sdo¶
STIX 2.0 Domain Objects.
-
class
AttackPattern
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- kill_chain_phases (List of Kill Chain Phases)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Campaign
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- first_seen (Timestamp)
- last_seen (Timestamp)
- objective (String)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
CourseOfAction
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Identity
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- identity_class (Open Vocab, required)
- sectors (List of Open Vocabs)
- contact_information (String)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Indicator
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String)
- description (String)
- pattern (Pattern, required)
- valid_from (Timestamp, default: current date/time)
- valid_until (Timestamp)
- kill_chain_phases (List of Kill Chain Phases)
- revoked (Boolean)
- labels (List of Open Vocabs, required)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
IntrusionSet
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- first_seen (Timestamp)
- last_seen (Timestamp)
- goals (List of Strings)
- resource_level (String)
- primary_motivation (Open Vocab)
- secondary_motivations (List of Open Vocabs)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Malware
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- kill_chain_phases (List of Kill Chain Phases)
- revoked (Boolean)
- labels (List of Open Vocabs, required)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
ObservedData
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- first_observed (Timestamp, required)
- last_observed (Timestamp, required)
- number_observed (Integer, required)
- objects (Observable, required)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Report
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- published (Timestamp, required)
- object_refs (List of References, required)
- revoked (Boolean)
- labels (List of Open Vocabs, required)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
ThreatActor
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- aliases (List of Strings)
- roles (List of Open Vocabs)
- goals (List of Strings)
- sophistication (Open Vocab)
- resource_level (Open Vocab)
- primary_motivation (Open Vocab)
- secondary_motivations (List of Open Vocabs)
- personal_motivations (List of Open Vocabs)
- revoked (Boolean)
- labels (List of Open Vocabs, required)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Tool
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- kill_chain_phases (List of Kill Chain Phases)
- tool_version (String)
- revoked (Boolean)
- labels (List of Open Vocabs, required)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
class
Vulnerability
(allow_custom=False, **kwargs)¶ For more detailed information on this object’s properties, see the STIX 2.0 specification.
Properties: - id (ID)
- created_by_ref (Reference)
- created (Timestamp, default: current date/time)
- modified (Timestamp, default: current date/time)
- name (String, required)
- description (String)
- revoked (Boolean)
- labels (List of Strings)
- external_references (List of External References)
- object_marking_refs (List of References)
- granular_markings (List of Granular Markings)
-
CustomObject
(type='x-custom-type', properties=None)¶ Custom STIX Object type decorator.
Example
>>> from stix2.v20 import CustomObject >>> from stix2.properties import IntegerProperty, StringProperty >>> @CustomObject('x-type-name', [ ... ('property1', StringProperty(required=True)), ... ('property2', IntegerProperty()), ... ]) ... class MyNewObjectType(): ... pass
Supply an
__init__()
function to add any special validations to the custom type. Don’t callsuper().__init__()
though - doing so will cause an error.Example
>>> from stix2.v20 import CustomObject >>> from stix2.properties import IntegerProperty, StringProperty >>> @CustomObject('x-type-name', [ ... ('property1', StringProperty(required=True)), ... ('property2', IntegerProperty()), ... ]) ... class MyNewObjectType(): ... def __init__(self, property2=None, **kwargs): ... if property2 and property2 < 10: ... raise ValueError("'property2' is too small.")