Documentation ¶
Overview ¶
Package objects implements the STIX 2.1 object model.
The following information comes directly from the STIX 2.1 specification.
This specification defines the set of STIX Domain Objects (SDOs), each of which corresponds to a unique concept commonly represented in CTI. Using SDOs, STIX Cyber-observable Objects (SCOs), and STIX Relationship Objects (SROs) as building blocks, individuals can create and share broad and comprehensive cyber threat intelligence.
Property information, relationship information, and examples are provided for each SDO defined below. Property information includes common properties as well as properties that are specific to each SDO. Relationship information includes embedded relationships (e.g., created_by_ref), common relationships (e.g., related-to), and SDO-specific relationships. Forward relationships (i.e., relationships from the SDO to other SDOs or SCOs) are fully defined, while reverse relationships (i.e., relationships to the SDO from other SDOs or SCOs) are duplicated for convenience.
Some SDOs are similar and can be grouped together into categories. Attack Pattern, Malware, and Tool can all be considered types of tactics, techniques, and procedures (TTPs): they describe behaviors and resources that attackers use to carry out their attacks. Similarly, Campaign, Intrusion Set, and Threat Actor all describe information about why adversaries carry out attacks and how they organize themselves.
Index ¶
- func Compare(obj1, obj2 *CommonObjectProperties) (bool, int, []string)
- func DecodeType(data []byte) (string, error)
- func ValidObjectType(t string) bool
- type CommonObjectProperties
- func (o *CommonObjectProperties) Compare(obj2 *CommonObjectProperties) (bool, int, []string)
- func (o *CommonObjectProperties) FindCustomProperties(b []byte, p []string) error
- func (o *CommonObjectProperties) GetCommonProperties() *CommonObjectProperties
- func (o *CommonObjectProperties) GetCommonPropertyList() []string
- func (o *CommonObjectProperties) InitBundle() error
- func (o *CommonObjectProperties) InitSCO(objectType string) error
- func (o *CommonObjectProperties) InitSDO(objectType string) error
- func (o *CommonObjectProperties) InitSRO(objectType string) error
- func (o *CommonObjectProperties) ValidSDO() (bool, int, map[string]string)
- type STIXObject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Compare ¶ added in v0.6.1
func Compare(obj1, obj2 *CommonObjectProperties) (bool, int, []string)
Compare - This function will compare two objects to make sure they are the same and will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
func DecodeType ¶
DecodeType - This function will take in a slice of bytes representing a random STIX object encoded as JSON and return the STIX object type as a string. This is called from the Bundle Decode() to determine which type of STIX object the data represents, so that the data can be dispatched to the right object decoder.
func ValidObjectType ¶ added in v0.6.1
ValidObjectType - This function will take in a STIX object type and return true if the string represents an actual STIX object type. This is used for determining if input from an outside source is actually a defined STIX object or not.
Types ¶
type CommonObjectProperties ¶ added in v0.6.1
type CommonObjectProperties struct { properties.DatastoreIDProperty `bson:",inline"` properties.TypeProperty `bson:",inline"` properties.SpecVersionProperty `bson:",inline"` properties.IDProperty `bson:",inline"` properties.CreatedByRefProperty `bson:",inline"` properties.CreatedProperty `bson:",inline"` properties.ModifiedProperty `bson:",inline"` properties.RevokedProperty `bson:",inline"` properties.LabelsProperty `bson:",inline"` properties.ConfidenceProperty `bson:",inline"` properties.LangProperty `bson:",inline"` properties.ExternalReferencesProperty `bson:",inline"` properties.MarkingProperties `bson:",inline"` properties.CustomProperties `bson:",inline"` properties.RawProperty `bson:",inline"` }
CommonObjectProperties - This type defines the properties that are common to most STIX objects. If an object does not use all of these properties, then the Encode() function for that object will clean up and remove the properties that might get populated by mistake. Also, there will be Init() functions for each type of STIX object to help with populating the right properties for that type of object. This was done so that we would only need one type that could be used by all objects, to simplify the code.
func Decode ¶
func Decode(data []byte) (*CommonObjectProperties, error)
Decode - This function is a simple wrapper for decoding JSON data. It will decode a slice of bytes into an actual struct and return a pointer to that object along with any errors. This is called from the Bundle Decode() if the object type can not be determined. So for custom objects, it will at least decode any of the common object properties that might be found.
func (*CommonObjectProperties) Compare ¶ added in v0.6.1
func (o *CommonObjectProperties) Compare(obj2 *CommonObjectProperties) (bool, int, []string)
Compare - This method will compare the common properties from two objects to make sure they are the same. The common properties receiver is object 1 and the common properties passed in is object 2. This method will return an integer that tracks the number of problems and a slice of strings that contain the detailed results, whether good or bad.
func (*CommonObjectProperties) FindCustomProperties ¶ added in v0.6.1
func (o *CommonObjectProperties) FindCustomProperties(b []byte, p []string) error
FindCustomProperties - This method will return a map that includes just the custom properties for a given STIX object. It takes in the raw JSON byte array and a slice of string that includes the keys to remove.
func (*CommonObjectProperties) GetCommonProperties ¶ added in v0.6.1
func (o *CommonObjectProperties) GetCommonProperties() *CommonObjectProperties
GetCommonProperties - This method will return a pointer to the common properties of this object.
