sdo¶
STIX 2.1 Domain Objects.
-
class
AttackPattern
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- kill_chain_phases (List of Kill Chain Phases)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Campaign
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- first_seen (Timestamp)
- last_seen (Timestamp)
- objective (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
CourseOfAction
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Grouping
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- created_by_ref (Reference)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
- name (String)
- description (String)
- context (String, required)
- object_refs (List of References, required)
-
class
Identity
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- roles (List of Strings)
- identity_class (String)
- sectors (List of Strings)
- contact_information (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Indicator
(*args, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String)
- description (String)
- indicator_types (List of Strings)
- pattern (Pattern, required)
- pattern_type (String, required)
- pattern_version (String)
- valid_from (Timestamp, required, default: current date/time)
- valid_until (Timestamp)
- kill_chain_phases (List of Kill Chain Phases)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Infrastructure
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
- name (String, required)
- description (String)
- infrastructure_types (List of Strings)
- aliases (List of Strings)
- kill_chain_phases (List of Kill Chain Phases)
- first_seen (Timestamp)
- last_seen (Timestamp)
-
class
IntrusionSet
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- first_seen (Timestamp)
- last_seen (Timestamp)
- goals (List of Strings)
- resource_level (String)
- primary_motivation (String)
- secondary_motivations (List of Strings)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Location
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String)
- description (String)
- latitude (Float)
- longitude (Float)
- precision (Float)
- region (String)
- country (String)
- administrative_area (String)
- city (String)
- street_address (String)
- postal_code (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
to_maps_url
(map_engine='Google Maps')¶ Return URL to this location in an online map engine.
Google Maps is the default, but Bing maps are also supported.
Parameters: map_engine (str) – Which map engine to find the location in Returns: The URL of the location in the given map engine.
-
class
Malware
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String)
- description (String)
- malware_types (List of Strings)
- is_family (Boolean, required)
- aliases (List of Strings)
- kill_chain_phases (List of Kill Chain Phases)
- first_seen (Timestamp)
- last_seen (Timestamp)
- operating_system_refs (List of References)
- architecture_execution_envs (List of Strings)
- implementation_languages (List of Strings)
- capabilities (List of Strings)
- sample_refs (List of References)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
MalwareAnalysis
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- created_by_ref (Reference)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
- product (String, required)
- version (String)
- host_vm_ref (Reference)
- operating_system_ref (Reference)
- installed_software_refs (List of References)
- configuration_version (String)
- modules (List of Strings)
- analysis_engine_version (String)
- analysis_definition_version (String)
- submitted (Timestamp)
- analysis_started (Timestamp)
- analysis_ended (Timestamp)
- result_name (String)
- result (String)
- analysis_sco_refs (List of References)
- sample_ref (Reference)
-
class
Note
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- abstract (String)
- content (String, required)
- authors (List of Strings)
- object_refs (List of References, required)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
ObservedData
(*args, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- first_observed (Timestamp, required)
- last_observed (Timestamp, required)
- number_observed (Integer, required)
- objects (Observable)
- object_refs (List of References)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Opinion
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- explanation (String)
- authors (List of Strings)
- opinion (Enum, required)
- object_refs (List of References, required)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Report
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- report_types (List of Strings)
- published (Timestamp, required)
- object_refs (List of References, required)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
ThreatActor
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- threat_actor_types (List of Strings)
- aliases (List of Strings)
- first_seen (Timestamp)
- last_seen (Timestamp)
- roles (List of Strings)
- goals (List of Strings)
- sophistication (String)
- resource_level (String)
- primary_motivation (String)
- secondary_motivations (List of Strings)
- personal_motivations (List of Strings)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Tool
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- tool_types (List of Strings)
- aliases (List of Strings)
- kill_chain_phases (List of Kill Chain Phases)
- tool_version (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Vulnerability
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.1 specification.
Properties: - spec_version (String)
- id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- revoked (Boolean)
- labels (List of Strings)
- confidence (Integer)
- lang (String)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
CustomObject
(type='x-custom-type', properties=None)¶ Custom STIX Object type decorator.
Example
>>> from stix2.v21 import CustomObject >>> from stix2.properties import IntegerProperty, StringProperty >>> @CustomObject('x-type-name', [ ... ('property1', StringProperty(required=True)), ... ('property2', IntegerProperty()), ... ]) ... class MyNewObjectType(): ... pass
Supply an
__init__()
function to add any special validations to the custom type. Don’t callsuper().__init__()
though - doing so will cause an error.Example
>>> from stix2.v21 import CustomObject >>> from stix2.properties import IntegerProperty, StringProperty >>> @CustomObject('x-type-name', [ ... ('property1', StringProperty(required=True)), ... ('property2', IntegerProperty()), ... ]) ... class MyNewObjectType(): ... def __init__(self, property2=None, **kwargs): ... if property2 and property2 < 10: ... raise ValueError("'property2' is too small.")