Documentation
¶
Overview ¶
Package intrusionset implements the STIX 2.1 Intrusion Set object.
The following information comes directly from the STIX 2.1 specification.
An Intrusion Set is a grouped set of adversarial behaviors and resources with common properties that is believed to be orchestrated by a single organization. An Intrusion Set may capture multiple Campaigns or other activities that are all tied together by shared attributes indicating a commonly known or unknown Threat Actor. New activity can be attributed to an Intrusion Set even if the Threat Actors behind the attack are not known. Threat Actors can move from supporting one Intrusion Set to supporting another, or they may support multiple Intrusion Sets.
Where a Campaign is a set of attacks over a period of time against a specific set of targets to achieve some objective, an Intrusion Set is the entire attack package and may be used over a very long period of time in multiple Campaigns to achieve potentially multiple purposes.
While sometimes an Intrusion Set is not active, or changes focus, it is usually difficult to know if it has truly disappeared or ended. Analysts may have varying level of fidelity on attributing an Intrusion Set back to Threat Actors and may be able to only attribute it back to a nation state or perhaps back to an organization within that nation state.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IntrusionSet ¶
type IntrusionSet struct {
objects.CommonObjectProperties
properties.NameProperty
properties.DescriptionProperty
properties.AliasesProperty
properties.SeenProperties
properties.GoalsProperty
properties.ResourceLevelProperty
properties.MotivationProperties
}
IntrusionSet - This type implements the STIX 2 Intrusion Set SDO and defines
all of the properties and methods needed to create and work with this object. All of the methods not defined local to this type are inherited from the individual properties.
func Decode ¶ added in v0.6.1
func Decode(data []byte) (*IntrusionSet, error)
Decode - This function is a simple wrapper for decoding JSON data. It will
decode a slice of bytes into an actual struct and return a pointer to that object along with any errors.
func New ¶
func New() *IntrusionSet
New - This function will create a new STIX Intrusion Set object and return
it as a pointer. It will also initialize the object by setting all of the basic properties.
func (*IntrusionSet) Encode ¶ added in v0.6.1
func (o *IntrusionSet) Encode() ([]byte, error)
Encode - This method is a simple wrapper for encoding an object into JSON
func (*IntrusionSet) EncodeToString ¶ added in v0.6.1
func (o *IntrusionSet) EncodeToString() (string, error)
EncodeToString - This method is a simple wrapper for encoding an object into
JSON
func (*IntrusionSet) GetPropertyList ¶ added in v0.6.1
func (o *IntrusionSet) GetPropertyList() []string
GetProperties - This method will return a list of all of the properties that
are unique to this object. This is used by the custom UnmarshalJSON for this object. It is defined here in this file to make it easy to keep in sync.
func (*IntrusionSet) UnmarshalJSON ¶ added in v0.6.1
func (o *IntrusionSet) UnmarshalJSON(b []byte) error
UnmarshalJSON - This method will over write the default UnmarshalJSON method
to enable custom properties that this library does not know about. It will store them as map where the value of each key is a byte arrays. This way a tool that does know how to deal with them can then further process them after this is done. This will also allow the storage of the raw JSON data.
func (*IntrusionSet) Valid ¶ added in v0.6.1
func (o *IntrusionSet) Valid() (bool, int, []string)
Valid - This method will verify and test all of the properties on an object
to make sure they are valid per the specification. It will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
Source Files