Warning
This documentation is still a work in progress. If you have any issues or questions, please ask on the maec-discussion mailing list or file a bug in our issue tracker.
Bases: maec.Entity
Add an Action to an existing named Action Collection in the Collections entity. If it does not exist, add it to the top-level Actions entity.
Add an AV Classification to the top-level AV_Classifications entity in the Bundle.
Add a Behavior to an existing named Behavior Collection in the Collections entity. If it does not exist, add it to the top-level Behaviors entity.
Add a Candidate Indicator to an existing named Candidate Indicator Collection in the Collections entity. If it does not exist, add it to the top-level Candidate Indicators entity.
Add a Capability to the top-level Capabilities entity in the Bundle.
Add a new named Action Collection to the top-level Collections entity in the Bundle.
Add a new named Behavior Collection to the Collections entity in the Bundle.
Add a new named Candidate Indicator Collection to the Collections entity in the Bundle.
Add a new named Object Collection to the Collections entity in the Bundle.
Add an Object to an existing named Object Collection in the Collections entity. If it does not exist, add it to the top-level Object entity.
Compare the Bundle to a list of other Bundles, returning a BundleComparator object.
Deduplicate all Objects in the Bundle. Add duplicate Objects to new “Deduplicated Objects” Object Collection, and replace duplicate entries with references to corresponding Object.
Dereference any Objects in the Bundle by replacing them with the entities they reference.
Get all Objects corresponding to one or more types of Actions, specified via a list of Action names.
Return a list of all Actions in the Bundle.
Return a list of all of the Actions in the Bundle that operate on a particular input Object.
Return a list of all Objects in the Bundle that are referenced more than once.
Return a list of all Objects in the Bundle that are not references (i.e. all of the actual Objects in the Bundle).
Return a list of all Objects in the Bundle.
Find and return the Entity (Action, Object, etc.) with the specified ID.
Build and return the Object history for the Bundle.
Normalize all Objects in the Bundle, using the CybOX normalize module.
Set the top-level Malware Instance Object Attributes entity in the Bundle.
Set the Process Tree, in the top-level <Process_Tree> element.
Bases: cybox.EntityList
Bases: cybox.EntityList
Bases: cybox.EntityList
Bases: maec.Entity
Bases: maec.bundle.bundle.BaseCollection
Add an input Action to the Collection.
Bases: maec.bundle.bundle.BaseCollection
Add an input Behavior to the Collection.
Bases: maec.bundle.bundle.BaseCollection
Add an input Object to the Collection.
Bases: maec.bundle.bundle.BaseCollection
Add an input Candidate Indicator to the Collection.
Bases: cybox.EntityList
Return a specific named Collection from the list, based on its name.
Checks for the existence of a specific named Collection in the list, based on the its name.
Bases: cybox.EntityList
Return a specific named Collection from the list, based on its name.
Checks for the existence of a specific named Collection in the list, based on the its name.
Bases: cybox.EntityList
Return a specific named Collection from the list, based on its name.
Checks for the existence of a specific named Collection in the list, based on the its name.
Bases: cybox.EntityList
Return a specific named Collection from the list, based on its name.
Checks for the existence of a specific named Collection in the list, based on the its name.
Bases: maec.Entity
Add a new named Action Collection to the Collections instance.
Add a new named Behavior Collection to the Collections instance.
Add a new named Candidate Indicator Collection to the Collections instance.
Add a new named Object Collection to the Collections instance.
Returns true if any Collections instance inside of the Collection has len > 0.
Bases: maec.Entity