.get('behavior'))
return_obj.related_ttps = RelatedTTPs.from_dict(dict_repr.get('related_ttps'))
return_obj.exploit_targets = ExploitTargets.from_dict(dict_repr.get('exploit_targets'))
return_obj.information_source = InformationSource.from_dict(dict_repr.get('information_source'))
return_obj.intended_effects = [Statement.from_dict(x) for x in dict_repr.get('intended_effects', [])]
return_obj.resources = Resource.from_dict(dict_repr.get('resources'))
return_obj.victim_targeting = VictimTargeting.from_dict(dict_repr.get('victim_targeting'))
return_obj.handling = Marking.from_dict(dict_repr.get('handling'))
return return_obj
def _fix_value(self, value):
sophistication = vocabs.ThreatActorSophistication(value)
return Statement(value=sophistication)
def _fix_value(self, value):
motivation = vocabs.Motivation(value)
return Statement(value=motivation)
def _fix_value(self, value):
pos = vocabs.PlanningAndOperationalSupport(value)
return Statement(value=pos)
def _fix_value(self, value):
type_ = vocabs.ThreatActorType(value)
return Statement(value=type_)
def _fix_value(self, value):
intended_effect = vocabs.IntendedEffect(value)
return Statement(value=intended_effect)
def _fix_value(self, value):
return Statement(value=vocabs.IntendedEffect(value))