stix

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package stix provides STIX 2.1 export capabilities for threat models. It converts the intermediate representation (IR) to STIX 2.1 bundles for sharing threat intelligence with other security tools.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AttackPattern 

type AttackPattern struct {
	Type               string              `json:"type"`
	SpecVersion        string              `json:"spec_version"`
	ID                 string              `json:"id"`
	Created            string              `json:"created"`
	Modified           string              `json:"modified"`
	CreatedByRef       string              `json:"created_by_ref,omitempty"`
	Name               string              `json:"name"`
	Description        string              `json:"description,omitempty"`
	Aliases            []string            `json:"aliases,omitempty"`
	KillChainPhases    []KillChainPhase    `json:"kill_chain_phases,omitempty"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty"`
}

AttackPattern represents a STIX Attack Pattern object.

func (*AttackPattern) GetID 

func (a *AttackPattern) GetID() string

func (*AttackPattern) GetType 

func (a *AttackPattern) GetType() string

type Bundle 

type Bundle struct {
	Type    string   `json:"type"`
	ID      string   `json:"id"`
	Objects []Object `json:"objects"`
}

Bundle is a STIX 2.1 Bundle object that contains a collection of STIX objects.

func NewBundle 

func NewBundle() *Bundle

NewBundle creates a new STIX Bundle.

func (*Bundle) AddObject 

func (b *Bundle) AddObject(obj Object)

AddObject adds a STIX object to the bundle.

type Exporter 

type Exporter struct {
	// IdentityName is the name used for the identity object (default: "Threat Model Spec").
	IdentityName string

	// IdentityClass is the identity class (default: "organization").
	IdentityClass string

	// CreatedByRef is the STIX ID of the identity that created these objects.
	CreatedByRef string
}

Exporter converts threat model diagrams to STIX 2.1 bundles.

func NewExporter 

func NewExporter() *Exporter

NewExporter creates a new STIX exporter with default settings.

func (*Exporter) Export 

func (e *Exporter) Export(d *ir.DiagramIR) (*Bundle, error)

Export converts a DiagramIR to a STIX 2.1 Bundle.

func (*Exporter) ExportJSON 

func (e *Exporter) ExportJSON(d *ir.DiagramIR) (string, error)

ExportJSON converts a DiagramIR to a STIX 2.1 JSON string.

type ExternalReference 

type ExternalReference struct {
	SourceName  string `json:"source_name"`
	ExternalID  string `json:"external_id,omitempty"`
	URL         string `json:"url,omitempty"`
	Description string `json:"description,omitempty"`
}

ExternalReference represents an external reference to another source.

type Identity 

type Identity struct {
	Type          string `json:"type"`
	SpecVersion   string `json:"spec_version"`
	ID            string `json:"id"`
	Created       string `json:"created"`
	Modified      string `json:"modified"`
	Name          string `json:"name"`
	Description   string `json:"description,omitempty"`
	IdentityClass string `json:"identity_class"`
}

Identity represents a STIX Identity object.

func (*Identity) GetID 

func (i *Identity) GetID() string

func (*Identity) GetType 

func (i *Identity) GetType() string

type Indicator 

type Indicator struct {
	Type               string              `json:"type"`
	SpecVersion        string              `json:"spec_version"`
	ID                 string              `json:"id"`
	Created            string              `json:"created"`
	Modified           string              `json:"modified"`
	CreatedByRef       string              `json:"created_by_ref,omitempty"`
	Name               string              `json:"name,omitempty"`
	Description        string              `json:"description,omitempty"`
	IndicatorTypes     []string            `json:"indicator_types,omitempty"`
	Pattern            string              `json:"pattern"`
	PatternType        string              `json:"pattern_type"`
	PatternVersion     string              `json:"pattern_version,omitempty"`
	ValidFrom          string              `json:"valid_from"`
	ValidUntil         string              `json:"valid_until,omitempty"`
	KillChainPhases    []KillChainPhase    `json:"kill_chain_phases,omitempty"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty"`
}

Indicator represents a STIX Indicator object.

