| | |
- _XMLMapper(__builtin__.object)
-
- AdditionalData
- Address
- Assessment
- EventData
- Flow
- HistoryItem
- IODEF_Document
- Impact
- Incident
- System
class AdditionalData(_XMLMapper) |
| |
class storing additional custom data
attributes:
- data: str
- dtype: enum of str
- ext_dtype: str
- formatid: str
- meaning: str
- restriction: enum of str
|
| |
- Method resolution order:
- AdditionalData
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, data=None, dtype=None, ext_dtype=None, formatid=None, meaning=None, restriction=None, from_xml=None)
- __str__(self)
- from_xml(self, xml)
- to_xml(self)
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Address(_XMLMapper) |
| |
The Address class represents a hardware (layer-2), network (layer-3),
or application (layer-7) address.
attributes:
- address: str
- category: enum of str
- ext_category: str
- vlan_name: str
- vlan_num: str (int in RFC 5070)
|
| |
- Method resolution order:
- Address
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, address=None, category='ipv4-addr', ext_category=None, vlan_name=None, vlan_num=None, from_xml=None)
- constructor for Address class
- see class attributes
- from_xml: Element object (XML) to be parsed
- __str__(self)
- from_xml(self, xml)
- to_xml(self)
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Assessment(_XMLMapper) |
| |
class storing the assessment of an incident
attributes:
- occurence: enum of str
- restriction: enum of str
|
| |
- Method resolution order:
- Assessment
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, occurence=None, restriction=None, impacts=None, from_xml=None)
- __str__(self)
- from_xml(self, xml)
- to_xml(self)
Data and other attributes defined here:
- ImpactClass = <class 'iodeflib.Impact'>
- class storing the impact assessment of an incident
attributes:
- description: str
- lang: enum of str
- severity: enum of str
- completion: enum of str
- type: enum of str
- ext_type: str
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class EventData(_XMLMapper) |
| |
The EventData class describes a particular event of the incident for
a given set of hosts or networks. This description includes the
systems from which the activity originated and those targeted, an
assessment of the techniques used by the intruder, the impact of the
activity on the organization, and any forensic evidence discovered.
attributes:
- description: list of str
- start_time: str
- detect_time: str
- end_time: str
- restriction: enum of str
- additional_data: list of AdditionalData objects
- flows: list of Flow objects
|
| |
- Method resolution order:
- EventData
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, descriptions=None, start_time=None, detect_time=None, end_time=None, restriction=None, additional_data=None, flows=None, from_xml=None)
- constructor for EventData class
- __str__(self)
- from_xml(self, xml)
- parse an Element object (XML) to populate this object
- get_sources(self)
- return list of systems with category='source', in all flows
- get_targets(self)
- return list of systems with category='target', in all flows
- to_xml(self)
- convert the object to XML, return an Element object
Data and other attributes defined here:
- AdditionalDataClass = <class 'iodeflib.AdditionalData'>
- class storing additional custom data
attributes:
- data: str
- dtype: enum of str
- ext_dtype: str
- formatid: str
- meaning: str
- restriction: enum of str
- FlowClass = <class 'iodeflib.Flow'>
- The Flow class groups related the source and target hosts.
attributes:
- systems: list of System objects
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Flow(_XMLMapper) |
| |
The Flow class groups related the source and target hosts.
attributes:
- systems: list of System objects
|
| |
- Method resolution order:
- Flow
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, systems=None, from_xml=None)
- constructor for Flow class
- systems: list of System objects
- from_xml: Element object (XML) to be parsed
- __str__(self)
- from_xml(self, xml)
- parse an Element object (XML) to populate this object
- get_sources(self)
- return list of systems with category='source'
- get_targets(self)
- return list of systems with category='target'
- to_xml(self)
- convert the object to XML, return an Element object
Data and other attributes defined here:
- SystemClass = <class 'iodeflib.System'>
- The System class describes a system or network involved in an event.
The systems or networks represented by this class are categorized
according to the role they played in the incident through the
category attribute. The value of this category attribute dictates
the semantics of the aggregated classes in the System class. If the
category attribute has a value of "source", then the aggregated
classes denote the machine and service from which the activity is
originating. With a category attribute value of "target" or
"intermediary", then the machine or service is the one targeted in
the activity. A value of "sensor" dictates that this System was part
of an instrumentation to monitor the network.
