Update malware-analysis SDO's av_result property: replace it with

result and result_name properties.  Per:
https://github.com/oasis-tcs/cti-stix2/issues/213
master
Michael Chisholm 2020-02-27 17:26:04 -05:00
parent c2b71672f5
commit d2bff4d411
2 changed files with 5 additions and 3 deletions

View File

@ -34,7 +34,8 @@ MALWARE_ANALYSIS_JSON = """{
"submitted": "2018-11-23T06:45:55.747Z", "submitted": "2018-11-23T06:45:55.747Z",
"analysis_started": "2018-11-29T07:30:03.895Z", "analysis_started": "2018-11-29T07:30:03.895Z",
"analysis_ended": "2018-11-29T08:30:03.895Z", "analysis_ended": "2018-11-29T08:30:03.895Z",
"av_result": "malicious", "result_name": "MegaRansom",
"result": "malicious",
"analysis_sco_refs": [ "analysis_sco_refs": [
"file--fc27e371-6c88-4c5c-868a-4dda0e60b167", "file--fc27e371-6c88-4c5c-868a-4dda0e60b167",
"url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e" "url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"

View File

@ -524,14 +524,15 @@ class MalwareAnalysis(STIXDomainObject):
('submitted', TimestampProperty()), ('submitted', TimestampProperty()),
('analysis_started', TimestampProperty()), ('analysis_started', TimestampProperty()),
('analysis_ended', TimestampProperty()), ('analysis_ended', TimestampProperty()),
('av_result', StringProperty()), ('result_name', StringProperty()),
('result', StringProperty()),
('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))), ('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))),
]) ])
def _check_object_constraints(self): def _check_object_constraints(self):
super(MalwareAnalysis, self)._check_object_constraints() super(MalwareAnalysis, self)._check_object_constraints()
self._check_at_least_one_property(["av_result", "analysis_sco_refs"]) self._check_at_least_one_property(["result", "analysis_sco_refs"])
class Note(STIXDomainObject): class Note(STIXDomainObject):