def __init__(
self,
actor: Actor,
author: Identity,
source_name: str,
object_marking_refs: List[MarkingDefinition],
confidence_level: int,
) -> None:
"""Initialize actor bundle builder."""
self.actor = actor
self.author = author
self.source_name = source_name
self.object_marking_refs = object_marking_refs
self.confidence_level = confidence_level
first_seen = self.actor.first_activity_date
if first_seen is None:
first_seen = datetime_utc_epoch_start()
last_seen = self.actor.last_activity_date
if last_seen is None:
last_seen = datetime_utc_now()
if first_seen > last_seen:
logger.warning(
"First seen is greater than last seen for actor: %s",
self.actor.name)
first_seen, last_seen = last_seen, first_seen
self.first_seen = first_seen
self.last_seen = last_seen
def __init__(
self,
actor: Actor,
author: Identity,
source_name: str,
object_markings: List[MarkingDefinition],
confidence_level: int,
) -> None:
"""Initialize actor bundle builder."""
self.actor = actor
self.author = author
self.source_name = source_name
self.object_markings = object_markings
self.confidence_level = confidence_level
first_seen = self.actor.first_activity_date
if first_seen is None:
first_seen = datetime_utc_epoch_start()
last_seen = self.actor.last_activity_date
if last_seen is None:
last_seen = datetime_utc_now()
first_seen, last_seen = normalize_start_time_and_stop_time(
first_seen, last_seen
)
self.first_seen = first_seen
self.last_seen = last_seen
def __init__(
self,
report: Report,
author: Identity,
source_name: str,
object_marking_refs: List[MarkingDefinition],
report_status: int,
report_type: str,
confidence_level: int,
guessed_malwares: Mapping[str, str],
report_file: Optional[Mapping[str, str]] = None,
) -> None:
"""Initialize report bundle builder."""
self.report = report
self.author = author
self.source_name = source_name
self.object_marking_refs = object_marking_refs
self.confidence_level = confidence_level
self.report_status = report_status
self.report_type = report_type
self.report_file = report_file
self.guessed_malwares = guessed_malwares
# Use report dates for first seen and last seen.
first_seen = self.report.created_date
if first_seen is None:
first_seen = datetime_utc_epoch_start()
last_seen = self.report.last_modified_date
if last_seen is None:
last_seen = datetime_utc_now()
if first_seen > last_seen:
logger.warning(
"First seen is greater than last seen for report: %s", self.report.name
)
first_seen, last_seen = last_seen, first_seen
self.first_seen = first_seen
self.last_seen = last_seen
def __init__(
self,
report: Report,
author: Identity,
source_name: str,
object_markings: List[MarkingDefinition],
report_status: int,
report_type: str,
confidence_level: int,
guessed_malwares: Mapping[str, str],
report_file: Optional[Mapping[str, str]] = None,
) -> None:
"""Initialize report bundle builder."""
self.report = report
self.author = author
self.source_name = source_name
self.object_markings = object_markings
self.confidence_level = confidence_level
self.report_status = report_status
self.report_type = report_type
self.report_file = report_file
self.guessed_malwares = guessed_malwares
# Use report dates for start time and stop time.
start_time = self.report.created_date
if start_time is None:
start_time = datetime_utc_epoch_start()
stop_time = self.report.last_modified_date
if stop_time is None:
stop_time = datetime_utc_now()
start_time, stop_time = normalize_start_time_and_stop_time(
start_time, stop_time
)
self.start_time = start_time
self.stop_time = stop_time