indicator

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2018 License: Apache-2.0 Imports: 7 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Compare 

func Compare(correct, toTest *Indicator) (bool, int, []string)

Compare - This function will compare two indicators to make sure they are the same. Indicator correct is the master and represent the correct data, indicator toTest represents the one we need to test.

Types

type Indicator 

type Indicator struct {
	baseobject.CommonObjectProperties
	properties.NameProperty
	properties.DescriptionProperty
	IndicatorTypes []string `json:"indicator_types,omitempty"`
	Pattern        string   `json:"pattern,omitempty"`
	ValidFrom      string   `json:"valid_from,omitempty"`
	ValidUntil     string   `json:"valid_until,omitempty"`
	properties.KillChainPhasesProperty
}

Indicator - This type implements the STIX 2 Indicator SDO and defines all of the properties methods needed to create and work with the STIX Indicator SDO. All of the methods not defined local to this type are inherited from the individual properties.

The following information comes directly from the STIX 2 specification documents.

Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity. For example, an Indicator may be used to represent a set of malicious domains and use the STIX Patterning Language (STIX™ Version 2.0. Part 5: STIX Patterning) to specify these domains.

The Indicator SDO contains a simple textual description, the Kill Chain Phases that it detects behavior in, a time window for when the Indicator is valid or useful, and a required pattern property to capture a structured detection pattern. Conforming STIX implementations MUST support the STIX Patterning Language as defined in STIX™ Version 2.0. Part 5: STIX Patterning. While each structured pattern language has different syntax and potentially different semantics, in general an Indicator is considered to have "matched" (or been "sighted") when the conditions specified in the structured pattern are satisfied in whatever context they are evaluated in.

Relationships from the Indicator can describe the malicious or suspicious behavior that it directly detects (Malware, Tool, and Attack Pattern) as well as the Campaigns, Intrusion Sets, and Threat Actors that it might indicate the presence of.

func Decode 

func Decode(data []byte) (*Indicator, string, error)

Decode - This function will decode some JSON data encoded as a slice of bytes into an actual struct. It will return the object as a pointer, the STIX ID, and any errors.

func New 

func New() *Indicator

New - This function will create a new STIX Indicator object and return it as a pointer. It will also initialize the object by setting all of the basic properties.

func (*Indicator) AddType 

func (o *Indicator) AddType(s string) error

AddType - This method takes in a string value representing an indicator type from the indicator-type-ov and adds it to the indicator type property.

func (*Indicator) Compare 

func (o *Indicator) Compare(toTest *Indicator) (bool, int, []string)

Compare - This method will compare two indicators to make sure they are the same. The indicator receiver is the known good and represent the correct data, the indicator passed in as i represents the one we need to test/check.

func (*Indicator) Encode 

func (o *Indicator) Encode() ([]byte, error)

Encode - This method is a simple wrapper for encoding an object in to JSON

func (*Indicator) EncodeToString 

func (o *Indicator) EncodeToString() (string, error)

EncodeToString - This method is a simple wrapper for encoding an object in to JSON

func (*Indicator) SetPattern 

func (o *Indicator) SetPattern(s string) error

SetPattern - This method will take in a string value representing a complete and valid STIX pattern and set the pattern property to that value.

func (*Indicator) SetValidFrom 

func (o *Indicator) SetValidFrom(t interface{}) error

SetValidFrom - This method will take in a timestamp in either time.Time or string format and will set the valid from property to that value.

func (*Indicator) SetValidFromToCurrentTime 

func (o *Indicator) SetValidFromToCurrentTime() error

SetValidFromToCurrentTime - This methods sets the valid from time to the current time

func (*Indicator) SetValidUntil 

func (o *Indicator) SetValidUntil(t interface{}) error

SetValidUntil - This method will take in a timestamp in either time.Time or string format and will set the valid until property to that value.

func (*Indicator) SetValidUntilToCurrentTime 

func (o *Indicator) SetValidUntilToCurrentTime() error

SetValidUntilToCurrentTime - This methods sets the valid until time to the current time

func (*Indicator) Verify 

func (o *Indicator) Verify() error

Verify - This method will verify all of the properties on the object.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.