Add KillChainPhase, AttackPattern, IntrusionSet, Tool

stix2/common.py

@@ -52,3 +52,14 @@ class ExternalReference(_STIXBase):
         'url': {},
         'external_id': {},
     }
+
+
+class KillChainPhase(_STIXBase):
+    _properties = {
+        'kill_chain_name': {
+            'required': True,
+        },
+        'phase_name': {
+            'required': True,
+        },
+    }

stix2/sdo.py

@@ -5,6 +5,34 @@ from .common import COMMON_PROPERTIES
 from .utils import NOW
 
 
+class AttackPattern(_STIXBase):
+
+    _type = 'attack-pattern'
+    _properties = COMMON_PROPERTIES.copy()
+    _properties.update({
+        'labels': {
+            'required': True,
+        },
+        'name': {
+            'required': True,
+        },
+        'description': {},
+        'kill_chain_phases': {},
+    })
+
+    def __init__(self, **kwargs):
+        # TODO:
+        # - created_by_ref
+        # - external_references
+        # - object_marking_refs
+        # - granular_markings
+
+        # - description
+        # - kill_chain_phases
+
+        super(AttackPattern, self).__init__(**kwargs)
+
+
 class Indicator(_STIXBase):
 
     _type = 'indicator'
@@ -13,18 +41,21 @@ class Indicator(_STIXBase):
         'labels': {
             'required': True,
         },
+        'name': {},
+        'description': {},
         'pattern': {
             'required': True,
         },
         'valid_from': {
             'default': NOW,
         },
+        'valid_until': {},
+        'kill_chain_phases': {},
     })
 
     def __init__(self, **kwargs):
         # TODO:
         # - created_by_ref
-        # - revoked
         # - external_references
         # - object_marking_refs
         # - granular_markings
@@ -37,6 +68,43 @@ class Indicator(_STIXBase):
         super(Indicator, self).__init__(**kwargs)
 
 
+class IntrusionSet(_STIXBase):
+
+    _type = 'intrusion-set'
+    _properties = COMMON_PROPERTIES.copy()
+    _properties.update({
+        'name': {
+            'required': True,
+        },
+        'description': {},
+        'aliases': {},
+        'first_seen': {},
+        'last_seen ': {},
+        'goals': {},
+        'resource_level': {},
+        'primary_motivation': {},
+        'secondary_motivations': {},
+    })
+
+    def __init__(self, **kwargs):
+        # TODO:
+        # - created_by_ref
+        # - external_references
+        # - object_marking_refs
+        # - granular_markings
+
+        # - description
+        # - aliases
+        # - first_seen
+        # - last_seen
+        # - goals
+        # - resource_level
+        # - primary_motivation
+        # - secondary_motivations
+
+        super(IntrusionSet, self).__init__(**kwargs)
+
+
 class Malware(_STIXBase):
 
     _type = 'malware'
@@ -48,12 +116,13 @@ class Malware(_STIXBase):
         'name': {
             'required': True,
         },
+        'description': {},
+        'kill_chain_phases': {},
     })
 
     def __init__(self, **kwargs):
         # TODO:
         # - created_by_ref
-        # - revoked
         # - external_references
         # - object_marking_refs
         # - granular_markings
@@ -62,3 +131,33 @@ class Malware(_STIXBase):
         # - kill_chain_phases
 
         super(Malware, self).__init__(**kwargs)
+
+
+class Tool(_STIXBase):
+
+    _type = 'tool'
+    _properties = COMMON_PROPERTIES.copy()
+    _properties.update({
+        'labels': {
+            'required': True,
+        },
+        'name': {
+            'required': True,
+        },
+        'description': {},
+        'kill_chain_phases': {},
+        'tool_version': {},
+    })
+
+    def __init__(self, **kwargs):
+        # TODO:
+        # - created_by_ref
+        # - external_references
+        # - object_marking_refs
+        # - granular_markings
+
+        # - description
+        # - kill_chain_phases
+        # - tool_version
+
+        super(Tool, self).__init__(**kwargs)