2017-11-02 12:21:24 +01:00
|
|
|
"""STIX 2.1 Domain Objects"""
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-09-01 22:37:49 +02:00
|
|
|
from collections import OrderedDict
|
2018-07-25 18:43:57 +02:00
|
|
|
from math import fabs
|
2018-07-10 21:22:21 +02:00
|
|
|
import itertools
|
2017-08-11 21:12:45 +02:00
|
|
|
|
2017-11-02 12:21:24 +01:00
|
|
|
from ..base import _STIXBase
|
2018-07-10 21:22:21 +02:00
|
|
|
from ..core import STIXDomainObject
|
2018-07-11 14:11:47 +02:00
|
|
|
from ..custom import _custom_object_builder
|
2018-07-13 17:10:05 +02:00
|
|
|
from ..properties import (
|
|
|
|
|
BooleanProperty, DictionaryProperty, EmbeddedObjectProperty, EnumProperty,
|
|
|
|
|
FloatProperty, IDProperty, IntegerProperty, ListProperty,
|
|
|
|
|
ObservableProperty, PatternProperty, ReferenceProperty, StringProperty,
|
|
|
|
|
TimestampProperty, TypeProperty,
|
|
|
|
|
)
|
2018-07-10 21:22:21 +02:00
|
|
|
from ..utils import NOW
|
2018-06-26 18:23:53 +02:00
|
|
|
from .common import ExternalReference, GranularMarking, KillChainPhase
|
2017-10-03 21:01:55 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class AttackPattern(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-22 16:06:35 +01:00
|
|
|
|
|
|
|
|
_type = 'attack-pattern'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
|
|
|
|
('kill_chain_phases', ListProperty(KillChainPhase)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-22 16:06:35 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Campaign(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'campaign'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
|
|
|
|
('aliases', ListProperty(StringProperty)),
|
|
|
|
|
('first_seen', TimestampProperty()),
|
|
|
|
|
('last_seen', TimestampProperty()),
|
|
|
|
|
('objective', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class CourseOfAction(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'course-of-action'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Identity(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'identity'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
|
|
|
|
('identity_class', StringProperty(required=True)),
|
|
|
|
|
('sectors', ListProperty(StringProperty)),
|
|
|
|
|
('contact_information', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Indicator(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-10 22:35:02 +01:00
|
|
|
|
|
|
|
|
_type = 'indicator'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty()),
|
2018-07-12 20:31:14 +02:00
|
|
|
('indicator_types', ListProperty(StringProperty, required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('description', StringProperty()),
|
2017-08-22 00:40:07 +02:00
|
|
|
('pattern', PatternProperty(required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('valid_from', TimestampProperty(default=lambda: NOW)),
|
|
|
|
|
('valid_until', TimestampProperty()),
|
|
|
|
|
('kill_chain_phases', ListProperty(KillChainPhase)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-10 22:35:02 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class IntrusionSet(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-22 16:06:35 +01:00
|
|
|
|
|
|
|
|
_type = 'intrusion-set'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
|
|
|
|
('aliases', ListProperty(StringProperty)),
|
|
|
|
|
('first_seen', TimestampProperty()),
|
2018-02-23 14:24:26 +01:00
|
|
|
('last_seen', TimestampProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('goals', ListProperty(StringProperty)),
|
|
|
|
|
('resource_level', StringProperty()),
|
|
|
|
|
('primary_motivation', StringProperty()),
|
|
|
|
|
('secondary_motivations', ListProperty(StringProperty)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
|
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-10-06 21:09:14 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Location(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
|
|
|
|
_type = 'location'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-10-06 21:09:14 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-14 02:09:07 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('description', StringProperty()),
|
|
|
|
|
('latitude', FloatProperty()),
|
|
|
|
|
('longitude', FloatProperty()),
|
|
|
|
|
('precision', FloatProperty()),
|
|
|
|
|
('region', StringProperty()),
|
|
|
|
|
('country', StringProperty()),
|
|
|
|
|
('administrative_area', StringProperty()),
|
|
|
|
|
