Documentation
¶
Overview ¶
Package report implements the STIX 2.1 Report object.
The following information comes directly from the STIX 2.1 specification.
Reports are collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including context and related details. They are used to group related threat intelligence together so that it can be published as a comprehensive cyber threat story.
The Report SDO contains a list of references to STIX Objects (the CTI objects included in the report) along with a textual description and the name of the report.
For example, a threat report produced by ACME Defense Corp. discussing the Glass Gazelle campaign should be represented using Report. The Report itself would contain the narrative of the report while the Campaign SDO and any related SDOs (e.g., Indicators for the Campaign, Malware it uses, and the associated Relationships) would be referenced in the report contents.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Report ¶
type Report struct {
objects.CommonObjectProperties
properties.NameProperty
properties.DescriptionProperty
ReportTypes []string `json:"report_types,omitempty"`
Published string `json:"published,omitempty"`
properties.ObjectRefsProperty
}
Report - This type implements the STIX 2 Report SDO and defines all of the
properties and methods needed to create and work with this object. All of the methods not defined local to this type are inherited from the individual properties.
func Decode ¶ added in v0.6.1
Decode - This function is a simple wrapper for decoding JSON data. It will
decode a slice of bytes into an actual struct and return a pointer to that object along with any errors.
func New ¶
func New() *Report
New - This function will create a new STIX Report object and return
it as a pointer. It will also initialize the object by setting all of the basic properties.
func (*Report) Encode ¶ added in v0.6.1
Encode - This method is a simple wrapper for encoding an object into JSON
func (*Report) EncodeToString ¶ added in v0.6.1
EncodeToString - This method is a simple wrapper for encoding an object into
JSON
func (*Report) GetPropertyList ¶ added in v0.6.1
GetProperties - This method will return a list of all of the properties that
are unique to this object. This is used by the custom UnmarshalJSON for this object. It is defined here in this file to make it easy to keep in sync.
func (*Report) SetPublished ¶
SetPublished - This method takes in a timestamp in either time.Time or string
format and updates the published timestamp property.
func (*Report) UnmarshalJSON ¶ added in v0.6.1
UnmarshalJSON - This method will over write the default UnmarshalJSON method
to enable custom properties that this library does not know about. It will store them as map where the value of each key is a byte arrays. This way a tool that does know how to deal with them can then further process them after this is done. This will also allow the storage of the raw JSON data.
func (*Report) Valid ¶ added in v0.6.1
Valid - This method will verify and test all of the properties on an object
to make sure they are valid per the specification. It will return a boolean, an integer that tracks the number of problems found, and a slice of strings that contain the detailed results, whether good or bad.
Source Files