attack/domain/
mitigation.rs

1use serde::{Deserialize, Serialize};
2use stix_rs::{CommonProperties, StixObject};
3use crate::domain::AttackObject;
4
5/// Represents a MITRE ATT&CK Mitigation (course-of-action).
6#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
7pub struct Mitigation {
8    #[serde(flatten)]
9    pub common: CommonProperties,
10
11    pub name: String,
12    pub description: Option<String>,
13
14    // Extended ATT&CK fields
15    #[serde(default, rename = "x_mitre_version")]
16    pub version: Option<String>,
17
18    #[serde(default, rename = "x_mitre_contributors")]
19    pub contributors: Vec<String>,
20
21    #[serde(default, rename = "x_mitre_domains")]
22    pub domains: Vec<String>,
23}
24
25impl StixObject for Mitigation {
26    fn id(&self) -> &str {
27        &self.common.id
28    }
29
30    fn type_(&self) -> &str {
31        &self.common.r#type
32    }
33
34    fn created(&self) -> chrono::DateTime<chrono::Utc> {
35        self.common.created
36    }
37}
38
39impl AttackObject for Mitigation {
40    fn name(&self) -> &str {
41        &self.name
42    }
43
44    fn description(&self) -> Option<&str> {
45        self.description.as_deref()
46    }
47
48    fn revoked(&self) -> bool {
49        self.common.revoked.unwrap_or(false)
50    }
51
52    fn deprecated(&self) -> bool {
53        self.common.custom_properties.get("x_mitre_deprecated").and_then(|v| v.as_bool()).unwrap_or(false)
54    }
55}
attack/domain/mitigation.rs

attack/domain/
mitigation.rs
