Documentation
¶
Overview ¶
Package malwareanalysis implements the STIX 2.1 Malware Analysis object.
The following information comes directly from the STIX 2.1 specification.
Malware Analysis captures the metadata and results of a particular static or dynamic analysis performed on a malware instance or family. One of av_result or analysis_sco_refs MUST be provided.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MalwareAnalysis ¶
type MalwareAnalysis struct {
objects.CommonObjectProperties
Product string `json:"product,omitempty"`
Version string `json:"version,omitempty"`
HostVmRef string `json:"host_vm_ref,omitempty"`
OperatingSystemRef string `json:"operating_system_ref,omitempty"`
InstalledSoftwareRefs []string `json:"installed_software_refs,omitempty"`
ConfigurationVersion string `json:"configuration_version,omitempty"`
Modules []string `json:"modules,omitempty"`
AnalysisEngineVersion string `json:"analysis_engine_version,omitempty"`
AnalysisDefinitionVersion string `json:"analysis_definition_version,omitempty"`
Submitted string `json:"submitted,omitempty"`
AnalysisStarted string `json:"analysis_started,omitempty"`
AnalysisEnded string `json:"analysis_ended,omitempty"`
AVResults string `json:"av_results,omitempty"`
AnalysisSCORefs string `json:"analysis_sco_refs,omitempty"`
}
MalwareAnalysis - This type implements the STIX 2 Malware Analysis SDO and
defines all of the properties and methods needed to create and work with this object. All of the methods not defined local to this type are inherited from the individual properties.
func Decode ¶
func Decode(data []byte) (*MalwareAnalysis, error)
Decode - This function is a simple wrapper for decoding JSON data. It will
decode a slice of bytes into an actual struct and return a pointer to that object along with any errors.
func New ¶
func New() *MalwareAnalysis
New - This function will create a new STIX Malware Analysis object and return
it as a pointer. It will also initialize the object by setting all of the basic properties.
func (*MalwareAnalysis) Encode ¶
func (o *MalwareAnalysis) Encode() ([]byte, error)
Encode - This method is a simple wrapper for encoding an object into JSON
func (*MalwareAnalysis) EncodeToString ¶
func (o *MalwareAnalysis) EncodeToString() (string, error)
EncodeToString - This method is a simple wrapper for encoding an object into
JSON
func (*MalwareAnalysis) GetPropertyList ¶
func (o *MalwareAnalysis) GetPropertyList() []string
GetProperties - This method will return a list of all of the properties that
are unique to this object. This is used by the custom UnmarshalJSON for this object. It is defined here in this file to make it easy to keep in sync.
func (*MalwareAnalysis) UnmarshalJSON ¶
func (o *MalwareAnalysis) UnmarshalJSON(b []byte) error
UnmarshalJSON - This method will over write the default UnmarshalJSON method
to enable custom properties that this library does not know about. It will store them as map where the value of each key is a byte arrays. This way a tool that does know how to deal with them can then further process them after this is done. This will also allow the storage of the raw JSON data.
func (*MalwareAnalysis) Valid ¶
func (o *MalwareAnalysis) Valid() (bool, int, []string)
Valid - This method will verify and test all of the properties on an object
to make sure they are valid per the specification. It will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
Source Files