maec.bundle.bundle Module

Version: 4.1.0.17


Classes

class maec.bundle.bundle.Bundle(id=None, defined_subject=False, schema_version='4.1', content_type=None, malware_instance_object=None)[source]

Bases: maec.Entity

add_action(action, action_collection_name=None)[source]

Add an Action to an existing named Action Collection in the Collections entity. If it does not exist, add it to the top-level Actions entity.

add_av_classification(av_classification)[source]

Add an AV Classification to the top-level AV_Classifications entity in the Bundle.

add_behavior(behavior, behavior_collection_name=None)[source]

Add a Behavior to an existing named Behavior Collection in the Collections entity. If it does not exist, add it to the top-level Behaviors entity.

add_candidate_indicator(candidate_indicator, candidate_indicator_collection_name=None)[source]

Add a Candidate Indicator to an existing named Candidate Indicator Collection in the Collections entity. If it does not exist, add it to the top-level Candidate Indicators entity.

add_capability(capability)[source]

Add a Capability to the top-level Capabilities entity in the Bundle.

add_named_action_collection(collection_name, collection_id=None)[source]

Add a new named Action Collection to the top-level Collections entity in the Bundle.

add_named_behavior_collection(collection_name, collection_id=None)[source]

Add a new named Behavior Collection to the Collections entity in the Bundle.

add_named_candidate_indicator_collection(collection_name, collection_id=None)[source]

Add a new named Candidate Indicator Collection to the Collections entity in the Bundle.

add_named_object_collection(collection_name, collection_id=None)[source]

Add a new named Object Collection to the Collections entity in the Bundle.

add_object(object, object_collection_name=None)[source]

Add an Object to an existing named Object Collection in the Collections entity. If it does not exist, add it to the top-level Object entity.

classmethod compare(bundle_list, match_on=None, case_sensitive=True)[source]

Compare the Bundle to a list of other Bundles, returning a BundleComparator object.

deduplicate()[source]

Deduplicate all Objects in the Bundle. Add duplicate Objects to new “Deduplicated Objects” Object Collection, and replace duplicate entries with references to corresponding Object.

dereference_objects(extra_objects=[])[source]

Dereference any Objects in the Bundle by replacing them with the entities they reference.

get_action_objects(action_name_list)[source]

Get all Objects corresponding to one or more types of Actions, specified via a list of Action names.

get_all_actions(bin=False)[source]

Return a list of all Actions in the Bundle.

get_all_actions_on_object(object)[source]

Return a list of all of the Actions in the Bundle that operate on a particular input Object.

get_all_multiple_referenced_objects()[source]

Return a list of all Objects in the Bundle that are referenced more than once.

get_all_non_reference_objects()[source]

Return a list of all Objects in the Bundle that are not references (i.e. all of the actual Objects in the Bundle).

get_all_objects(include_actions=False)[source]

Return a list of all Objects in the Bundle.

get_object_by_id(id, extra_objects=[], ignore_actions=False)[source]

Find and return the Entity (Action, Object, etc.) with the specified ID.

get_object_history()[source]

Build and return the Object history for the Bundle.

normalize_objects()[source]

Normalize all Objects in the Bundle, using the CybOX normalize module.

set_malware_instance_object_attributes(malware_instance_object)[source]

Set the top-level Malware Instance Object Attributes entity in the Bundle.

set_process_tree(process_tree)[source]

Set the Process Tree, in the top-level <Process_Tree> element.

class maec.bundle.bundle.ActionList(*args)[source]

Bases: mixbox.entities.EntityList

class maec.bundle.bundle.BehaviorList(*args)[source]

Bases: mixbox.entities.EntityList

class maec.bundle.bundle.ObjectList(*args)[source]

Bases: mixbox.entities.EntityList

class maec.bundle.bundle.BaseCollection(name=None)[source]

Bases: maec.Entity

class maec.bundle.bundle.ActionCollection(name=None, id=None)[source]

Bases: maec.bundle.bundle.BaseCollection

add_action(action)[source]

Add an input Action to the Collection.

class maec.bundle.bundle.BehaviorCollection(name=None, id=None)[source]

Bases: maec.bundle.bundle.BaseCollection

add_behavior(behavior)[source]

Add an input Behavior to the Collection.

class maec.bundle.bundle.ObjectCollection(name=None, id=None)[source]

Bases: maec.bundle.bundle.BaseCollection

add_object(object)[source]

Add an input Object to the Collection.

class maec.bundle.bundle.CandidateIndicatorCollection(name=None, id=None)[source]

Bases: maec.bundle.bundle.BaseCollection

add_candidate_indicator(candidate_indicator)[source]

Add an input Candidate Indicator to the Collection.

class maec.bundle.bundle.BehaviorCollectionList[source]

Bases: mixbox.entities.EntityList

get_named_collection(collection_name)[source]

Return a specific named Collection from the list, based on its name.

has_collection(collection_name)[source]

Checks for the existence of a specific named Collection in the list, based on the its name.

to_obj(ns_info=None)[source]

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
class maec.bundle.bundle.ActionCollectionList[source]

Bases: mixbox.entities.EntityList

get_named_collection(collection_name)[source]

Return a specific named Collection from the list, based on its name.

has_collection(collection_name)[source]

Checks for the existence of a specific named Collection in the list, based on the its name.

to_obj(ns_info=None)[source]

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
class maec.bundle.bundle.ObjectCollectionList[source]

Bases: mixbox.entities.EntityList

get_named_collection(collection_name)[source]

Return a specific named Collection from the list, based on its name.

has_collection(collection_name)[source]

Checks for the existence of a specific named Collection in the list, based on the its name.

to_obj(ns_info=None)[source]

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
class maec.bundle.bundle.CandidateIndicatorCollectionList[source]

Bases: mixbox.entities.EntityList

get_named_collection(collection_name)[source]

Return a specific named Collection from the list, based on its name.

has_collection(collection_name)[source]

Checks for the existence of a specific named Collection in the list, based on the its name.

to_obj(ns_info=None)[source]

Convert to a GenerateDS binding object.

Subclasses can override this function.

Returns:An instance of this Entity’s _binding_class with properties set from this Entity.
class maec.bundle.bundle.Collections[source]

Bases: maec.Entity

add_named_action_collection(action_collection_name, collection_id=None)[source]

Add a new named Action Collection to the Collections instance.

add_named_behavior_collection(behavior_collection_name, collection_id=None)[source]

Add a new named Behavior Collection to the Collections instance.

add_named_candidate_indicator_collection(candidate_indicator_collection_name, collection_id=None)[source]

Add a new named Candidate Indicator Collection to the Collections instance.

add_named_object_collection(object_collection_name, collection_id=None)[source]

Add a new named Object Collection to the Collections instance.

has_content()[source]

Returns true if any Collections instance inside of the Collection has len > 0.

class maec.bundle.bundle.BehaviorReference[source]

Bases: maec.Entity