Version: 1.2.0.0
stix.threat_actor Module¶
Overview¶
The stix.threat_actor module implements ThreatActor.
ThreatActors are characterizations of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behavior.
Documentation Resources¶
Classes¶
- class stix.threat_actor.ThreatActor(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)¶
Bases: stix.base.BaseCoreComponent
Implementation of the STIX Threat Actor.
Parameters: - id_ (optional) – An identifier. If None, a value will be generated via stix.utils.create_id(). If set, this will unset the idref property.
- idref (optional) – An identifier reference. If set this will unset the id_ property.
- timestamp (optional) – A timestamp value. Can be an instance of datetime.datetime or str.
- description – A description of the purpose or intent of this object.
- short_description – A short description of the intent or purpose of this object.
- title – The title of this object.
- add_description(description)¶
Adds a description to the descriptions collection.
This is the same as calling “foo.descriptions.add(bar)”.
- add_intended_effect(value)¶
Adds a Statement object to the intended_effects collection.
If value is a string, an attempt will be made to convert it into an instance of Statement.
- add_motivation(value)¶
Adds a Motivation object to the motivations collection.
- add_planning_and_operational_support(value)¶
Adds a VocabString object to the planning_and_operational_supports collection.
If value is a string, an attempt will be made to convert it to an instance of PlanningAndOperationalSupport.
- add_short_description(description)¶
Adds a description to the short_descriptions collection.
This is the same as calling “foo.short_descriptions.add(bar)”.
- add_sophistication(value)¶
Adds a VocabString object to the sophistications collection.
If value is a string, an attempt will be made to convert it to an instance of ThreatActorSophistication.
- add_type(value)¶
Adds a VocabString object to the types collection.
If set to a string, an attempt will be made to convert it into an instance of ThreatActorType.
- description¶
A single description about the contents or purpose of this object.
Default Value: None
Note
If this object has more than one description set, this will return the description with the lowest ordinality value.
Returns: An instance of – class:.StructuredText
- descriptions¶
A StructuredTextList object, containing descriptions about the purpose or intent of this object.
This is typically used for the purpose of providing multiple descriptions with different classificaton markings.
Iterating over this object will yield its contents sorted by their ordinality value.
Default Value: Empty StructuredTextList object.
Note
IF this is set to a value that is not an instance of StructuredText, an effort will ne made to convert it. If this is set to an iterable, any values contained that are not an instance of StructuredText will be be converted.
Returns: An instance of StructuredTextList
- find(id_)¶
Searches the children of a Entity implementation for an object with an id_ property that matches id_.
- id_¶
The id_ property serves as an identifier. This is automatically set during __init__().
Default Value: None
Note
Both the id_ and idref properties cannot be set at the same time. Setting one will unset the other!
Returns: A string id.
- idref¶
The idref property must be set to the id_ value of another object instance of the same type. An idref does not need to resolve to a local object instance.
Default Value: None.
Note
Both the id_ and idref properties cannot be set at the same time. Setting one will unset the other!
Returns: The value of the idref property
- information_source¶
Contains information about the source of this object.
Default Value: None
Returns: An instance of InformationSource Raises: ValueError – If set to a value that is not None and not an instance of InformationSource
- intended_effects¶
A collection of Statement objects. This behaves like a MutableSequence type.
If set to a string, an attempt will be made to convert it into a Statement object with its value set to an instance of IntendedEffect.
- motivations¶
A collection of VocabString objects. Default is Motivation.
This behaves like a MutableSequence type.
- planning_and_operational_supports¶
A collection of VocabString objects. Default is PlanningAndOperationalSupport.
This behaves like a MutableSequence type.
- short_description¶
A single short description about the contents or purpose of this object.
Default Value: None
Note
If this object has more than one short description set, this will return the description with the lowest ordinality value.
Returns: An instance of – class:.StructuredText
- short_descriptions¶
A StructuredTextList object, containing short descriptions about the purpose or intent of this object.
This is typically used for the purpose of providing multiple short descriptions with different classificaton markings.
Iterating over this object will yield its contents sorted by their ordinality value.
Default Value: Empty StructuredTextList object.
Note
IF this is set to a value that is not an instance of StructuredText, an effort will ne made to convert it. If this is set to an iterable, any values contained that are not an instance of StructuredText will be be converted.
Returns: An instance of – class:.StructuredTextList
- sophistications¶
A collection of VocabString objects. Default is ThreatActorSophistication.
This behaves like a MutableSequence type.
- timestamp¶
The timestam property declares the time of creation and is automatically set in __init__().
This property can accept datetime.datetime or str values. If an str value is supplied, a best-effort attempt is made to parse it into an instance of datetime.datetime.
Default Value: A datetime.dateime instance with a value of the date/time when __init__() was called.
Note
If an idref is set during __init__(), the value of timestamp will not automatically generated and instead default to the timestamp parameter, which has a default value of None.
Returns: An instance of datetime.datetime.
- types¶
A collection of VocabString objects. Default is ThreatActorType.
This behaves like a MutableSequence type.
- version¶
The schematic version of this component. This property will always return None unless it is set to a value different than self.__class__._version.
Note
This property refers to the version of the schema component type and should not be used for the purpose of content versioning.
Default Value: None
Returns: The value of the version property if set to a value different than self.__class__._version
- class stix.threat_actor.AssociatedActors(scope=None, *args)¶
- class stix.threat_actor.AssociatedCampaigns(scope=None, *args)¶
- class stix.threat_actor.ObservedTTPs(scope=None, *args)¶