define Incident stub

2020-12-22 17:46:29 -05:00 · 2020-12-22 17:46:29 -05:00 · 33a472d8f5
parent aa77f2b174
commit 33a472d8f5
2 changed files with 30 additions and 2 deletions
--- a/stix2/v21/init.py
+++ b/stix2/v21/init.py
@ -36,7 +36,7 @@ from .observables import (
 )
 from .sdo import (
    AttackPattern, Campaign, CourseOfAction, CustomObject, Grouping, Identity,
-    Indicator, Infrastructure, IntrusionSet, Location, Malware,
+    Incident, Indicator, Infrastructure, IntrusionSet, Location, Malware,
    MalwareAnalysis, Note, ObservedData, Opinion, Report, ThreatActor, Tool,
    Vulnerability,
 )
@ -49,6 +49,7 @@ OBJ_MAP = {
    'course-of-action': CourseOfAction,
    'grouping': Grouping,
    'identity': Identity,
+    'incident': Incident,
    'indicator': Indicator,
    'infrastructure': Infrastructure,
    'intrusion-set': IntrusionSet,
@ -126,7 +127,7 @@ __all__ = """
    X509Certificate, X509V3ExtensionsType,

    AttackPattern, Campaign, CourseOfAction, CustomObject, Grouping, Identity,
-    Indicator, Infrastructure, IntrusionSet, Location, Malware,
+    Incident, Indicator, Infrastructure, IntrusionSet, Location, Malware,
    MalwareAnalysis, Note, ObservedData, Opinion, Report, ThreatActor, Tool,
    Vulnerability,

--- a/stix2/v21/sdo.py
+++ b/stix2/v21/sdo.py
@ -175,6 +175,33 @@ class Identity(_DomainObject):
    ])


+class Incident(_DomainObject):
+    """For more detailed information on this object's properties, see
+    `the STIX 2.1 specification <link here>`__.
+    """
+
+    _type = 'incident'
+    _properties = OrderedDict([
+        ('type', TypeProperty(_type, spec_version='2.1')),
+        ('spec_version', StringProperty(fixed='2.1')),
+        ('id', IDProperty(_type, spec_version='2.1')),
+        ('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
+        ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
+        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
+        ('name', StringProperty(required=True)),
+        ('description', StringProperty()),
+        ('kill_chain_phases', ListProperty(KillChainPhase)),
+        ('revoked', BooleanProperty(default=lambda: False)),
+        ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
+        ('external_references', ListProperty(ExternalReference)),
+        ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
+        ('granular_markings', ListProperty(GranularMarking)),
+        ('extensions', ExtensionsProperty(spec_version='2.1')),
+    ])
+
+
 class Indicator(_DomainObject):
    """For more detailed information on this object's properties, see
    `the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_wfiae74706sw>`__.