func (*Indicator) GetID 

func (i *Indicator) GetID() string

func (*Indicator) GetType 

func (i *Indicator) GetType() string

type Infrastructure 

type Infrastructure struct {
	Type               string              `json:"type"`
	SpecVersion        string              `json:"spec_version"`
	ID                 string              `json:"id"`
	Created            string              `json:"created"`
	Modified           string              `json:"modified"`
	CreatedByRef       string              `json:"created_by_ref,omitempty"`
	Name               string              `json:"name"`
	Description        string              `json:"description,omitempty"`
	InfraType          string              `json:"infrastructure_types,omitempty"`
	Aliases            []string            `json:"aliases,omitempty"`
	KillChainPhases    []KillChainPhase    `json:"kill_chain_phases,omitempty"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty"`
}

Infrastructure represents a STIX Infrastructure object.

func (*Infrastructure) GetID 

func (i *Infrastructure) GetID() string

func (*Infrastructure) GetType 

func (i *Infrastructure) GetType() string

type KillChainPhase 

type KillChainPhase struct {
	KillChainName string `json:"kill_chain_name"`
	PhaseName     string `json:"phase_name"`
}

KillChainPhase represents a phase in a kill chain.

type Note 

type Note struct {
	Type         string   `json:"type"`
	SpecVersion  string   `json:"spec_version"`
	ID           string   `json:"id"`
	Created      string   `json:"created"`
	Modified     string   `json:"modified"`
	CreatedByRef string   `json:"created_by_ref,omitempty"`
	Abstract     string   `json:"abstract,omitempty"`
	Content      string   `json:"content"`
	Authors      []string `json:"authors,omitempty"`
	ObjectRefs   []string `json:"object_refs"`
}

Note represents a STIX Note object for adding context.

func (*Note) GetID 

func (n *Note) GetID() string

func (*Note) GetType 

func (n *Note) GetType() string

type Object 

type Object interface {
	GetType() string
	GetID() string
}

Object is an interface for all STIX objects.

type Relationship 

type Relationship struct {
	Type             string `json:"type"`
	SpecVersion      string `json:"spec_version"`
	ID               string `json:"id"`
	Created          string `json:"created"`
	Modified         string `json:"modified"`
	CreatedByRef     string `json:"created_by_ref,omitempty"`
	RelationshipType string `json:"relationship_type"`
	Description      string `json:"description,omitempty"`
	SourceRef        string `json:"source_ref"`
	TargetRef        string `json:"target_ref"`
	StartTime        string `json:"start_time,omitempty"`
	StopTime         string `json:"stop_time,omitempty"`
}

Relationship represents a STIX Relationship object.

func (*Relationship) GetID 

func (r *Relationship) GetID() string

func (*Relationship) GetType 

func (r *Relationship) GetType() string

type ThreatActor 

type ThreatActor struct {
	Type               string              `json:"type"`
	SpecVersion        string              `json:"spec_version"`
	ID                 string              `json:"id"`
	Created            string              `json:"created"`
	Modified           string              `json:"modified"`
	CreatedByRef       string              `json:"created_by_ref,omitempty"`
	Name               string              `json:"name"`
	Description        string              `json:"description,omitempty"`
	ThreatActorTypes   []string            `json:"threat_actor_types"`
	Aliases            []string            `json:"aliases,omitempty"`
	Roles              []string            `json:"roles,omitempty"`
	Goals              []string            `json:"goals,omitempty"`
	Sophistication     string              `json:"sophistication,omitempty"`
	ResourceLevel      string              `json:"resource_level,omitempty"`
	PrimaryMotivation  string              `json:"primary_motivation,omitempty"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty"`
}

ThreatActor represents a STIX Threat Actor object.

func (*ThreatActor) GetID 

func (t *ThreatActor) GetID() string

func (*ThreatActor) GetType 

func (t *ThreatActor) GetType() string

type Vulnerability 

type Vulnerability struct {
	Type               string              `json:"type"`
	SpecVersion        string              `json:"spec_version"`
	ID                 string              `json:"id"`
	Created            string              `json:"created"`
	Modified           string              `json:"modified"`
	CreatedByRef       string              `json:"created_by_ref,omitempty"`
	Name               string              `json:"name"`
	Description        string              `json:"description,omitempty"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty"`
}

Vulnerability represents a STIX Vulnerability object.

func (*Vulnerability) GetID 

func (v *Vulnerability) GetID() string

func (*Vulnerability) GetType 

func (v *Vulnerability) GetType() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.