Skip to content

Constants

psengine.stix2.constants

CONVERTED_TYPES module-attribute 

CONVERTED_TYPES = {
    'ip': 'IpAddress',
    'domain': 'InternetDomainName',
    'url': 'URL',
    'hash': 'FileHash',
}

CONVERT_ENTITY_KWARGS module-attribute 

CONVERT_ENTITY_KWARGS = 'description'

ENTITY_TYPE_MAP module-attribute 

ENTITY_TYPE_MAP = {
    'ip': 'IpAddress',
    'domain': 'InternetDomainName',
    'url': 'URL',
    'hash': 'FileHash',
}

IDENTITY_TYPE_TO_CLASS module-attribute 

IDENTITY_TYPE_TO_CLASS = {
    'Company': 'organization',
    'Organization': 'organization',
    'Person': 'individual',
}

INDICATOR_TYPES module-attribute 

INDICATOR_TYPES = [
    'IpAddress',
    'InternetDomainName',
    'URL',
    'FileHash',
]

INDICATOR_TYPE_TO_RF_PORTAL_MAP module-attribute 

INDICATOR_TYPE_TO_RF_PORTAL_MAP = {
    'IpAddress': 'ip',
    'InternetDomainName': 'idn',
    'URL': 'url',
    'FileHash': 'hash',
}

REPORT_TYPE_MAPPER module-attribute 

REPORT_TYPE_MAPPER = {
    'Actor Profile': 'Threat-Actor',
    'Analyst On-Demand Report': 'Threat-Report',
    'Cyber Threat Analysis': 'Threat-Report',
    'Flash Report': 'Threat-Report',
    'Geopolitical Flash Event': 'Threat-Report',
    'Geopolitical Intelligence Summary': 'Threat-Report',
    'Geopolitical Profile': 'Threat-Actor',
    'Geopolitical Threat Forecast': 'Threat-Actor',
    'Geopolitical Validated Event': 'Observed-Data',
    'Hunting Package': 'Attack-Pattern',
    'Indicator': 'Indicator',
    'Informational': 'Threat-Report',
    'Insikt Research Lead': 'Intrusion-Set',
    'Malware/Tool Profile': 'Malware',
    'Regular Vendor Vulnerability Disclosures': 'Vulnerability',
    'Sigma Rule': 'Attack-Pattern',
    'SNORT Rule': 'Indicator',
    'Source Profile': 'Observed-Data',
    'The Record by Recorded Future': 'Threat-Report',
    'Threat Lead': 'Threat-Actor',
    'TTP Instance': 'Attack-Pattern',
    'Validated Intelligence Event': 'Observed-Data',
    'Weekly Threat Landscape': 'Threat-Report',
    'YARA Rule': 'Indicator',
}

RF_IDENTITY_UUID module-attribute 

RF_IDENTITY_UUID = (
    'identity--509cdfd1-b97f-5329-9e27-a841f8b2dbce'
)

RF_NAMESPACE module-attribute 

RF_NAMESPACE = '7fb92aa3-456a-406a-ad7e-1400307c46b1'

SUPPORTED_HUNTING_RULES module-attribute 

SUPPORTED_HUNTING_RULES = ('yara', 'snort', 'sigma')

TLP_MAP module-attribute 

TLP_MAP = {
    'white': TLP_WHITE,
    'green': TLP_GREEN,
    'amber': TLP_AMBER,
    'red': TLP_RED,
}