Documentation
¶
Overview ¶
Package tool implements the STIX 2.1 Tool object.
The following information comes directly from the STIX 2.1 specification.
Tools are legitimate software that can be used by threat actors to perform attacks. Knowing how and when threat actors use such tools can be important for understanding how campaigns are executed. Unlike malware, these tools or software packages are often found on a system and have legitimate purposes for power users, system administrators, network administrators, or even normal users. Remote access tools (e.g., RDP) and network scanning tools (e.g., Nmap) are examples of Tools that may be used by a Threat Actor during an attack.
The Tool SDO characterizes the properties of these software tools and can be used as a basis for making an assertion about how a Threat Actor uses them during an attack. It contains properties to name and describe the tool, a list of Kill Chain Phases the tool can be used to carry out, and the version of the tool.
This SDO MUST NOT be used to characterize malware. Further, Tool MUST NOT be used to characterize tools used as part of a course of action in response to an attack.
Index ¶
- type Tool
- func (o *Tool) AddTypes(values interface{}) error
- func (o *Tool) Encode() ([]byte, error)
- func (o *Tool) EncodeToString() (string, error)
- func (o *Tool) GetPropertyList() []string
- func (o *Tool) SetToolVersion(s string) error
- func (o *Tool) UnmarshalJSON(b []byte) error
- func (o *Tool) Valid() (bool, int, []string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Tool ¶
type Tool struct {
objects.CommonObjectProperties
properties.NameProperty
properties.DescriptionProperty
ToolTypes []string `json:"tool_types,omitempty`
properties.AliasesProperty
properties.KillChainPhasesProperty
ToolVersion string `json:"tool_version,omitempty"`
}
Tool - This type implements the STIX 2 Tool SDO and defines all of the properties and methods needed to create and work with this object. All of the methods not defined local to this type are inherited from the individual properties.
func Decode ¶ added in v0.6.1
Decode - This function is a simple wrapper for decoding JSON data. It will decode a slice of bytes into an actual struct and return a pointer to that object along with any errors.
func New ¶
func New() *Tool
New - This function will create a new STIX Tool object and return it as a pointer. It will also initialize the object by setting all of the basic properties.
func (*Tool) AddTypes ¶ added in v0.6.1
AddTypes - This method takes in a string value, a comma separated list of string values, or a slice of string values that represents an tool type and adds it to the tool types property. The values SHOULD come from the tool-type-ov open vocabulary.
func (*Tool) Encode ¶ added in v0.6.1
Encode - This method is a simple wrapper for encoding an object into JSON
func (*Tool) EncodeToString ¶ added in v0.6.1
EncodeToString - This method is a simple wrapper for encoding an object into JSON
func (*Tool) GetPropertyList ¶ added in v0.6.1
GetPropertyList - This method will return a list of all of the properties that are unique to this object. This is used by the custom UnmarshalJSON for this object. It is defined here in this file to make it easy to keep in sync.
func (*Tool) SetToolVersion ¶
SetToolVersion - This method takes in a string value representing the version of the tool and updates the tool version property.
func (*Tool) UnmarshalJSON ¶ added in v0.6.1
UnmarshalJSON - This method will over write the default UnmarshalJSON method to enable custom properties that this library does not know about. It will store them as map where the value of each key is a byte arrays. This way a tool that does know how to deal with them can then further process them after this is done. This will also allow the storage of the raw JSON data.
func (*Tool) Valid ¶ added in v0.6.1
Valid - This method will verify and test all of the properties on an object to make sure they are valid per the specification. It will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
Source Files