Version: 1.2.0.4.dev0

stix.ttp Module

Overview

The stix.ttp module implements TTP.

TTPs are representations of the behavior or modus operandi of cyber adversaries.

Documentation Resources

Classes

class stix.ttp.TTP(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)

Bases: stix.base.BaseCoreComponent

Implementation of the STIX TTP.

Parameters:
  • id (optional) – An identifier. If None, a value will be generated via mixbox.idgen.create_id(). If set, this will unset the idref property.
  • idref (optional) – An identifier reference. If set this will unset the id_ property.
  • timestamp (optional) – A timestamp value. Can be an instance of datetime.datetime or str.
  • description – A description of the purpose or intent of this object.
  • short_description – A short description of the intent or purpose of this object.
  • title – The title of this object.
add_description(description)

Adds a description to the descriptions collection.

This is the same as calling “foo.descriptions.add(bar)”.

add_intended_effect(value)

Adds a Statement object to the intended_effects collection.

If value is a string, an attempt will be made to convert it into an instance of Statement.

add_kill_chain_phase(value)

Adds a KillChainPhaseReference to the kill_chain_phases collection.

Parameters:value – A KillChainPhase, KillChainPhaseReference or a str representing the phase_id of. Note that you if you are defining a custom Kill Chain, you need to add it to the STIX package separately.

Adds a RelatedPackageRef object to the related_packages collection.

Parameters:value – A RelatedPackageRef or a STIXPackage object.
add_short_description(description)

Adds a description to the short_descriptions collection.

This is the same as calling “foo.short_descriptions.add(bar)”.

description

A single description about the contents or purpose of this object.

Default Value: None

Note

If this object has more than one description set, this will return the description with the lowest ordinality value.

Returns:class:.StructuredText
Return type:An instance of
find(id_)

Searches the children of a Entity implementation for an object with an id_ property that matches id_.

short_description

A single short description about the contents or purpose of this object.

Default Value: None

Note

If this object has more than one short description set, this will return the description with the lowest ordinality value.

Returns:class:.StructuredText
Return type:An instance of
to_dict()

Convert to a dict

Subclasses can override this function.

Returns:Python dict with keys set from this Entity.
to_json()

Export an object as a JSON String.

to_obj(ns_info=None)

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.