maec.bundle.bundle
Module
Version: 4.1.0.17
Classes¶
-
class
maec.bundle.bundle.
Bundle
(id=None, defined_subject=False, schema_version='4.1', content_type=None, malware_instance_object=None)[source]¶ Bases:
maec.Entity
-
add_action
(action, action_collection_name=None)[source]¶ Add an Action to an existing named Action Collection in the Collections entity. If it does not exist, add it to the top-level Actions entity.
-
add_av_classification
(av_classification)[source]¶ Add an AV Classification to the top-level AV_Classifications entity in the Bundle.
-
add_behavior
(behavior, behavior_collection_name=None)[source]¶ Add a Behavior to an existing named Behavior Collection in the Collections entity. If it does not exist, add it to the top-level Behaviors entity.
-
add_candidate_indicator
(candidate_indicator, candidate_indicator_collection_name=None)[source]¶ Add a Candidate Indicator to an existing named Candidate Indicator Collection in the Collections entity. If it does not exist, add it to the top-level Candidate Indicators entity.
-
add_capability
(capability)[source]¶ Add a Capability to the top-level Capabilities entity in the Bundle.
-
add_named_action_collection
(collection_name, collection_id=None)[source]¶ Add a new named Action Collection to the top-level Collections entity in the Bundle.
-
add_named_behavior_collection
(collection_name, collection_id=None)[source]¶ Add a new named Behavior Collection to the Collections entity in the Bundle.
-
add_named_candidate_indicator_collection
(collection_name, collection_id=None)[source]¶ Add a new named Candidate Indicator Collection to the Collections entity in the Bundle.
-
add_named_object_collection
(collection_name, collection_id=None)[source]¶ Add a new named Object Collection to the Collections entity in the Bundle.
-
add_object
(object, object_collection_name=None)[source]¶ Add an Object to an existing named Object Collection in the Collections entity. If it does not exist, add it to the top-level Object entity.
-
classmethod
compare
(bundle_list, match_on=None, case_sensitive=True)[source]¶ Compare the Bundle to a list of other Bundles, returning a BundleComparator object.
-
deduplicate
()[source]¶ Deduplicate all Objects in the Bundle. Add duplicate Objects to new “Deduplicated Objects” Object Collection, and replace duplicate entries with references to corresponding Object.
-
dereference_objects
(extra_objects=[])[source]¶ Dereference any Objects in the Bundle by replacing them with the entities they reference.
-
get_action_objects
(action_name_list)[source]¶ Get all Objects corresponding to one or more types of Actions, specified via a list of Action names.
-
get_all_actions_on_object
(object)[source]¶ Return a list of all of the Actions in the Bundle that operate on a particular input Object.
-
get_all_multiple_referenced_objects
()[source]¶ Return a list of all Objects in the Bundle that are referenced more than once.
-
get_all_non_reference_objects
()[source]¶ Return a list of all Objects in the Bundle that are not references (i.e. all of the actual Objects in the Bundle).
-
get_object_by_id
(id, extra_objects=[], ignore_actions=False)[source]¶ Find and return the Entity (Action, Object, etc.) with the specified ID.
-
-
class
maec.bundle.bundle.
BaseCollection
(name=None)[source]¶ Bases:
maec.Entity
-
class
maec.bundle.bundle.
BehaviorCollectionList
[source]¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)[source]¶ Return a specific named Collection from the list, based on its name.
-
-
class
maec.bundle.bundle.
ActionCollectionList
[source]¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)[source]¶ Return a specific named Collection from the list, based on its name.
-
-
class
maec.bundle.bundle.
ObjectCollectionList
[source]¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)[source]¶ Return a specific named Collection from the list, based on its name.
-
-
class
maec.bundle.bundle.
CandidateIndicatorCollectionList
[source]¶ Bases:
mixbox.entities.EntityList
-
get_named_collection
(collection_name)[source]¶ Return a specific named Collection from the list, based on its name.
-
-
class
maec.bundle.bundle.
Collections
[source]¶ Bases:
maec.Entity
-
add_named_action_collection
(action_collection_name, collection_id=None)[source]¶ Add a new named Action Collection to the Collections instance.
-
add_named_behavior_collection
(behavior_collection_name, collection_id=None)[source]¶ Add a new named Behavior Collection to the Collections instance.
-
add_named_candidate_indicator_collection
(candidate_indicator_collection_name, collection_id=None)[source]¶ Add a new named Candidate Indicator Collection to the Collections instance.
-
-
class
maec.bundle.bundle.
BehaviorReference
[source]¶ Bases:
maec.Entity