From 375b915da42e1533685bc82b8315c66391f26997 Mon Sep 17 00:00:00 2001 From: clenk Date: Wed, 22 Feb 2017 10:06:35 -0500 Subject: [PATCH] Add KillChainPhase, AttackPattern, IntrusionSet, Tool --- stix2/common.py | 11 ++++++ stix2/sdo.py | 103 +++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 112 insertions(+), 2 deletions(-) diff --git a/stix2/common.py b/stix2/common.py index 62d9ad8..da64770 100644 --- a/stix2/common.py +++ b/stix2/common.py @@ -52,3 +52,14 @@ class ExternalReference(_STIXBase): 'url': {}, 'external_id': {}, } + + +class KillChainPhase(_STIXBase): + _properties = { + 'kill_chain_name': { + 'required': True, + }, + 'phase_name': { + 'required': True, + }, + } diff --git a/stix2/sdo.py b/stix2/sdo.py index 3a033fe..4e5214b 100644 --- a/stix2/sdo.py +++ b/stix2/sdo.py @@ -5,6 +5,34 @@ from .common import COMMON_PROPERTIES from .utils import NOW +class AttackPattern(_STIXBase): + + _type = 'attack-pattern' + _properties = COMMON_PROPERTIES.copy() + _properties.update({ + 'labels': { + 'required': True, + }, + 'name': { + 'required': True, + }, + 'description': {}, + 'kill_chain_phases': {}, + }) + + def __init__(self, **kwargs): + # TODO: + # - created_by_ref + # - external_references + # - object_marking_refs + # - granular_markings + + # - description + # - kill_chain_phases + + super(AttackPattern, self).__init__(**kwargs) + + class Indicator(_STIXBase): _type = 'indicator' @@ -13,18 +41,21 @@ class Indicator(_STIXBase): 'labels': { 'required': True, }, + 'name': {}, + 'description': {}, 'pattern': { 'required': True, }, 'valid_from': { 'default': NOW, }, + 'valid_until': {}, + 'kill_chain_phases': {}, }) def __init__(self, **kwargs): # TODO: # - created_by_ref - # - revoked # - external_references # - object_marking_refs # - granular_markings @@ -37,6 +68,43 @@ class Indicator(_STIXBase): super(Indicator, self).__init__(**kwargs) +class IntrusionSet(_STIXBase): + + _type = 'intrusion-set' + _properties = COMMON_PROPERTIES.copy() + _properties.update({ + 'name': { + 'required': True, + }, + 'description': {}, + 'aliases': {}, + 'first_seen': {}, + 'last_seen ': {}, + 'goals': {}, + 'resource_level': {}, + 'primary_motivation': {}, + 'secondary_motivations': {}, + }) + + def __init__(self, **kwargs): + # TODO: + # - created_by_ref + # - external_references + # - object_marking_refs + # - granular_markings + + # - description + # - aliases + # - first_seen + # - last_seen + # - goals + # - resource_level + # - primary_motivation + # - secondary_motivations + + super(IntrusionSet, self).__init__(**kwargs) + + class Malware(_STIXBase): _type = 'malware' @@ -48,12 +116,13 @@ class Malware(_STIXBase): 'name': { 'required': True, }, + 'description': {}, + 'kill_chain_phases': {}, }) def __init__(self, **kwargs): # TODO: # - created_by_ref - # - revoked # - external_references # - object_marking_refs # - granular_markings @@ -62,3 +131,33 @@ class Malware(_STIXBase): # - kill_chain_phases super(Malware, self).__init__(**kwargs) + + +class Tool(_STIXBase): + + _type = 'tool' + _properties = COMMON_PROPERTIES.copy() + _properties.update({ + 'labels': { + 'required': True, + }, + 'name': { + 'required': True, + }, + 'description': {}, + 'kill_chain_phases': {}, + 'tool_version': {}, + }) + + def __init__(self, **kwargs): + # TODO: + # - created_by_ref + # - external_references + # - object_marking_refs + # - granular_markings + + # - description + # - kill_chain_phases + # - tool_version + + super(Tool, self).__init__(**kwargs)