README
¶
FreeTAXII/libstix2
NOTE: THIS IS FORK OF freetaxii/libstix2 WITH MONGODB SUPPORT
libstix2 an API for generating JSON based STIX objects and TAXII messages with the Go (Golang) programming language. Please see the examples directory and the README files in each of the sub packages for more information. This API is built to support STIX 2.x and TAXII 2.x.
Version
0.6.1
Installation
This package can be installed with the go get command:
go get github.com/freetaxii/libstix2
Special Thanks
I would like to thank the following contributors for there support of this project:
Oleksii Morozov
Dependencies
This software uses the following external libraries:
uuid
go get github.com/pborman/uuid
Copyright (c) 2014 Google Inc. All rights reserved. (Google License)
qo-sqlite3
go get github.com/mattn/go-sqlite3
go install github.com/mattn/go-sqlite3
Copyright (c) 2014 Yasuhiro Matsumoto (MIT License)
This software uses the following builtin libraries:
crypto/sha1, database/sql, encoding/base64, errors, fmt, log, os, regexp, strings, testing, time
Copyright 2009 The Go Authors
Features
Below is a list of major features and which ones have been implemented:
STIX Domain Objects
- Attack Pattern
- Campaign
- Course of Action
- Identity
- Indicator
- Intrusion Set
- Location
- Malware
- Note
- Observed Data
- Opinion
- Report
- Threat Actor
- Tool
- Vulnerability
STIX Relationship Objects
- Relationship
- Sighting
Other STIX Objects
- Bundle
- Language Content
- Marking Definition
TAXII Resources
- Discovery
- API Root
- Collections
- Collection
- Objects
- Manifest
- Envelope
- Status
- Error
Datastore
- SQLite 3
Naming Conventions
While Go does not require getters and setters, setters are used in libstix2 to enable validation and verification checks. All setters in libstix2 return an error type, even if they currently just return “nil”. This will ensure that the API will not change if/when additional validation / verification checks are added in the future.
Libstix2 uses the following naming conventions for methods on objects and resources.
-
Methods that setup / create a new object have a name of "New" or "New"+ object type. These constructors return a pointer to the object.
-
Methods that are setting a value have a name of “Set” + the property name. Example: “SetConfidence” is used for setting a value on the Confidence property.
-
Methods that are getting a value have a name of “Get” + the property name. Example: “GetConfidence” is used for getting the value stored in the Confidence property.
-
Methods that take in a value and add that value to a slice have a name of “Add” + the property name in the singular. Example: “AddLabel” is used to add a sting label to the labels property.
-
Methods that take in an object and add that object to a slice have a name of “Add” + the object type in the singular. Example: “AddManifestEntry” is used to add a Manifest Entry to the Objects slice in the Manifest resource. It is important to note that these methods take in a pointer to the object instead of a copy of the object itself. Some examples with full signatures:
func (o *CollectionsType) AddCollection(o *CollectionType) (int, error) {}
func (o *ManifestType) AddManifestEntry(o *ManifestEntryType) (int, error) {}
- Methods that create a new a new object inside another object and return a pointer to a slice location for the new object have a name of “New” + the object type in the singular. Example: “NewManifestEntry” is used to create a new Manifest Entry in the Objects slice in the Manifest resource. Some examples with full signatures:
func (o *ExternalReferencesPropertyType) NewExternalReference() (*ExternalReferenceType, error) {}
func (o *KillChainPhasesPropertyType) NewKillChainPhase() (*KillChainPhaseType, error) {}
func (o *CollectionsType) NewCollection() (*CollectionType, error) {}
func (o *ManifestType) NewManifestEntry() (*ManifestEntryType, error) {}
- Methods that create and populate a new object in a single step have a name of “Create” + the object type in the singular. Example: “CreateManifestEntry” is used to create a new Manifest Entry in the Objects slice in the Manifest resource and populates it in one step. Some examples with full signatures:
func (o *KillChainPhasesPropertyType) CreateKillChainPhase(name, phase string) error {}
func (o *ManifestType) CreateManifestEntry(id, date, ver, media string) error {}
License
This is free software, licensed under the Apache License, Version 2.0. Read this for a summary.
Copyright
Copyright 2015-2020 Bret Jordan, All rights reserved.
