Update STIX 2.1 structure
Emmanuelle Vargas-Gonzalez
parent
d4db4f0ab8
commit
bdb91c6ac4
|
|
@ -0,0 +1,49 @@
|
||||||
|
|
||||||
|
# flake8: noqa
|
||||||
|
|
||||||
|
from ..core import Bundle
|
||||||
|
from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
|
||||||
|
ExternalReference, GranularMarking, KillChainPhase,
|
||||||
|
LanguageContent, MarkingDefinition, StatementMarking,
|
||||||
|
TLPMarking)
|
||||||
|
from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
|
||||||
|
AutonomousSystem, CustomExtension, CustomObservable,
|
||||||
|
Directory, DomainName, EmailAddress, EmailMessage,
|
||||||
|
EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
|
||||||
|
IPv4Address, IPv6Address, MACAddress, Mutex,
|
||||||
|
NetworkTraffic, NTFSExt, PDFExt, Process,
|
||||||
|
RasterImageExt, SocketExt, Software, TCPExt,
|
||||||
|
UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
|
||||||
|
WindowsPEOptionalHeaderType, WindowsPESection,
|
||||||
|
WindowsProcessExt, WindowsRegistryKey,
|
||||||
|
WindowsRegistryValueType, WindowsServiceExt,
|
||||||
|
X509Certificate, X509V3ExtenstionsType,
|
||||||
|
parse_observable)
|
||||||
|
from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
|
||||||
|
Identity, Indicator, IntrusionSet, Location, Malware, Note,
|
||||||
|
ObservedData, Opinion, Report, ThreatActor, Tool,
|
||||||
|
Vulnerability)
|
||||||
|
from .sro import Relationship, Sighting
|
||||||
|
|
||||||
|
OBJ_MAP = {
|
||||||
|
'attack-pattern': AttackPattern,
|
||||||
|
'bundle': Bundle,
|
||||||
|
'campaign': Campaign,
|
||||||
|
'course-of-action': CourseOfAction,
|
||||||
|
'identity': Identity,
|
||||||
|
'indicator': Indicator,
|
||||||
|
'intrusion-set': IntrusionSet,
|
||||||
|
'language-content': LanguageContent,
|
||||||
|
'location': Location,
|
||||||
|
'malware': Malware,
|
||||||
|
'note': Note,
|
||||||
|
'marking-definition': MarkingDefinition,
|
||||||
|
'observed-data': ObservedData,
|
||||||
|
'opinion': Opinion,
|
||||||
|
'report': Report,
|
||||||
|
'relationship': Relationship,
|
||||||
|
'threat-actor': ThreatActor,
|
||||||
|
'tool': Tool,
|
||||||
|
'sighting': Sighting,
|
||||||
|
'vulnerability': Vulnerability,
|
||||||
|
}
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
"""STIX 2 Common Data Types and Properties."""
|
"""STIX 2.1 Common Data Types and Properties."""
|
||||||
|
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
from .base import _STIXBase
|
from ..base import _STIXBase
|
||||||
from .markings import _MarkingsMixin
|
from ..markings import _MarkingsMixin
|
||||||
from .properties import (BooleanProperty, DictionaryProperty, HashesProperty,
|
from ..properties import (BooleanProperty, DictionaryProperty, HashesProperty,
|
||||||
IDProperty, ListProperty, Property, ReferenceProperty,
|
IDProperty, ListProperty, Property,
|
||||||
SelectorProperty, StringProperty, TimestampProperty,
|
ReferenceProperty, SelectorProperty, StringProperty,
|
||||||
TypeProperty)
|
TimestampProperty, TypeProperty)
|
||||||
from .utils import NOW, get_dict
|
from ..utils import NOW, get_dict
|
||||||
|
|
||||||
|
|
||||||
class ExternalReference(_STIXBase):
|
class ExternalReference(_STIXBase):
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
"""STIX 2.0 Cyber Observable Objects.
|
"""STIX 2.1 Cyber Observable Objects.
|
||||||
|
|
||||||
Embedded observable object types, such as Email MIME Component, which is
|
Embedded observable object types, such as Email MIME Component, which is
|
||||||
embedded in Email Message objects, inherit from ``_STIXBase`` instead of
|
embedded in Email Message objects, inherit from ``_STIXBase`` instead of
|
||||||
|
|
@ -7,15 +7,15 @@ Observable and do not have a ``_type`` attribute.
