Version: 1.2.0.7
stix.ttp
Module¶
Overview¶
The stix.ttp
module implements TTP
.
TTPs are representations of the behavior or modus operandi of cyber adversaries.
Documentation Resources¶
Classes¶
-
class
stix.ttp.
TTP
(id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None)¶ Bases:
stix.base.BaseCoreComponent
Implementation of the STIX TTP.
Parameters: - id (optional) – An identifier. If
None
, a value will be generated viamixbox.idgen.create_id()
. If set, this will unset theidref
property. - idref (optional) – An identifier reference. If set this will unset the
id_
property. - timestamp (optional) – A timestamp value. Can be an instance of
datetime.datetime
orstr
. - description – A description of the purpose or intent of this object.
- short_description – A short description of the intent or purpose of this object.
- title – The title of this object.
-
add_description
(description)¶ Adds a description to the
descriptions
collection.This is the same as calling “foo.descriptions.add(bar)”.
-
add_intended_effect
(value)¶ Adds a
Statement
object to theintended_effects
collection.If value is a string, an attempt will be made to convert it into an instance of
Statement
.
-
add_kill_chain_phase
(value)¶ Adds a
KillChainPhaseReference
to thekill_chain_phases
collection.Parameters: value – A KillChainPhase
,KillChainPhaseReference
or astr
representing the phase_id of. Note that you if you are defining a custom Kill Chain, you need to add it to the STIX package separately.
Adds a
RelatedPackageRef
object to therelated_packages
collection.Parameters: value – A RelatedPackageRef
or aSTIXPackage
object.
-
add_short_description
(description)¶ Adds a description to the
short_descriptions
collection.This is the same as calling “foo.short_descriptions.add(bar)”.
-
description
¶ A single description about the contents or purpose of this object.
Default Value:
None
Note
If this object has more than one description set, this will return the description with the lowest ordinality value.
Returns: An instance of StructuredText
-
find
(id_)¶ Searches the children of a
Entity
implementation for an object with anid_
property that matches id_.
-
short_description
¶ A single short description about the contents or purpose of this object.
Default Value:
None
Note
If this object has more than one short description set, this will return the description with the lowest ordinality value.
Returns: An instance of StructuredText
-
to_dict
()¶ Convert to a
dict
Subclasses can override this function.
Returns: Python dict with keys set from this Entity.
-
to_json
()¶ Export an object as a JSON String.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
- id (optional) – An identifier. If