Version: 1.2.0.5.dev0

stix.common.kill_chains Module

Classes

class stix.common.kill_chains.KillChain(id_=None, name=None, definer=None, reference=None)

Bases: stix.base.Entity

class stix.common.kill_chains.KillChains(*args)

Bases: stix.base.EntityList

class stix.common.kill_chains.KillChainPhase(phase_id=None, name=None, ordinality=None)

Bases: stix.base.Entity

class stix.common.kill_chains.KillChainPhaseReference(phase_id=None, name=None, ordinality=None, kill_chain_id=None, kill_chain_name=None)

Bases: stix.common.kill_chains.KillChainPhase

class stix.common.kill_chains.KillChainPhasesReference(*args)

Bases: stix.base.EntityList

Lockheed Martin Kill Chain

There is a shortcuts for adding kill chain phases from the Lockheed Martin Cyber Kill Chain to indicators:

from stix.common.kill_chains.lmco import PHASE_RECONNAISSANCE
from stix.indicator import Indicator
i = Indicator()
i.add_kill_chain_phase(PHASE_RECONNAISSANCE)
print i.to_xml(include_namespaces=False)
<indicator:Indicator id="example:indicator-2bb1c0ea-7dd8-40fb-af64-7199f00719c1"
        timestamp="2015-03-17T19:14:22.797675+00:00" xsi:type='indicator:IndicatorType'>
    <indicator:Kill_Chain_Phases>
        <stixCommon:Kill_Chain_Phase phase_id="stix:TTP-af1016d6-a744-4ed7-ac91-00fe2272185a"/>
    </indicator:Kill_Chain_Phases>
</indicator:Indicator>