maec.bundle.bundle
Module
Version: 4.1.0.17
Classes¶
-
class
maec.bundle.bundle.
Bundle
(id=None, defined_subject=False, schema_version='4.1', content_type=None, malware_instance_object=None)¶ Bases:
maec.Entity
-
add_action
(action, action_collection_name=None)¶ Add an Action to an existing named Action Collection in the Collections entity. If it does not exist, add it to the top-level Actions entity.
-
add_av_classification
(av_classification)¶ Add an AV Classification to the top-level AV_Classifications entity in the Bundle.
-
add_behavior
(behavior, behavior_collection_name=None)¶ Add a Behavior to an existing named Behavior Collection in the Collections entity. If it does not exist, add it to the top-level Behaviors entity.
-
add_candidate_indicator
(candidate_indicator, candidate_indicator_collection_name=None)¶ Add a Candidate Indicator to an existing named Candidate Indicator Collection in the Collections entity. If it does not exist, add it to the top-level Candidate Indicators entity.
-
add_capability
(capability)¶ Add a Capability to the top-level Capabilities entity in the Bundle.
-
add_named_action_collection
(collection_name, collection_id=None)¶ Add a new named Action Collection to the top-level Collections entity in the Bundle.
-
add_named_behavior_collection
(collection_name, collection_id=None)¶ Add a new named Behavior Collection to the Collections entity in the Bundle.
-
add_named_candidate_indicator_collection
(collection_name, collection_id=None)¶ Add a new named Candidate Indicator Collection to the Collections entity in the Bundle.
-
add_named_object_collection
(collection_name, collection_id=None)¶ Add a new named Object Collection to the Collections entity in the Bundle.
-
add_object
(object, object_collection_name=None)¶ Add an Object to an existing named Object Collection in the Collections entity. If it does not exist, add it to the top-level Object entity.
-
classmethod
compare
(bundle_list, match_on=None, case_sensitive=True)¶ Compare the Bundle to a list of other Bundles, returning a BundleComparator object.
-
deduplicate
()¶ Deduplicate all Objects in the Bundle. Add duplicate Objects to new “Deduplicated Objects” Object Collection, and replace duplicate entries with references to corresponding Object.
-
dereference_objects
(extra_objects=[])¶ Dereference any Objects in the Bundle by replacing them with the entities they reference.
-
get_action_objects
(action_name_list)¶ Get all Objects corresponding to one or more types of Actions, specified via a list of Action names.
-
get_all_actions
(bin=False)¶ Return a list of all Actions in the Bundle.
-
get_all_actions_on_object
(object)¶ Return a list of all of the Actions in the Bundle that operate on a particular input Object.
-
get_all_multiple_referenced_objects
()¶ Return a list of all Objects in the Bundle that are referenced more than once.
-
get_all_non_reference_objects
()¶ Return a list of all Objects in the Bundle that are not references (i.e. all of the actual Objects in the Bundle).
-
get_all_objects
(include_actions=False)¶ Return a list of all Objects in the Bundle.
-
get_object_by_id
(id, extra_objects=[], ignore_actions=False)¶ Find and return the Entity (Action, Object, etc.) with the specified ID.
-
get_object_history
()¶ Build and return the Object history for the Bundle.
-
normalize_objects
()¶ Normalize all Objects in the Bundle, using the CybOX normalize module.
-
set_malware_instance_object_attributes
(malware_instance_object)¶ Set the top-level Malware Instance Object Attributes entity in the Bundle.
-
set_process_tree
(process_tree)¶ Set the Process Tree, in the top-level <Process_Tree> element.
-
-
class
maec.bundle.bundle.
ActionList
(*args)¶ Bases:
mixbox.entities.EntityList
-
class
maec.bundle.bundle.
BehaviorList
(*args)¶ Bases:
mixbox.entities.EntityList
-
class
maec.bundle.bundle.
ObjectList
(*args)¶ Bases:
mixbox.entities.EntityList
-
class
maec.bundle.bundle.
BaseCollection
(name=None)¶ Bases:
maec.Entity
-
class
maec.bundle.bundle.
ActionCollection
(name=None, id=None)¶ Bases:
maec.bundle.bundle.BaseCollection
-
add_action
(action)¶ Add an input Action to the Collection.
-
-
class
maec.bundle.bundle.
BehaviorCollection
(name=None, id=None)¶ Bases:
maec.bundle.bundle.BaseCollection
-
add_behavior
(behavior)¶ Add an input Behavior to the Collection.
-
-
class
maec.bundle.bundle.
ObjectCollection
(name=None, id=None)¶ Bases:
maec.bundle.bundle.BaseCollection
-
add_object
(object)¶ Add an input Object to the Collection.
-
-
class
maec.bundle.bundle.
CandidateIndicatorCollection
(name=None, id=None)¶ Bases:
maec.bundle.bundle.BaseCollection
-
add_candidate_indicator
(candidate_indicator)¶ Add an input Candidate Indicator to the Collection.
-
-
class
maec.bundle.bundle.
BehaviorCollectionList
¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)¶ Return a specific named Collection from the list, based on its name.
-
has_collection
(collection_name)¶ Checks for the existence of a specific named Collection in the list, based on the its name.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
-
class
maec.bundle.bundle.
ActionCollectionList
¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)¶ Return a specific named Collection from the list, based on its name.
-
has_collection
(collection_name)¶ Checks for the existence of a specific named Collection in the list, based on the its name.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
-
class
maec.bundle.bundle.
ObjectCollectionList
¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)¶ Return a specific named Collection from the list, based on its name.
-
has_collection
(collection_name)¶ Checks for the existence of a specific named Collection in the list, based on the its name.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
-
class
maec.bundle.bundle.
CandidateIndicatorCollectionList
¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)¶ Return a specific named Collection from the list, based on its name.
-
has_collection
(collection_name)¶ Checks for the existence of a specific named Collection in the list, based on the its name.
-
to_obj
(ns_info=None)¶ Convert to a GenerateDS binding object.
Subclasses can override this function.
Returns: An instance of this Entity’s _binding_class
with properties set from this Entity.
-
-
class
maec.bundle.bundle.
Collections
¶ Bases:
maec.Entity
-
add_named_action_collection
(action_collection_name, collection_id=None)¶ Add a new named Action Collection to the Collections instance.
-
add_named_behavior_collection
(behavior_collection_name, collection_id=None)¶ Add a new named Behavior Collection to the Collections instance.
-
add_named_candidate_indicator_collection
(candidate_indicator_collection_name, collection_id=None)¶ Add a new named Candidate Indicator Collection to the Collections instance.
-
add_named_object_collection
(object_collection_name, collection_id=None)¶ Add a new named Object Collection to the Collections instance.
-
has_content
()¶ Returns true if any Collections instance inside of the Collection has len > 0.
-
-
class
maec.bundle.bundle.
BehaviorReference
¶ Bases:
maec.Entity