('city', StringProperty()),
|
|
|
|
|
('street_address', StringProperty()),
|
|
|
|
|
('postal_code', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
|
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-22 16:06:35 +01:00
|
|
|
|
2018-07-25 18:43:57 +02:00
|
|
|
def _check_object_constraints(self):
|
|
|
|
|
super(Location, self)._check_object_constraints()
|
|
|
|
|
if self.get('precision'):
|
|
|
|
|
self._check_properties_dependency(['longitude', 'latitude'], ['precision'])
|
|
|
|
|
if self.precision < 0.0:
|
|
|
|
|
msg = ("{0.id} 'precision' must be a positive value. Received "
|
|
|
|
|
"{0.precision}")
|
|
|
|
|
raise ValueError(msg.format(self))
|
|
|
|
|
|
|
|
|
|
self._check_properties_dependency(['latitude'], ['longitude'])
|
|
|
|
|
|
|
|
|
|
if self.get('latitude') is not None and fabs(self.latitude) > 90.0:
|
|
|
|
|
msg = ("{0.id} 'latitude' must be between -90 and 90. Received "
|
|
|
|
|
"{0.latitude}")
|
|
|
|
|
raise ValueError(msg.format(self))
|
|
|
|
|
|
|
|
|
|
if self.get('longitude') is not None and fabs(self.longitude) > 180.0:
|
|
|
|
|
msg = ("{0.id} 'longitude' must be between -180 and 180. Received "
|
|
|
|
|
"{0.longitude}")
|
|
|
|
|
raise ValueError(msg.format(self))
|
|
|
|
|
|
2017-02-22 16:06:35 +01:00
|
|
|
|
2018-06-09 03:44:20 +02:00
|
|
|
class AnalysisType(_STIXBase):
|
|
|
|
|
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2018-06-09 03:44:20 +02:00
|
|
|
('start_time', TimestampProperty()),
|
|
|
|
|
('end_time', TimestampProperty()),
|
2018-07-10 21:22:21 +02:00
|
|
|
('analysis_tools', ObservableProperty(spec_version='2.1')),
|
|
|
|
|
('analysis_environment', DictionaryProperty(spec_version='2.1')),
|
2018-07-13 17:10:05 +02:00
|
|
|
('results', DictionaryProperty(spec_version='2.1', required=True)),
|
2018-06-09 03:44:20 +02:00
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class AVResultsType(_STIXBase):
|
|
|
|
|
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2018-06-09 03:44:20 +02:00
|
|
|
('product', StringProperty()),
|
|
|
|
|
('engine_version', StringProperty()),
|
|
|
|
|
('definition_version', StringProperty()),
|
|
|
|
|
('submitted', TimestampProperty()),
|
|
|
|
|
('scanned', TimestampProperty()),
|
|
|
|
|
('result', StringProperty()),
|
2018-07-13 17:10:05 +02:00
|
|
|
('details', StringProperty()),
|
2018-06-09 03:44:20 +02:00
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Malware(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-10 22:35:02 +01:00
|
|
|
|
|
|
|
|
_type = 'malware'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-09 03:44:20 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
2018-07-12 20:31:14 +02:00
|
|
|
('is_family', BooleanProperty(required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('name', StringProperty(required=True)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('malware_types', ListProperty(StringProperty, required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('description', StringProperty()),
|
|
|
|
|
('kill_chain_phases', ListProperty(KillChainPhase)),
|
2018-06-09 03:44:20 +02:00
|
|
|
('first_seen', TimestampProperty()),
|
|
|
|
|
('last_seen', TimestampProperty()),
|
|
|
|
|
('os_execution_envs', ListProperty(StringProperty)),
|
|
|
|
|
('architecture_execution_envs', ListProperty(StringProperty)),
|
|
|
|
|
('implementation_languages', ListProperty(StringProperty)),
|
2018-07-10 21:22:21 +02:00
|
|
|
('samples', ObservableProperty(spec_version='2.1')),
|
2018-06-09 03:44:20 +02:00
|
|
|
('static_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
|
|
|
|
|
('dynamic_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
|
|
|
|
|
('av_results', ListProperty(EmbeddedObjectProperty(AVResultsType))),
|
2018-07-12 20:31:14 +02:00
|
|
|
('capabilities', ListProperty(StringProperty)),
|
|
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
|
|
|
|
('labels', ListProperty(StringProperty)),
|
|
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
|
|
|
|
('external_references', ListProperty(ExternalReference)),
|
|
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2018-07-13 17:10:05 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
2017-10-06 21:09:14 +02:00
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Note(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
|
|
|
|
_type = 'note'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-10-06 21:09:14 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-09 03:44:20 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('summary', StringProperty()),