This iodeflib.System class also contains the IODEF Node class, because there
is a one-to-one mapping:
The Node class names a system (e.g., PC, router) or network.
attributes:
- category: enum of str, source/target/intermediary/sensor
- ext_category: str
- descriptions: list of str
- interface: str
- spoofed: enum of str
- additional_data: AdditionalData
- restriction: enum of str
- node_datetime: str
- node_location: str
- node_names: list of str
- node_addresses: list of Address objects
- node_roles: list of NodeRole objects
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class HistoryItem(_XMLMapper) |
| |
The History class is a log of the significant events or actions
performed by the involved parties during the course of handling the
incident.
The level of detail maintained in this log is left up to the
discretion of those handling the incident.
The HistoryItem class is an entry in the History log
that documents a particular action or event that occurred in the
course of handling the incident. The details of the entry are a
free-form description, but each can be categorized with the type
attribute.
attributes:
- action: enum of str
- additional_data: AdditionalData
- datetime: str
- description: list of str
- ext_action: str
- restriction: enum of str
|
| |
- Method resolution order:
- HistoryItem
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, action=None, additional_data=None, datetime=None, descriptions=None, ext_action=None, restriction=None, from_xml=None)
- __str__(self)
- from_xml(self, xml)
- to_xml(self)
Data and other attributes defined here:
- AdditionalDataClass = <class 'iodeflib.AdditionalData'>
- class storing additional custom data
attributes:
- data: str
- dtype: enum of str
- ext_dtype: str
- formatid: str
- meaning: str
- restriction: enum of str
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class IODEF_Document(_XMLMapper) |
| |
IODEF Document class
attributes:
- lang: language, such as 'en'
- version: version, such as '1.00'
|
| |
- Method resolution order:
- IODEF_Document
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, lang='en', version='1.00', incidents=None, from_xml=None)
- __str__(self)
- from_xml(self, xml_str)
- to_xml(self)
- to_xml_str(self, pretty_print=False)
Data and other attributes defined here:
- IncidentClass = <class 'iodeflib.Incident'>
- Incident class
attributes:
- lang: language, such as 'en'
- purpose: purpose of report, such as 'reporting'
- id: unique identifier of the report
- id_name: name of originator of the report, or namespace where id is unique
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Impact(_XMLMapper) |
| |
class storing the impact assessment of an incident
attributes:
- description: str
- lang: enum of str
- severity: enum of str
- completion: enum of str
- type: enum of str
- ext_type: str
|
| |
- Method resolution order:
- Impact
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, description=None, lang=None, severity=None, completion=None, type=None, ext_type=None, from_xml=None)
- __str__(self)
- from_xml(self, xml)
- to_xml(self)
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class Incident(_XMLMapper) |
| |
Incident class
attributes:
- lang: language, such as 'en'
- purpose: purpose of report, such as 'reporting'
- id: unique identifier of the report
- id_name: name of originator of the report, or namespace where id is unique
|
| |
- Method resolution order:
- Incident
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, lang='en', purpose='reporting', id=None, id_name=None, report_time=None, detect_time=None, start_time=None, end_time=None, descriptions=None, restriction=None, ext_purpose=None, assessments=None, additional_data=None, history=None, history_restriction=None, event_data=None, from_xml=None)
- __str__(self)
- add_impact(self, description=None, lang=None, severity=None, completion=None, type=None, ext_type=None, occurence=None, restriction=None)
- helper method to add a new Assessment and Impact object
(does not check if existing Assessment/Impact objects are present)
- add_system(self, category='source', name=None, address=None, location=None, description=None, event_data=None, flow=None)
- Add a System object to the incident, such as a source or a target of the
incident.
If event_data or flow is provided, the corresponding object is used as
parent, else the first EventData or Flow object is used, or created if
not present.