func (*CommonObjectProperties) GetCommonPropertyList ¶ added in v0.6.1
func (o *CommonObjectProperties) GetCommonPropertyList() []string
GetCommonPropertyList - This method will return a list of all of the properties that are common to all objects. This is used by the FindCustomProperties method. It is defined here in this file to make it easy to keep in sync as new properties are added.
func (*CommonObjectProperties) InitBundle ¶ added in v0.6.1
func (o *CommonObjectProperties) InitBundle() error
InitBundle - This method will initialize a STIX Bundle by setting all of the basic properties and is called by the New() function from that object.
func (*CommonObjectProperties) InitSCO ¶ added in v0.6.1
func (o *CommonObjectProperties) InitSCO(objectType string) error
InitSCO - This method will initialize a STIX Cyber Observable Object by setting all of the basic properties and is called by the New() function from each object.
func (*CommonObjectProperties) InitSDO ¶ added in v0.6.1
func (o *CommonObjectProperties) InitSDO(objectType string) error
InitSDO - This method will initialize a STIX Domain Object by setting all of the basic properties and is called by the New() function from each object.
func (*CommonObjectProperties) InitSRO ¶ added in v0.6.1
func (o *CommonObjectProperties) InitSRO(objectType string) error
InitSRO - This method will initialize a STIX Relationship Object by setting all of the basic properties and is called by the New() function from each object.
func (*CommonObjectProperties) ValidSDO ¶ added in v0.6.1
func (o *CommonObjectProperties) ValidSDO() (bool, int, map[string]string)
ValidSDO - This method will verify and test all of the properties on a STIX Domain Object to make sure they are valid per the specification. It will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
type STIXObject ¶
type STIXObject interface {
GetCommonProperties() *CommonObjectProperties
}
STIXObject - This interface defines what methods an object must have to be considered a STIX Object. So any new object that is created that inherits the CommonObjectProperties is considered a STIX Object by this code. This interface is currently used by the Bundle object to add objects to the Bundle.
Directories ¶
Path | Synopsis |
---|---|
Package attackpattern implements the STIX 2.1 Attack Pattern object.
|
Package attackpattern implements the STIX 2.1 Attack Pattern object. |
Package bundle implements the STIX 2.1 Bundle object.
|
Package bundle implements the STIX 2.1 Bundle object. |
Package campaign implements the STIX 2.1 Campaign object.
|
Package campaign implements the STIX 2.1 Campaign object. |
Package courseofaction implements the STIX 2.1 Course of Action object.
|
Package courseofaction implements the STIX 2.1 Course of Action object. |
Package grouping implements the STIX 2.1 Grouping object.
|
Package grouping implements the STIX 2.1 Grouping object. |
Package identity implements the STIX 2.1 Identity object.
|
Package identity implements the STIX 2.1 Identity object. |
Package indicator implements the STIX 2.1 Indicator object.
|
Package indicator implements the STIX 2.1 Indicator object. |
Package infrastructure implements the STIX 2.1 Infrastructure object.
|
Package infrastructure implements the STIX 2.1 Infrastructure object. |
Package intrusionset implements the STIX 2.1 Intrusion Set object.
|
Package intrusionset implements the STIX 2.1 Intrusion Set object. |
Package location implements the STIX 2.1 Attack Pattern object.
|
Package location implements the STIX 2.1 Attack Pattern object. |
Package malware implements the STIX 2.1 Malware object.
|
Package malware implements the STIX 2.1 Malware object. |
Package malwareanalysis implements the STIX 2.1 Malware Analysis object.
|
Package malwareanalysis implements the STIX 2.1 Malware Analysis object. |
Package note implements the STIX 2.1 Attack Pattern object.
|
Package note implements the STIX 2.1 Attack Pattern object. |
Package observeddata implements the STIX 2.1 Observed Data object.
|
Package observeddata implements the STIX 2.1 Observed Data object. |
Package opinion implements the STIX 2.1 Relationship object.
|
Package opinion implements the STIX 2.1 Relationship object. |
Package properties contains all of the common properties used on STIX objects.
|
Package properties contains all of the common properties used on STIX objects. |
Package relationship implements the STIX 2.1 Relationship object.
|
Package relationship implements the STIX 2.1 Relationship object. |
Package report implements the STIX 2.1 Report object.
|
Package report implements the STIX 2.1 Report object. |
sco
|
|
domainname
Package domainname implements the STIX 2.1 Domain Name SCO object.
|
Package domainname implements the STIX 2.1 Domain Name SCO object. |
urlobject
Package urlobject implements the STIX 2.1 URL SCO object.
|
Package urlobject implements the STIX 2.1 URL SCO object. |
Package sighting implements the STIX 2.1 Sighting object.
|
Package sighting implements the STIX 2.1 Sighting object. |
taxii
|
|
apiroot
Package apiroot implements the TAXII 2.1 API Root resource.
|
Package apiroot implements the TAXII 2.1 API Root resource. |
discovery
Package discovery implements the TAXII 2.1 API Root resource.
|
Package discovery implements the TAXII 2.1 API Root resource. |
Package threatactor implements the STIX 2.1 Threat Actor object.
|
Package threatactor implements the STIX 2.1 Threat Actor object. |
Package tool implements the STIX 2.1 Tool object.
|
Package tool implements the STIX 2.1 Tool object. |
Package vulnerability implements the STIX 2.1 Vulnerability object.
|
Package vulnerability implements the STIX 2.1 Vulnerability object. |