def convert_threat_actor(ta20):
ta1x = ThreatActor(id_=convert_id20(ta20["id"]),
timestamp=text_type(ta20["modified"]))
ta1x.title = ta20["name"]
types = convert_open_vocabs_to_controlled_vocabs(ta20["labels"],
THREAT_ACTOR_LABEL_MAP)
for t in types:
ta1x.add_type(t)
if "description" in ta20:
ta1x.add_description(ta20["description"])
if "aliases" in ta20:
add_missing_list_property_to_description(ta1x, "aliases",
ta20["aliases"])
if "roles" in ta20:
add_missing_list_property_to_description(ta1x, "roles", ta20["roles"])
if "goals" in ta20:
for g in ta20["goals"]:
ta1x.add_intended_effect(g)
if "sophistication" in ta20:
sophistications = convert_open_vocabs_to_controlled_vocabs(
[ta20["sophistication"]], THREAT_ACTOR_SOPHISTICATION_MAP)
for s in sophistications:
ta1x.add_sophistication(s)
if "resource_level" in ta20:
add_missing_list_property_to_description(ta1x, "resource_level",
ta20["resource_level"])
all_motivations = []
if "primary_motivation" in ta20:
all_motivations = [ta20["primary_motivation"]]
if "secondary_motivation" in ta20:
all_motivations.extend(ta20["secondary_motivation"])
if "personal_motivation" in ta20:
all_motivations.extend(ta20["personal_motivation"])
motivations = convert_open_vocabs_to_controlled_vocabs(
all_motivations, ATTACK_MOTIVATION_MAP)
for m in motivations:
ta1x.add_motivation(m)
if "object_marking_refs" in ta20:
for m_id in ta20["object_marking_refs"]:
ms = create_marking_specification(m_id)
if ms:
CONTAINER.add_marking(ta1x, ms, descendants=True)
if "granular_markings" in ta20:
error(
"Granular Markings present in '%s' are not supported by stix2slider",
604, ta20["id"])
record_id_object_mapping(ta20["id"], ta1x)
return ta1x
def to_stix_actor(obj):
"""
Create a STIX Actor.
"""
ta = ThreatActor()
ta.title = obj.name
ta.description = obj.description
for tt in obj.threat_types:
ta.add_type(tt)
for m in obj.motivations:
ta.add_motivation(m)
for ie in obj.intended_effects:
ta.add_intended_effect(ie)
for s in obj.sophistications:
ta.add_sophistication(s)
#for i in self.identifiers:
return (ta, obj.releasability)
def to_stix_actor(obj):
"""
Create a STIX Actor.
"""
ta = ThreatActor()
ta.title = obj.name
ta.description = obj.description
for tt in obj.threat_types:
ta.add_type(tt)
for m in obj.motivations:
ta.add_motivation(m)
for ie in obj.intended_effects:
ta.add_intended_effect(ie)
for s in obj.sophistications:
ta.add_sophistication(s)
#for i in self.identifiers:
return (ta, obj.releasability)
def to_stix_actor(self):
"""
Create a STIX Actor.
"""
from stix.threat_actor import ThreatActor
ta = ThreatActor()
ta.title = self.name
ta.description = self.description
for tt in self.threat_types:
ta.add_type(tt)
for m in self.motivations:
ta.add_motivation(m)
for ie in self.intended_effects:
ta.add_intended_effect(ie)
for s in self.sophistications:
ta.add_sophistication(s)
#for i in self.identifiers:
return (ta, self.releasability)
def to_stix_actor(self):
"""
Create a STIX Actor.
"""
from stix.threat_actor import ThreatActor
ta = ThreatActor()
ta.title = self.name
ta.description = self.description
for tt in self.threat_types:
ta.add_type(tt)
for m in self.motivations:
ta.add_motivation(m)
for ie in self.intended_effects:
ta.add_intended_effect(ie)
for s in self.sophistications:
ta.add_sophistication(s)
#for i in self.identifiers:
return (ta, self.releasability)
def buildThreatActor(input_dict):
threatActor = ThreatActor()
threatActor.title = input_dict["title"]
threatActor.description = input_dict["description"]
if input_dict["identity"]:
threatActor.identity = Identity(input_dict["identity"])
if input_dict["type"]:
threatActor.add_type(input_dict["type"])
if input_dict["motivation"]:
threatActor.add_motivation(input_dict["motivation"])
if input_dict["sophistication"]:
threatActor.add_sophistication(input_dict["sophistication"])
if input_dict["intendedEffect"]:
threatActor.add_intended_effect(input_dict["intendedEffect"])
if input_dict["support"]:
threatActor.add_planning_and_operational_support(input_dict["support"])
if input_dict["confidence"]:
threatActor.confidence = Confidence(input_dict["confidence"])
if input_dict["informationSource"]:
threatActor.information_source = InformationSource(input_dict["informationSource"])
return threatActor