- category: str, 'source' or 'target'
- name: str, hostname
- address: str (IP address) or list of str
- location: str
- description: str
- event_data: EventData or None
- flow: Flow or None
- from_xml(self, xml)
- get_first_impact(self)
- helper method to get the first Impact object from the Assessment objects
- get_sources(self)
- return list of systems with category='source', in all event_data/flows
- get_targets(self)
- return list of systems with category='target', in all event_data/flows
- to_xml(self)
Data and other attributes defined here:
- AdditionalDataClass = <class 'iodeflib.AdditionalData'>
- class storing additional custom data
attributes:
- data: str
- dtype: enum of str
- ext_dtype: str
- formatid: str
- meaning: str
- restriction: enum of str
- AssessmentClass = <class 'iodeflib.Assessment'>
- class storing the assessment of an incident
attributes:
- occurence: enum of str
- restriction: enum of str
- EventDataClass = <class 'iodeflib.EventData'>
- The EventData class describes a particular event of the incident for
a given set of hosts or networks. This description includes the
systems from which the activity originated and those targeted, an
assessment of the techniques used by the intruder, the impact of the
activity on the organization, and any forensic evidence discovered.
attributes:
- description: list of str
- start_time: str
- detect_time: str
- end_time: str
- restriction: enum of str
- additional_data: list of AdditionalData objects
- flows: list of Flow objects
- HistoryItemClass = <class 'iodeflib.HistoryItem'>
- The History class is a log of the significant events or actions
performed by the involved parties during the course of handling the
incident.
The level of detail maintained in this log is left up to the
discretion of those handling the incident.
The HistoryItem class is an entry in the History log
that documents a particular action or event that occurred in the
course of handling the incident. The details of the entry are a
free-form description, but each can be categorized with the type
attribute.
attributes:
- action: enum of str
- additional_data: AdditionalData
- datetime: str
- description: list of str
- ext_action: str
- restriction: enum of str
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
|
class System(_XMLMapper) |
| |
The System class describes a system or network involved in an event.
The systems or networks represented by this class are categorized
according to the role they played in the incident through the
category attribute. The value of this category attribute dictates
the semantics of the aggregated classes in the System class. If the
category attribute has a value of "source", then the aggregated
classes denote the machine and service from which the activity is
originating. With a category attribute value of "target" or
"intermediary", then the machine or service is the one targeted in
the activity. A value of "sensor" dictates that this System was part
of an instrumentation to monitor the network.
This iodeflib.System class also contains the IODEF Node class, because there
is a one-to-one mapping:
The Node class names a system (e.g., PC, router) or network.
attributes:
- category: enum of str, source/target/intermediary/sensor
- ext_category: str
- descriptions: list of str
- interface: str
- spoofed: enum of str
- additional_data: AdditionalData
- restriction: enum of str
- node_datetime: str
- node_location: str
- node_names: list of str
- node_addresses: list of Address objects
- node_roles: list of NodeRole objects
|
| |
- Method resolution order:
- System
- _XMLMapper
- __builtin__.object
Methods defined here:
- __init__(self, category=None, ext_category=None, descriptions=None, interface=None, spoofed=None, restriction=None, additional_data=None, node_datetime=None, node_location=None, node_names=None, node_addresses=None, from_xml=None)
- constructor for System class
- see class attributes
- from_xml: Element object (XML) to be parsed
- __str__(self)
- from_xml(self, xml)
- get_addresses(self)
- return list of addresses for this system/node (e.g. all IP addresses)
The result is a list of strings containing the address attribute of
all the Address objects for this System/Node.
- to_xml(self)
Data and other attributes defined here:
- AdditionalDataClass = <class 'iodeflib.AdditionalData'>
- class storing additional custom data
attributes:
- data: str
- dtype: enum of str
- ext_dtype: str
- formatid: str
- meaning: str
- restriction: enum of str
- AddressClass = <class 'iodeflib.Address'>
- The Address class represents a hardware (layer-2), network (layer-3),
or application (layer-7) address.
attributes:
- address: str
- category: enum of str
- ext_category: str
- vlan_name: str
- vlan_num: str (int in RFC 5070)
Data descriptors inherited from _XMLMapper:
- __dict__
- dictionary for instance variables (if defined)
- __weakref__
- list of weak references to the object (if defined)
| |