Version: 1.2.0.5

stix.report Module

Overview

The stix.report module implements Report.

A Report defines a contextual wrapper for a grouping of STIX content.

Documentation Resources

Classes

class stix.report.Report(id_=None, idref=None, timestamp=None, header=None, courses_of_action=None, exploit_targets=None, indicators=None, observables=None, incidents=None, threat_actors=None, ttps=None, campaigns=None, related_reports=None)

Bases: stix.base.Entity

A STIX Report Object.

Parameters:
  • id (optional) – An identifier. If None, a value will be generated via mixbox.idgen.create_id(). If set, this will unset the idref property.
  • idref (optional) – An identifier reference. If set this will unset the id_ property.
  • timestamp (optional) – A timestamp value. Can be an instance of datetime.datetime or str.
  • header – A Report Header object.
  • campaigns – A collection of Campaign objects.
  • courses_of_action – A collection of CourseOfAction objects.
  • exploit_targets – A collection of ExploitTarget objects.
  • incidents – A collection of Incident objects.
  • indicators – A collection of Indicator objects.
  • threat_actors – A collection of ThreatActor objects.
  • ttps – A collection of TTP objects.
  • related_reports – A collection of RelatedReport objects.
add(entity)

Adds entity to a top-level collection. For example, if entity is an Indicator object, the entity will be added to the indicators top-level collection.

add_campaign(campaign)

Adds a Campaign object to the campaigns collection.

add_course_of_action(course_of_action)

Adds an CourseOfAction object to the courses_of_action collection.

add_exploit_target(exploit_target)

Adds an ExploitTarget object to the exploit_targets collection.

add_incident(incident)

Adds an Incident object to the incidents collection.

add_indicator(indicator)

Adds an Indicator object to the indicators collection.

add_observable(observable)

Adds an Observable object to the observables collection.

If observable is not an Observable instance, an effort will be made to convert it to one.

Adds an RelatedReport object to the related_reports collection.

add_threat_actor(threat_actor)

Adds an ThreatActor object to the threat_actors collection.

add_ttp(ttp)

Adds an TTP object to the ttps collection.