pub struct Threat { /* private fields */ }Expand description
Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework.
These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* fields are meant to capture the high level category of the threat (e.g. “impact”). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. “endpoint denial of service”).
Implementations§
Source§impl Threat
impl Threat
Sourcepub fn get_enrichments(&self) -> &Vec<String>
pub fn get_enrichments(&self) -> &Vec<String>
A list of associated indicators objects enriching the event, and the context of that association/enrichment.
Sourcepub fn add_enrichment(&mut self, enrichment_arg: String)
pub fn add_enrichment(&mut self, enrichment_arg: String)
A list of associated indicators objects enriching the event, and the context of that association/enrichment.
Sourcepub fn get_enrichments_indicator(&self) -> Option<&Value>
pub fn get_enrichments_indicator(&self) -> Option<&Value>
Object containing associated indicators enriching the event.
Sourcepub fn set_enrichments_indicator(&mut self, enrichments_indicator_arg: Value)
pub fn set_enrichments_indicator(&mut self, enrichments_indicator_arg: Value)
Object containing associated indicators enriching the event.
Sourcepub fn get_enrichments_indicator_first_seen(&self) -> Option<&Timestamp>
pub fn get_enrichments_indicator_first_seen(&self) -> Option<&Timestamp>
The date and time when intelligence source first reported sighting this indicator.
Sourcepub fn set_enrichments_indicator_first_seen(
&mut self,
enrichments_indicator_first_seen_arg: Timestamp,
)
pub fn set_enrichments_indicator_first_seen( &mut self, enrichments_indicator_first_seen_arg: Timestamp, )
The date and time when intelligence source first reported sighting this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_enrichments_indicator_last_seen(&self) -> Option<&Timestamp>
pub fn get_enrichments_indicator_last_seen(&self) -> Option<&Timestamp>
The date and time when intelligence source last reported sighting this indicator.
Sourcepub fn set_enrichments_indicator_last_seen(
&mut self,
enrichments_indicator_last_seen_arg: Timestamp,
)
pub fn set_enrichments_indicator_last_seen( &mut self, enrichments_indicator_last_seen_arg: Timestamp, )
The date and time when intelligence source last reported sighting this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_enrichments_indicator_modified_at(&self) -> Option<&Timestamp>
pub fn get_enrichments_indicator_modified_at(&self) -> Option<&Timestamp>
The date and time when intelligence source last modified information for this indicator.
Sourcepub fn set_enrichments_indicator_modified_at(
&mut self,
enrichments_indicator_modified_at_arg: Timestamp,
)
pub fn set_enrichments_indicator_modified_at( &mut self, enrichments_indicator_modified_at_arg: Timestamp, )
The date and time when intelligence source last modified information for this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_enrichments_indicator_sightings(&self) -> Option<&u64>
pub fn get_enrichments_indicator_sightings(&self) -> Option<&u64>
Number of times this indicator was observed conducting threat activity.
Sourcepub fn set_enrichments_indicator_sightings(
&mut self,
enrichments_indicator_sightings_arg: u64,
)
pub fn set_enrichments_indicator_sightings( &mut self, enrichments_indicator_sightings_arg: u64, )
Sourcepub fn get_enrichments_indicator_type(&self) -> Option<&String>
pub fn get_enrichments_indicator_type(&self) -> Option<&String>
Type of indicator as represented by Cyber Observable in STIX 2.0.
Sourcepub fn set_enrichments_indicator_type(
&mut self,
enrichments_indicator_type_arg: String,
)
pub fn set_enrichments_indicator_type( &mut self, enrichments_indicator_type_arg: String, )
Sourcepub fn get_enrichments_indicator_description(&self) -> Option<&String>
pub fn get_enrichments_indicator_description(&self) -> Option<&String>
Describes the type of action conducted by the threat.
Sourcepub fn set_enrichments_indicator_description(
&mut self,
enrichments_indicator_description_arg: String,
)
pub fn set_enrichments_indicator_description( &mut self, enrichments_indicator_description_arg: String, )
Describes the type of action conducted by the threat.
§Example
IP x.x.x.x was observed delivering the Angler EK.
