MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Made some minimal changes to support the STIX 2.1 Malware SDO, 

and the maec2stix tool.
stix2.1
Michael Chisholm 2018-06-08 21:44:20 -04:00
parent 2e0dfc6592
commit f211649529
3 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
stix2/core.py
View File

@ -50,7 +50,7 @@ class Bundle(_STIXBase):
_properties.update([
('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('spec_version', Property(fixed="2.0")),
('spec_version', Property(fixed="2.1")),
('objects', ListProperty(STIXObjectProperty)),
])

42
stix2/v21/sdo.py
View File

@ -7,7 +7,8 @@ import stix2
from ..base import _STIXBase
from ..markings import _MarkingsMixin
from ..properties import (BooleanProperty, EnumProperty, FloatProperty,
from ..properties import (BooleanProperty, DictionaryProperty,
EmbeddedObjectProperty, EnumProperty, FloatProperty,
IDProperty, IntegerProperty, ListProperty,
PatternProperty, ReferenceProperty, StringProperty,
TimestampProperty, TypeProperty)
@ -229,6 +230,32 @@ class Location(STIXDomainObject):
])
class AnalysisType(_STIXBase):
_properties = OrderedDict()
_properties.update([
('start_time', TimestampProperty()),
('end_time', TimestampProperty()),
('analysis_tools', ObservableProperty()),
('analysis_environment', DictionaryProperty()),
('results', DictionaryProperty(required=True))
])
class AVResultsType(_STIXBase):
_properties = OrderedDict()
_properties.update([
('product', StringProperty()),
('engine_version', StringProperty()),
('definition_version', StringProperty()),
('submitted', TimestampProperty()),
('scanned', TimestampProperty()),
('result', StringProperty()),
('details', StringProperty())
])
class Malware(STIXDomainObject):
# TODO: Add link
"""For more detailed information on this object's properties, see
@ -239,6 +266,7 @@ class Malware(STIXDomainObject):
_properties = OrderedDict()
_properties.update([
('type', TypeProperty(_type)),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type)),
('created_by_ref', ReferenceProperty(type="identity")),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
@ -253,6 +281,17 @@ class Malware(STIXDomainObject):
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
('is_family', BooleanProperty(required=True)),
('first_seen', TimestampProperty()),
('last_seen', TimestampProperty()),
('os_execution_envs', ListProperty(StringProperty)),
('architecture_execution_envs', ListProperty(StringProperty)),
('implementation_languages', ListProperty(StringProperty)),
('samples', ObservableProperty()),
('static_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
('dynamic_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
('av_results', ListProperty(EmbeddedObjectProperty(AVResultsType))),
('capabilities', ListProperty(StringProperty))
])
@ -266,6 +305,7 @@ class Note(STIXDomainObject):
_properties = OrderedDict()
_properties.update([
('type', TypeProperty(_type)),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type)),
('created_by_ref', ReferenceProperty(type="identity")),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),

1
stix2/v21/sro.py
View File

@ -25,6 +25,7 @@ class Relationship(STIXRelationshipObject):
_properties = OrderedDict()
_properties.update([
('type', TypeProperty(_type)),
('spec_version', StringProperty(fixed="2.1")),
('id', IDProperty(_type)),
('created_by_ref', ReferenceProperty(type="identity")),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),