Version: 1.1.1.8
stix.incident
Module¶
Classes¶
-
class
stix.incident.
Incident
(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)¶ Bases:
stix.base.BaseCoreComponent
Implementation of the STIX Incident.
Parameters: - id (optional) – An identifier. If
None
, a value will be generated viamixbox.idgen.create_id()
. If set, this will unset theidref
property. - idref (optional) – An identifier reference. If set this will unset the
id_
property. - timestamp (optional) – A timestamp value. Can be an instance of
datetime.datetime
orstr
. - description – A description of the purpose or intent of this object.
- short_description – A short description of the intent or purpose of this object.
- title – The title of this object.
-
add_affected_asset
(v)¶ Adds a
AffectedAsset
object to theaffected_assets
collection.
-
add_category
(category)¶ Adds a
VocabString
object to thecategories
collection.If category is a string, an attempt will be made to convert it into an instance of
IncidentCategory
.
-
add_coa_requested
(value)¶ Adds a
COARequested
object to thecoas_requested
collection.
-
add_coordinator
(value)¶ Adds a
InformationSource
object to thecoordinators
collection.
-
add_discovery_method
(value)¶ Adds a
VocabString
object to thediscovery_methods
collection.If value is a string, an attempt will be made to convert it to an instance of
DiscoveryMethod
.
-
add_external_id
(value)¶ Adds a
ExternalID
object to theexternal_ids
collection.
-
add_intended_effect
(value)¶ Adds a
Statement
object to theintended_effects
collection.If value is a string, an attempt will be made to convert it into an instance of
Statement
.
-
add_leveraged_ttps
(ttp)¶ Adds a
RelatedTTP
value to theleveraged_ttps
collection.
Adds an Related Indicator to the
related_indicators
list property of thisIncident
.The indicator parameter must be an instance of
RelatedIndicator
orIndicator
.If the indicator parameter is
None
, no item will be added to therelated_indicators
list property.Calling this method is the same as calling
append()
on therelated_indicators
property.See also
The
RelatedIndicators
documentation.Note
If the indicator parameter is not an instance of
RelatedIndicator
an attempt will be made to convert it to one.Parameters: value – An instance of Indicator
orRelatedIndicator
.Raises: ValueError
– If the indicator parameter cannot be converted into an instance ofRelatedIndicator
Adds a Related Observable to the
related_observables
list property of thisIncident
.The observable parameter must be an instance of
RelatedObservable
orObservable
.If the observable parameter is
None
, no item will be added to therelated_observables
list property.Calling this method is the same as calling
append()
on therelated_observables
property.See also
The
RelatedObservables
documentation.Note
If the observable parameter is not an instance of
RelatedObservable
an attempt will be made to convert it to one.Parameters: observable – An instance of Observable
orRelatedObservable
.Raises: ValueError
– If the value parameter cannot be converted into an instance ofRelatedObservable
-
add_responder
(value)¶ Adds a
InformationSource
object to theresponders
collection.
-
add_victim
(victim)¶ Adds a
IdentityType
value to thevictims
collection.
- id (optional) – An identifier. If
-
class
stix.incident.
AttributedThreatActors
(scope=None, *args)¶
-
class
stix.incident.
LeveragedTTPs
(scope=None, *args)¶
-
class
stix.incident.
RelatedIndicators
(scope=None, *args)¶
-
class
stix.incident.
RelatedObservables
(scope=None, *args)¶
-
class
stix.incident.
RelatedIncidents
(scope=None, *args)¶