From 33a472d8f5e5d837152ebfa9a3830e45db034c33 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Tue, 22 Dec 2020 17:46:29 -0500 Subject: [PATCH] define Incident stub --- stix2/v21/__init__.py | 5 +++-- stix2/v21/sdo.py | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/stix2/v21/__init__.py b/stix2/v21/__init__.py index 81ab980..be7e343 100644 --- a/stix2/v21/__init__.py +++ b/stix2/v21/__init__.py @@ -36,7 +36,7 @@ from .observables import ( ) from .sdo import ( AttackPattern, Campaign, CourseOfAction, CustomObject, Grouping, Identity, - Indicator, Infrastructure, IntrusionSet, Location, Malware, + Incident, Indicator, Infrastructure, IntrusionSet, Location, Malware, MalwareAnalysis, Note, ObservedData, Opinion, Report, ThreatActor, Tool, Vulnerability, ) @@ -49,6 +49,7 @@ OBJ_MAP = { 'course-of-action': CourseOfAction, 'grouping': Grouping, 'identity': Identity, + 'incident': Incident, 'indicator': Indicator, 'infrastructure': Infrastructure, 'intrusion-set': IntrusionSet, @@ -126,7 +127,7 @@ __all__ = """ X509Certificate, X509V3ExtensionsType, AttackPattern, Campaign, CourseOfAction, CustomObject, Grouping, Identity, - Indicator, Infrastructure, IntrusionSet, Location, Malware, + Incident, Indicator, Infrastructure, IntrusionSet, Location, Malware, MalwareAnalysis, Note, ObservedData, Opinion, Report, ThreatActor, Tool, Vulnerability, diff --git a/stix2/v21/sdo.py b/stix2/v21/sdo.py index f3d6bcd..8f811b3 100644 --- a/stix2/v21/sdo.py +++ b/stix2/v21/sdo.py @@ -175,6 +175,33 @@ class Identity(_DomainObject): ]) +class Incident(_DomainObject): + """For more detailed information on this object's properties, see + `the STIX 2.1 specification `__. + """ + + _type = 'incident' + _properties = OrderedDict([ + ('type', TypeProperty(_type, spec_version='2.1')), + ('spec_version', StringProperty(fixed='2.1')), + ('id', IDProperty(_type, spec_version='2.1')), + ('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')), + ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), + ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), + ('name', StringProperty(required=True)), + ('description', StringProperty()), + ('kill_chain_phases', ListProperty(KillChainPhase)), + ('revoked', BooleanProperty(default=lambda: False)), + ('labels', ListProperty(StringProperty)), + ('confidence', IntegerProperty()), + ('lang', StringProperty()), + ('external_references', ListProperty(ExternalReference)), + ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), + ('granular_markings', ListProperty(GranularMarking)), + ('extensions', ExtensionsProperty(spec_version='2.1')), + ]) + + class Indicator(_DomainObject): """For more detailed information on this object's properties, see `the STIX 2.1 specification `__.