|
||||||
|
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
from .base import _Extension, _Observable, _STIXBase
|
from ..base import _Extension, _Observable, _STIXBase
|
||||||
from .exceptions import (AtLeastOnePropertyError, DependentPropertiesError,
|
from ..exceptions import (AtLeastOnePropertyError, DependentPropertiesError,
|
||||||
ParseError)
|
ParseError)
|
||||||
from .properties import (BinaryProperty, BooleanProperty, DictionaryProperty,
|
from ..properties import (BinaryProperty, BooleanProperty, DictionaryProperty,
|
||||||
EmbeddedObjectProperty, EnumProperty, FloatProperty,
|
EmbeddedObjectProperty, EnumProperty, FloatProperty,
|
||||||
HashesProperty, HexProperty, IntegerProperty,
|
HashesProperty, HexProperty, IntegerProperty,
|
||||||
ListProperty, ObjectReferenceProperty, Property,
|
ListProperty, ObjectReferenceProperty, Property,
|
||||||
StringProperty, TimestampProperty, TypeProperty)
|
StringProperty, TimestampProperty, TypeProperty)
|
||||||
from .utils import get_dict
|
from ..utils import get_dict
|
||||||
|
|
||||||
|
|
||||||
class ObservableProperty(Property):
|
class ObservableProperty(Property):
|
||||||
|
|
@ -1,18 +1,18 @@
|
||||||
"""STIX 2.0 Domain Objects"""
|
"""STIX 2.1 Domain Objects"""
|
||||||
|
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
import stix2
|
import stix2
|
||||||
|
|
||||||
from .base import _STIXBase
|
from ..base import _STIXBase
|
||||||
from .common import ExternalReference, GranularMarking, KillChainPhase
|
from ..markings import _MarkingsMixin
|
||||||
from .markings import _MarkingsMixin
|
from ..properties import (BooleanProperty, EnumProperty, FloatProperty,
|
||||||
from .observables import ObservableProperty
|
|
||||||
from .properties import (BooleanProperty, EnumProperty, FloatProperty,
|
|
||||||
IDProperty, IntegerProperty, ListProperty,
|
IDProperty, IntegerProperty, ListProperty,
|
||||||
PatternProperty, ReferenceProperty, StringProperty,
|
PatternProperty, ReferenceProperty, StringProperty,
|
||||||
TimestampProperty, TypeProperty)
|
TimestampProperty, TypeProperty)
|
||||||
from .utils import NOW
|
from ..utils import NOW
|
||||||
|
from .common import ExternalReference, GranularMarking, KillChainPhase
|
||||||
|
from .observables import ObservableProperty
|
||||||
|
|
||||||
|
|
||||||
class STIXDomainObject(_STIXBase, _MarkingsMixin):
|
class STIXDomainObject(_STIXBase, _MarkingsMixin):
|
||||||
|
|
@ -470,7 +470,7 @@ def CustomObject(type='x-custom-type', properties=None):
|
||||||
return
|
return
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
stix2._register_type(_Custom)
|
stix2._register_type(_Custom, version="2.1")
|
||||||
return _Custom
|
return _Custom
|
||||||
|
|
||||||
return custom_builder
|
return custom_builder
|
||||||
|
|
@ -1,14 +1,14 @@
|
||||||
"""STIX 2.0 Relationship Objects."""
|
"""STIX 2.1 Relationship Objects."""
|
||||||
|
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
|
|
||||||
from .base import _STIXBase
|
from ..base import _STIXBase
|
||||||
from .common import ExternalReference, GranularMarking
|
from ..markings import _MarkingsMixin
|
||||||
from .markings import _MarkingsMixin
|
from ..properties import (BooleanProperty, IDProperty, IntegerProperty,
|
||||||
from .properties import (BooleanProperty, IDProperty, IntegerProperty,
|
|
||||||
ListProperty, ReferenceProperty, StringProperty,
|
ListProperty, ReferenceProperty, StringProperty,
|
||||||
TimestampProperty, TypeProperty)
|
TimestampProperty, TypeProperty)
|
||||||
from .utils import NOW
|
from ..utils import NOW
|
||||||
|
from .common import ExternalReference, GranularMarking
|
||||||
|
|
||||||
|
|
||||||
class STIXRelationshipObject(_STIXBase, _MarkingsMixin):
|
class STIXRelationshipObject(_STIXBase, _MarkingsMixin):
|
||||||
Loading…
Reference in New Issue