Version: 1.2.0.7
stix.incident
Module¶
Overview¶
The stix.incident
module implements Incident
.
Incidents are discrete instances of Indicators affecting an organization along with information discovered or decided during an incident response investigation.
Documentation Resources¶
Classes¶
-
class
stix.incident.
Incident
(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)¶ Bases:
stix.base.BaseCoreComponent
Implementation of the STIX Incident.
Parameters: - id (optional) – An identifier. If
None
, a value will be generated viamixbox.idgen.create_id()
. If set, this will unset theidref
property. - idref (optional) – An identifier reference. If set this will unset the
id_
property. - timestamp (optional) – A timestamp value. Can be an instance of
datetime.datetime
orstr
. - description – A description of the purpose or intent of this object.
- short_description – A short description of the intent or purpose of this object.
- title – The title of this object.
-
add_affected_asset
(v)¶ Adds a
AffectedAsset
object to theaffected_assets
collection.
-
add_category
(category)¶ Adds a
VocabString
object to thecategories
collection.If category is a string, an attempt will be made to convert it into an instance of
IncidentCategory
.
-
add_coa_requested
(value)¶ Adds a
COARequested
object to thecoas_requested
collection.
-
add_coordinator
(value)¶ Adds a
InformationSource
object to thecoordinators
collection.
-
add_description
(description)¶ Adds a description to the
descriptions
collection.This is the same as calling “foo.descriptions.add(bar)”.
-
add_discovery_method
(value)¶ Adds a
VocabString
object to thediscovery_methods
collection.If value is a string, an attempt will be made to convert it to an instance of
DiscoveryMethod
.
-
add_external_id
(value)¶ Adds a
ExternalID
object to theexternal_ids
collection.
-
add_intended_effect
(value)¶ Adds a
Statement
object to theintended_effects
collection.If value is a string, an attempt will be made to convert it into an instance of
Statement
.
Adds an Related Indicator to the
related_indicators
list property of thisIncident
.The indicator parameter must be an instance of
RelatedIndicator
orIndicator
.If the indicator parameter is
None
, no item will be added to therelated_indicators
list property.Calling this method is the same as calling
append()
on therelated_indicators
property.See also
The
RelatedIndicators
documentation.Note
If the indicator parameter is not an instance of
RelatedIndicator
an attempt will be made to convert it to one.Parameters: indicator – An instance of Indicator
orRelatedIndicator
.Raises: ValueError
– If the indicator parameter cannot be converted into an instance ofRelatedIndicator
Adds a Related Observable to the
related_observables
list property of thisIncident
.The observable parameter must be an instance of
RelatedObservable
orObservable
.If the observable parameter is
None
, no item will be added to therelated_observables
list property.Calling this method is the same as calling
append()
on therelated_observables
property.See also
The
RelatedObservables
documentation.Note
If the observable parameter is not an instance of
RelatedObservable
an attempt will be made to convert it to one.Parameters: observable – An instance of Observable
orRelatedObservable
.Raises: ValueError
– If the value parameter cannot be converted into an instance ofRelatedObservable
-
add_responder
(value)¶ Adds a
InformationSource
object to theresponders
collection.
-
add_short_description
(description)¶ Adds a description to the
short_descriptions
collection.This is the same as calling “foo.short_descriptions.add(bar)”.
-
add_victim
(victim)¶ Adds a
IdentityType
value to thevictims
collection.
-
description
¶ A single description about the contents or purpose of this object.
Default Value:
None
Note
If this object has more than one description set, this will return the description with the lowest ordinality value.
Returns: An instance of StructuredText
-
find
(id_)¶ Searches the children of a
Entity
implementation for an object with anid_
property that matches id_.
-
short_description
¶ A single short description about the contents or purpose of this object.
Default Value:
None
Note
If this object has more than one short description set, this will return the description with the lowest ordinality value.
Returns: An instance of StructuredText
-
to_dict
()¶ Convert to a
dict
Subclasses can override this function.
Returns: Python dict with keys set from this Entity.
-
to_json
()¶ Export an object as a JSON String.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
- id (optional) – An identifier. If
-
class
stix.incident.
AttributedThreatActors
(scope=None, *args)¶
-
class
stix.incident.
LeveragedTTPs
(scope=None, *args)¶
-
class
stix.incident.
RelatedIndicators
(scope=None, *args)¶
-
class
stix.incident.
RelatedObservables
(scope=None, *args)¶
-
class
stix.incident.
RelatedIncidents
(scope=None, *args)¶