Documentation
¶
Overview ¶
Package libstix2 implements an API for generating STIX 2 JSON based messages with the Go (Golang) programming language. Please see the examples directory and the README files in each of the sub packages for more information. This API is built to support STIX 2.x.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package datastore defines various datastores for use with STIX 2 and TAXII 2.
|
Package datastore defines various datastores for use with STIX 2 and TAXII 2. |
|
sqlite3
Package sqlite3 implements the SQLite 3 datastore for TAXII 2.
|
Package sqlite3 implements the SQLite 3 datastore for TAXII 2. |
|
examples
|
|
|
Package objects implements the STIX 2.1 object model.
|
Package objects implements the STIX 2.1 object model. |
|
attackpattern
Package attackpattern implements the STIX 2.1 Attack Pattern object.
|
Package attackpattern implements the STIX 2.1 Attack Pattern object. |
|
bundle
Package bundle implements the STIX 2.1 Bundle object.
|
Package bundle implements the STIX 2.1 Bundle object. |
|
campaign
Package campaign implements the STIX 2.1 Campaign object.
|
Package campaign implements the STIX 2.1 Campaign object. |
|
courseofaction
Package courseofaction implements the STIX 2.1 Course of Action object.
|
Package courseofaction implements the STIX 2.1 Course of Action object. |
|
grouping
Package grouping implements the STIX 2.1 Grouping object.
|
Package grouping implements the STIX 2.1 Grouping object. |
|
identity
Package identity implements the STIX 2.1 Identity object.
|
Package identity implements the STIX 2.1 Identity object. |
|
indicator
Package indicator implements the STIX 2.1 Indicator object.
|
Package indicator implements the STIX 2.1 Indicator object. |
|
infrastructure
Package infrastructure implements the STIX 2.1 Infrastructure object.
|
Package infrastructure implements the STIX 2.1 Infrastructure object. |
|
intrusionset
Package intrusionset implements the STIX 2.1 Intrusion Set object.
|
Package intrusionset implements the STIX 2.1 Intrusion Set object. |
|
location
Package location implements the STIX 2.1 Attack Pattern object.
|
Package location implements the STIX 2.1 Attack Pattern object. |
|
malware
Package malware implements the STIX 2.1 Malware object.
|
Package malware implements the STIX 2.1 Malware object. |
|
malwareanalysis
Package malwareanalysis implements the STIX 2.1 Malware Analysis object.
|
Package malwareanalysis implements the STIX 2.1 Malware Analysis object. |
|
note
Package note implements the STIX 2.1 Attack Pattern object.
|
Package note implements the STIX 2.1 Attack Pattern object. |
|
observeddata
Package observeddata implements the STIX 2.1 Observed Data object.
|
Package observeddata implements the STIX 2.1 Observed Data object. |
|
opinion
Package opinion implements the STIX 2.1 Relationship object.
|
Package opinion implements the STIX 2.1 Relationship object. |
|
properties
Package properties contains all of the common properties used on STIX objects.
|
Package properties contains all of the common properties used on STIX objects. |
|
relationship
Package relationship implements the STIX 2.1 Relationship object.
|
Package relationship implements the STIX 2.1 Relationship object. |
|
report
Package report implements the STIX 2.1 Report object.
|
Package report implements the STIX 2.1 Report object. |
|
sco/domainname
Package domainname implements the STIX 2.1 Domain Name SCO object.
|
Package domainname implements the STIX 2.1 Domain Name SCO object. |
|
sco/urlobject
Package urlobject implements the STIX 2.1 URL SCO object.
|
Package urlobject implements the STIX 2.1 URL SCO object. |
|
sighting
Package sighting implements the STIX 2.1 Sighting object.
|
Package sighting implements the STIX 2.1 Sighting object. |
|
taxii/apiroot
Package apiroot implements the TAXII 2.1 API Root resource.
|
Package apiroot implements the TAXII 2.1 API Root resource. |
|
taxii/discovery
Package discovery implements the TAXII 2.1 API Root resource.
|
Package discovery implements the TAXII 2.1 API Root resource. |
|
threatactor
Package threatactor implements the STIX 2.1 Threat Actor object.
|
Package threatactor implements the STIX 2.1 Threat Actor object. |
|
tool
Package tool implements the STIX 2.1 Tool object.
|
Package tool implements the STIX 2.1 Tool object. |
|
vulnerability
Package vulnerability implements the STIX 2.1 Vulnerability object.
|
Package vulnerability implements the STIX 2.1 Vulnerability object. |
|
Package resources implements various helper functions that are used be the libstix2 library and can be used by tools using the libstix2 library.
|
Package resources implements various helper functions that are used be the libstix2 library and can be used by tools using the libstix2 library. |
|
Package vocabs implements the STIX 2 Vocabularies.
|
Package vocabs implements the STIX 2 Vocabularies. |