Skip to main content

maec/
lib.rs

1//! maec-rs — MAEC 5.0 implementation in Rust
2//!
3//! This crate provides a complete implementation of MAEC (Malware Attribute Enumeration
4//! and Characterization) 5.0 with:
5//! - All MAEC objects (Package, MalwareFamily, MalwareInstance, Behavior, etc.)
6//! - JSON and XML serialization via serde
7//! - Builder pattern for ergonomic object construction
8//! - Comprehensive error handling
9//! - Type-safe IDs and references
10//!
11//! # Examples
12//!
13//! ```
14//! use maec::{Package, MalwareFamily, Name};
15//!
16//! // Create a malware family
17//! let family = MalwareFamily::builder()
18//!     .name(Name::new("WannaCry"))
19//!     .description("Ransomware family first seen in May 2017")
20//!     .add_label("ransomware")
21//!     .build()
22//!     .unwrap();
23//!
24//! // Create a package containing the family
25//! let package = Package::builder()
26//!     .add_malware_family(family)
27//!     .build()
28//!     .unwrap();
29//!
30//! // Serialize to JSON
31//! let json = serde_json::to_string_pretty(&package).unwrap();
32//! println!("{}", json);
33//! ```
34//!
35//! # STIX Integration
36//!
37//! MAEC complements STIX (Structured Threat Information Expression) by providing
38//! detailed malware analysis data. MAEC objects can reference STIX Cyber Observable
39//! Objects (files, network traffic, etc.) via the `observable_objects` field in Package.
40
41// MIME Type Constants for MAEC and HTTP integration
42/// MAEC 5.0 JSON media type for HTTP Content-Type headers
43pub const MEDIA_TYPE_MAEC: &str = "application/maec+json;version=5.0";
44
45/// Generic MAEC JSON media type (without version)
46pub const MEDIA_TYPE_MAEC_GENERIC: &str = "application/maec+json";
47
48// Module declarations
49pub mod common;
50pub mod error;
51pub mod objects;
52pub mod vocab;
53pub mod vocab_large;
54
55// Re-exports for convenient access
56pub use common::{
57    extract_type_from_id, generate_maec_id, is_valid_maec_id, is_valid_ref_for_type,
58    CommonProperties, ExternalReference, MaecObject,
59};
60
61pub use error::{BuilderError, MaecError, Result};
62
63pub use objects::{
64    Behavior, BehaviorBuilder, Capability, CapabilityBuilder, Collection, FieldData,
65    FieldDataBuilder, MaecObjectType, MalwareAction, MalwareFamily, MalwareFamilyBuilder,
66    MalwareInstance, MalwareInstanceBuilder, Name, Package, PackageBuilder, Relationship,
67    RelationshipBuilder,
68};
69
70pub use vocab::{
71    AnalysisConclusionType, AnalysisEnvironment, AnalysisType, ConfidenceMeasure, DeliveryVector,
72    EntityAssociation, MalwareLabel, ObfuscationMethod, ProcessorArchitecture,
73};
74
75pub use vocab_large::{
76    Behavior as BehaviorVocab, Capability as CapabilityVocab, CommonAttribute,
77    MalwareAction as MalwareActionVocab, MalwareConfigurationParameter, OsFeature,
78};