Merge pull request #357 from chisholm/malware_analysis_result
Update malware-analysis SDO's av_result propertymaster
commit
33fb31421b
|
@ -34,7 +34,8 @@ MALWARE_ANALYSIS_JSON = """{
|
||||||
"submitted": "2018-11-23T06:45:55.747Z",
|
"submitted": "2018-11-23T06:45:55.747Z",
|
||||||
"analysis_started": "2018-11-29T07:30:03.895Z",
|
"analysis_started": "2018-11-29T07:30:03.895Z",
|
||||||
"analysis_ended": "2018-11-29T08:30:03.895Z",
|
"analysis_ended": "2018-11-29T08:30:03.895Z",
|
||||||
"av_result": "malicious",
|
"result_name": "MegaRansom",
|
||||||
|
"result": "malicious",
|
||||||
"analysis_sco_refs": [
|
"analysis_sco_refs": [
|
||||||
"file--fc27e371-6c88-4c5c-868a-4dda0e60b167",
|
"file--fc27e371-6c88-4c5c-868a-4dda0e60b167",
|
||||||
"url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"
|
"url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"
|
||||||
|
|
|
@ -524,7 +524,8 @@ class MalwareAnalysis(STIXDomainObject):
|
||||||
('submitted', TimestampProperty()),
|
('submitted', TimestampProperty()),
|
||||||
('analysis_started', TimestampProperty()),
|
('analysis_started', TimestampProperty()),
|
||||||
('analysis_ended', TimestampProperty()),
|
('analysis_ended', TimestampProperty()),
|
||||||
('av_result', StringProperty()),
|
('result_name', StringProperty()),
|
||||||
|
('result', StringProperty()),
|
||||||
('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))),
|
('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))),
|
||||||
('sample_ref', ReferenceProperty(valid_types="SCO", spec_version="2.1")),
|
('sample_ref', ReferenceProperty(valid_types="SCO", spec_version="2.1")),
|
||||||
])
|
])
|
||||||
|
@ -532,7 +533,7 @@ class MalwareAnalysis(STIXDomainObject):
|
||||||
def _check_object_constraints(self):
|
def _check_object_constraints(self):
|
||||||
super(MalwareAnalysis, self)._check_object_constraints()
|
super(MalwareAnalysis, self)._check_object_constraints()
|
||||||
|
|
||||||
self._check_at_least_one_property(["av_result", "analysis_sco_refs"])
|
self._check_at_least_one_property(["result", "analysis_sco_refs"])
|
||||||
|
|
||||||
|
|
||||||
class Note(STIXDomainObject):
|
class Note(STIXDomainObject):
|
||||||
|
|
Loading…
Reference in New Issue