Version: 1.1.1.8

stix.core.stix_package Module

Classes

class stix.core.stix_package.STIXPackage(id_=None, idref=None, timestamp=None, stix_header=None, courses_of_action=None, exploit_targets=None, indicators=None, observables=None, incidents=None, threat_actors=None, ttps=None, campaigns=None, related_packages=None)

Bases: stix.base.Entity

A STIX Package object.

Parameters:
  • id (optional) – An identifier. If None, a value will be generated via mixbox.idgen.create_id(). If set, this will unset the idref property.
  • idref – An identifier reference. If set this will unset the id_ property.
  • timestamp – A timestamp value. Can be an instance of datetime.datetime or str.
  • stix_header – A Report Header object.
  • campaigns – A collection of Campaign objects.
  • courses_of_action – A collection of CourseOfAction objects.
  • exploit_targets – A collection of ExploitTarget objects.
  • incidents – A collection of Incident objects.
  • indicators – A collection of Indicator objects.
  • threat_actors – A collection of ThreatActor objects.
  • ttps – A collection of TTP objects.
  • related_packages – A collection of RelatedPackage objects.
add(entity)

Adds entity to a top-level collection. For example, if entity is an Indicator object, the entity will be added to the indicators top-level collection.

add_campaign(campaign)

Adds a Campaign object to the campaigns collection.

add_course_of_action(course_of_action)

Adds an CourseOfAction object to the courses_of_action collection.

add_exploit_target(exploit_target)

Adds an ExploitTarget object to the exploit_targets collection.

add_incident(incident)

Adds an Incident object to the incidents collection.

add_indicator(indicator)

Adds an Indicator object to the indicators collection.

add_observable(observable)

Adds an Observable object to the observables collection.

If observable is not an Observable instance, an effort will be made to convert it to one.

Adds a RelatedPackage object to the related_packages collection.

add_threat_actor(threat_actor)

Adds an ThreatActor object to the threat_actors collection.

add_ttp(ttp)

Adds an TTP object to the ttps collection.

classmethod from_xml(xml_file, encoding=None)

Parses the xml_file file-like object and returns a STIXPackage instance.

Parameters:
  • xml_file – A file, file-like object, etree._Element, or etree._ElementTree instance.
  • encoding – The character encoding of the xml_file input. If None, an attempt will be made to determine the input character encoding. Default is None.
Returns:

class:STIXPackage.
Return type:

An instance of
class stix.core.stix_package.RelatedPackages(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList