Version: 1.1.1.8

stix.incident Module

Classes

class stix.incident.Incident(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)

Bases: stix.base.BaseCoreComponent

Implementation of the STIX Incident.

Parameters:
  • id (optional) – An identifier. If None, a value will be generated via mixbox.idgen.create_id(). If set, this will unset the idref property.
  • idref (optional) – An identifier reference. If set this will unset the id_ property.
  • timestamp (optional) – A timestamp value. Can be an instance of datetime.datetime or str.
  • description – A description of the purpose or intent of this object.
  • short_description – A short description of the intent or purpose of this object.
  • title – The title of this object.
add_affected_asset(v)

Adds a AffectedAsset object to the affected_assets collection.

add_category(category)

Adds a VocabString object to the categories collection.

If category is a string, an attempt will be made to convert it into an instance of IncidentCategory.

add_coa_requested(value)

Adds a COARequested object to the coas_requested collection.

add_coa_taken(value)

Adds a COATaken object to the coas_taken collection.

add_coordinator(value)

Adds a InformationSource object to the coordinators collection.

add_discovery_method(value)

Adds a VocabString object to the discovery_methods collection.

If value is a string, an attempt will be made to convert it to an instance of DiscoveryMethod.

add_external_id(value)

Adds a ExternalID object to the external_ids collection.

add_intended_effect(value)

Adds a Statement object to the intended_effects collection.

If value is a string, an attempt will be made to convert it into an instance of Statement.

add_leveraged_ttps(ttp)

Adds a RelatedTTP value to the leveraged_ttps collection.

Adds an Related Indicator to the related_indicators list property of this Incident.

The indicator parameter must be an instance of RelatedIndicator or Indicator.

If the indicator parameter is None, no item will be added to the related_indicators list property.

Calling this method is the same as calling append() on the related_indicators property.

See also

The RelatedIndicators documentation.

Note

If the indicator parameter is not an instance of RelatedIndicator an attempt will be made to convert it to one.

Parameters:value – An instance of Indicator or RelatedIndicator.
Raises:ValueError – If the indicator parameter cannot be converted into an instance of RelatedIndicator

Adds a Related Observable to the related_observables list property of this Incident.

The observable parameter must be an instance of RelatedObservable or Observable.

If the observable parameter is None, no item will be added to the related_observables list property.

Calling this method is the same as calling append() on the related_observables property.

See also

The RelatedObservables documentation.

Note

If the observable parameter is not an instance of RelatedObservable an attempt will be made to convert it to one.

Parameters:observable – An instance of Observable or RelatedObservable.
Raises:ValueError – If the value parameter cannot be converted into an instance of RelatedObservable
add_responder(value)

Adds a InformationSource object to the responders collection.

add_victim(victim)

Adds a IdentityType value to the victims collection.

class stix.incident.AttributedThreatActors(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList

class stix.incident.LeveragedTTPs(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList

class stix.incident.RelatedIndicators(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList

class stix.incident.RelatedObservables(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList

class stix.incident.RelatedIncidents(scope=None, *args)

Bases: stix.common.related.GenericRelationshipList