sdo

STIX 2.0 Domain Objects.

class AttackPattern(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • kill_chain_phases (List of Kill Chain Phases)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Campaign(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • aliases (List of Strings)
  • first_seen (Timestamp)
  • last_seen (Timestamp)
  • objective (String)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class CourseOfAction(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Identity(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • identity_class (Open Vocab, required)
  • sectors (List of Open Vocabs)
  • contact_information (String)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Indicator(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String)
  • description (String)
  • pattern (Pattern, required)
  • valid_from (Timestamp, default: current date/time)
  • valid_until (Timestamp)
  • kill_chain_phases (List of Kill Chain Phases)
  • revoked (Boolean)
  • labels (List of Open Vocabs, required)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class IntrusionSet(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • aliases (List of Strings)
  • first_seen (Timestamp)
  • last_seen (Timestamp)
  • goals (List of Strings)
  • resource_level (String)
  • primary_motivation (Open Vocab)
  • secondary_motivations (List of Open Vocabs)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Malware(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • kill_chain_phases (List of Kill Chain Phases)
  • revoked (Boolean)
  • labels (List of Open Vocabs, required)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class ObservedData(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • first_observed (Timestamp, required)
  • last_observed (Timestamp, required)
  • number_observed (Integer, required)
  • objects (Observable, required)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Report(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • published (Timestamp, required)
  • object_refs (List of References, required)
  • revoked (Boolean)
  • labels (List of Open Vocabs, required)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class ThreatActor(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • aliases (List of Strings)
  • roles (List of Open Vocabs)
  • goals (List of Strings)
  • sophistication (Open Vocab)
  • resource_level (Open Vocab)
  • primary_motivation (Open Vocab)
  • secondary_motivations (List of Open Vocabs)
  • personal_motivations (List of Open Vocabs)
  • revoked (Boolean)
  • labels (List of Open Vocabs, required)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Tool(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • kill_chain_phases (List of Kill Chain Phases)
  • tool_version (String)
  • revoked (Boolean)
  • labels (List of Open Vocabs, required)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
class Vulnerability(allow_custom=False, **kwargs)

For more detailed information on this object’s properties, see the STIX 2.0 specification.

Properties:
  • id (ID)
  • created_by_ref (Reference)
  • created (Timestamp, default: current date/time)
  • modified (Timestamp, default: current date/time)
  • name (String, required)
  • description (String)
  • revoked (Boolean)
  • labels (List of Strings)
  • external_references (List of External References)
  • object_marking_refs (List of References)
  • granular_markings (List of Granular Markings)
CustomObject(type='x-custom-type', properties=None)

Custom STIX Object type decorator.

Example

>>> from stix2.v20 import CustomObject
>>> from stix2.properties import IntegerProperty, StringProperty
>>> @CustomObject('x-type-name', [
...     ('property1', StringProperty(required=True)),
...     ('property2', IntegerProperty()),
... ])
... class MyNewObjectType():
...     pass

Supply an __init__() function to add any special validations to the custom type. Don’t call super().__init__() though - doing so will cause an error.

Example

>>> from stix2.v20 import CustomObject
>>> from stix2.properties import IntegerProperty, StringProperty
>>> @CustomObject('x-type-name', [
...     ('property1', StringProperty(required=True)),
...     ('property2', IntegerProperty()),
... ])
... class MyNewObjectType():
...     def __init__(self, property2=None, **kwargs):
...         if property2 and property2 < 10:
...             raise ValueError("'property2' is too small.")