|
|
|
|
|
('description', StringProperty(required=True)),
|
|
|
|
|
('authors', ListProperty(StringProperty)),
|
|
|
|
|
('object_refs', ListProperty(ReferenceProperty, required=True)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
|
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-02-22 16:06:35 +01:00
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class ObservedData(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'observed-data'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('first_observed', TimestampProperty(required=True)),
|
|
|
|
|
('last_observed', TimestampProperty(required=True)),
|
|
|
|
|
('number_observed', IntegerProperty(required=True)),
|
2018-07-10 21:22:21 +02:00
|
|
|
('objects', ObservableProperty(spec_version='2.1', required=True)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
|
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-10-06 21:09:14 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
|
|
|
|
|
2018-06-11 20:37:45 +02:00
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
|
self.__allow_custom = kwargs.get('allow_custom', False)
|
|
|
|
|
self._properties['objects'].allow_custom = kwargs.get('allow_custom', False)
|
|
|
|
|
|
|
|
|
|
super(ObservedData, self).__init__(*args, **kwargs)
|
|
|
|
|
|
2017-10-06 21:09:14 +02:00
|
|
|
|
|
|
|
|
class Opinion(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
|
|
|
|
_type = 'opinion'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-10-06 21:09:14 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-14 02:09:07 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-10-06 21:09:14 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
2017-10-23 14:04:18 +02:00
|
|
|
('description', StringProperty()),
|
2017-10-06 21:09:14 +02:00
|
|
|
('authors', ListProperty(StringProperty)),
|
|
|
|
|
('object_refs', ListProperty(ReferenceProperty, required=True)),
|
2018-07-13 17:10:05 +02:00
|
|
|
(
|
|
|
|
|
'opinion', EnumProperty(
|
|
|
|
|
allowed=[
|
|
|
|
|
'strongly-disagree',
|
|
|
|
|
'disagree',
|
|
|
|
|
'neutral',
|
|
|
|
|
'agree',
|
|
|
|
|
'strongly-agree',
|
|
|
|
|
], required=True,
|
|
|
|
|
),
|
|
|
|
|
),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
|
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Report(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'report'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('report_types', ListProperty(StringProperty, required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('description', StringProperty()),
|
2017-10-06 16:29:30 +02:00
|
|
|
('published', TimestampProperty(required=True)),
|
|
|
|
|
('object_refs', ListProperty(ReferenceProperty, required=True)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class ThreatActor(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'threat-actor'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('threat_actor_types', ListProperty(StringProperty, required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('description', StringProperty()),
|
|
|
|
|
('aliases', ListProperty(StringProperty)),
|
|
|
|
|
('roles', ListProperty(StringProperty)),
|
|
|
|
|
('goals', ListProperty(StringProperty)),
|
|
|
|
|
('sophistication', StringProperty()),
|
|
|
|
|
('resource_level', StringProperty()),
|
|
|
|
|
('primary_motivation', StringProperty()),
|
|
|
|
|
('secondary_motivations', ListProperty(StringProperty)),
|
|
|
|
|
('personal_motivations', ListProperty(StringProperty)),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Tool(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-22 16:06:35 +01:00
|
|
|
|
|
|
|
|
_type = 'tool'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('tool_types', ListProperty(StringProperty, required=True)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('description', StringProperty()),
|
|
|
|
|
('kill_chain_phases', ListProperty(KillChainPhase)),
|
|
|
|
|
('tool_version', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2018-07-12 20:31:14 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
2017-02-22 16:06:35 +01:00
|
|
|
|
2017-02-23 16:11:56 +01:00
|
|
|
|
2017-10-03 21:01:55 +02:00
|
|
|
class Vulnerability(STIXDomainObject):
|
2018-06-11 20:37:45 +02:00
|
|
|
# TODO: Add link
|
|
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
|
`the STIX 2.1 specification <link here>`__.
