def setDates(incident, date, published): timestamp=getDateFromTimestamp(published) incident.timestamp=timestamp incident_time = Time() incident_time.incident_discovery = convertToStixDate(date) incident_time.incident_reported = timestamp incident.time = incident_time
def setDates(incident, date, published): timestamp = getDateFromTimestamp(published) incident.timestamp = timestamp incident_time = Time() incident_time.incident_discovery = convertToStixDate(date) incident_time.incident_reported = timestamp incident.time = incident_time
from stix.coa import CourseOfAction fake = Faker() # Basics incident = Incident(title='We got hacked') incident.description = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit.' # Dates/Times t1 = '2018-08-23T14:00:05.470947+00:00' t2 = '2018-08-22T14:00:05.470947+00:00' t3 = '2018-08-24T14:00:05.470947+00:00' t = Time() t.incident_opened = t1 t.incident_discovery = t1 t.incident_reported = t1 t.first_malicious_action = t2 t.initial_compromise = t2 t.first_data_exfiltration = t2 t.containment_achieved = t3 t.restoration_achieved = t3 t.incident_closed = t3 incident.time = t # Additional Attributes incident.add_category('Unauthorized Access') incident.add_intended_effect('Destruction') incident.confidence = 'High' incident.add_discovery_method('NIDS') # People