|
|
|
|
|
"""
|
2017-02-23 16:11:56 +01:00
|
|
|
|
|
|
|
|
_type = 'vulnerability'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-11 21:12:45 +02:00
|
|
|
('type', TypeProperty(_type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('id', IDProperty(_type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('name', StringProperty(required=True)),
|
|
|
|
|
('description', StringProperty()),
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def CustomObject(type='x-custom-type', properties=None):
|
2017-09-22 16:01:00 +02:00
|
|
|
"""Custom STIX Object type decorator.
|
2017-06-13 16:26:43 +02:00
|
|
|
|
2017-09-22 16:01:00 +02:00
|
|
|
Example:
|
2018-07-10 21:22:21 +02:00
|
|
|
>>> from stix2.v21 import CustomObject
|
|
|
|
|
>>> from stix2.properties import IntegerProperty, StringProperty
|
2017-09-22 16:01:00 +02:00
|
|
|
>>> @CustomObject('x-type-name', [
|
|
|
|
|
... ('property1', StringProperty(required=True)),
|
|
|
|
|
... ('property2', IntegerProperty()),
|
|
|
|
|
... ])
|
|
|
|
|
... class MyNewObjectType():
|
|
|
|
|
... pass
|
2017-06-13 16:26:43 +02:00
|
|
|
|
2017-09-22 17:03:25 +02:00
|
|
|
Supply an ``__init__()`` function to add any special validations to the custom
|
|
|
|
|
type. Don't call ``super().__init__()`` though - doing so will cause an error.
|
2017-06-13 16:26:43 +02:00
|
|
|
|
2017-09-22 16:01:00 +02:00
|
|
|
Example:
|
2018-07-10 21:22:21 +02:00
|
|
|
>>> from stix2.v21 import CustomObject
|
|
|
|
|
>>> from stix2.properties import IntegerProperty, StringProperty
|
2017-09-22 16:01:00 +02:00
|
|
|
>>> @CustomObject('x-type-name', [
|
|
|
|
|
... ('property1', StringProperty(required=True)),
|
|
|
|
|
... ('property2', IntegerProperty()),
|
|
|
|
|
... ])
|
|
|
|
|
... class MyNewObjectType():
|
|
|
|
|
... def __init__(self, property2=None, **kwargs):
|
|
|
|
|
... if property2 and property2 < 10:
|
|
|
|
|
... raise ValueError("'property2' is too small.")
|
2018-06-11 20:37:45 +02:00
|
|
|
|
2018-07-10 21:22:21 +02:00
|
|
|
"""
|
|
|
|
|
def wrapper(cls):
|
|
|
|
|
_properties = list(itertools.chain.from_iterable([
|
|
|
|
|
[
|
|
|
|
|
('type', TypeProperty(type)),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2018-07-10 21:22:21 +02:00
|
|
|
('id', IDProperty(type)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('created_by_ref', ReferenceProperty(type='identity')),
|
2017-08-11 21:12:45 +02:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
2018-07-10 21:22:21 +02:00
|
|
|
],
|
|
|
|
|
[x for x in properties if not x[0].startswith('x_')],
|
|
|
|
|
[
|
2018-06-11 20:37:45 +02:00
|
|
|
('revoked', BooleanProperty(default=lambda: False)),
|
2017-08-11 21:12:45 +02:00
|
|
|
('labels', ListProperty(StringProperty)),
|
2017-10-06 21:09:14 +02:00
|
|
|
('confidence', IntegerProperty()),
|
|
|
|
|
('lang', StringProperty()),
|
2017-08-11 21:12:45 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2018-06-30 00:38:04 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type='marking-definition'))),
|
2017-08-11 21:12:45 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
2018-07-10 21:22:21 +02:00
|
|
|
],
|
2018-07-13 17:10:05 +02:00
|
|
|
sorted([x for x in properties if x[0].startswith('x_')], key=lambda x: x[0]),
|
2018-07-10 21:22:21 +02:00
|
|
|
]))
|
2018-07-11 14:11:47 +02:00
|
|
|
return _custom_object_builder(cls, type, _properties, '2.1')
|
2018-07-10 21:22:21 +02:00
|
|
|
|
|
|
|
|
return wrapper
|