Sourcepub fn get_enrichments_indicator_scanner_stats(&self) -> Option<&u64>
pub fn get_enrichments_indicator_scanner_stats(&self) -> Option<&u64>
Count of AV/EDR vendors that successfully detected malicious file or URL.
Sourcepub fn set_enrichments_indicator_scanner_stats(
&mut self,
enrichments_indicator_scanner_stats_arg: u64,
)
pub fn set_enrichments_indicator_scanner_stats( &mut self, enrichments_indicator_scanner_stats_arg: u64, )
Sourcepub fn get_enrichments_indicator_confidence(&self) -> Option<&String>
pub fn get_enrichments_indicator_confidence(&self) -> Option<&String>
Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields.
Sourcepub fn set_enrichments_indicator_confidence(
&mut self,
enrichments_indicator_confidence_arg: String,
)
pub fn set_enrichments_indicator_confidence( &mut self, enrichments_indicator_confidence_arg: String, )
Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields.
§Example
Medium
Sourcepub fn get_enrichments_indicator_ip(&self) -> Option<&String>
pub fn get_enrichments_indicator_ip(&self) -> Option<&String>
Identifies a threat indicator as an IP address (irrespective of direction).
Sourcepub fn set_enrichments_indicator_ip(
&mut self,
enrichments_indicator_ip_arg: String,
)
pub fn set_enrichments_indicator_ip( &mut self, enrichments_indicator_ip_arg: String, )
Sourcepub fn get_enrichments_indicator_port(&self) -> Option<&u64>
pub fn get_enrichments_indicator_port(&self) -> Option<&u64>
Identifies a threat indicator as a port number (irrespective of direction).
Sourcepub fn set_enrichments_indicator_port(
&mut self,
enrichments_indicator_port_arg: u64,
)
pub fn set_enrichments_indicator_port( &mut self, enrichments_indicator_port_arg: u64, )
Sourcepub fn get_enrichments_indicator_email_address(&self) -> Option<&String>
pub fn get_enrichments_indicator_email_address(&self) -> Option<&String>
Identifies a threat indicator as an email address (irrespective of direction).
Sourcepub fn set_enrichments_indicator_email_address(
&mut self,
enrichments_indicator_email_address_arg: String,
)
pub fn set_enrichments_indicator_email_address( &mut self, enrichments_indicator_email_address_arg: String, )
Identifies a threat indicator as an email address (irrespective of direction).
§Example
phish@example.com
Sourcepub fn get_enrichments_indicator_marking_tlp(&self) -> Option<&String>
pub fn get_enrichments_indicator_marking_tlp(&self) -> Option<&String>
Traffic Light Protocol sharing markings.
Sourcepub fn set_enrichments_indicator_marking_tlp(
&mut self,
enrichments_indicator_marking_tlp_arg: String,
)
pub fn set_enrichments_indicator_marking_tlp( &mut self, enrichments_indicator_marking_tlp_arg: String, )
Sourcepub fn get_enrichments_indicator_marking_tlp_version(&self) -> Option<&String>
pub fn get_enrichments_indicator_marking_tlp_version(&self) -> Option<&String>
Traffic Light Protocol version.
Sourcepub fn set_enrichments_indicator_marking_tlp_version(
&mut self,
enrichments_indicator_marking_tlp_version_arg: String,
)
pub fn set_enrichments_indicator_marking_tlp_version( &mut self, enrichments_indicator_marking_tlp_version_arg: String, )
Sourcepub fn get_enrichments_indicator_reference(&self) -> Option<&String>
pub fn get_enrichments_indicator_reference(&self) -> Option<&String>
Reference URL linking to additional information about this indicator.
Sourcepub fn set_enrichments_indicator_reference(
&mut self,
enrichments_indicator_reference_arg: String,
)
pub fn set_enrichments_indicator_reference( &mut self, enrichments_indicator_reference_arg: String, )
Reference URL linking to additional information about this indicator.
§Example
https://system.example.com/indicator/0001234
Sourcepub fn get_enrichments_indicator_provider(&self) -> Option<&String>
pub fn get_enrichments_indicator_provider(&self) -> Option<&String>
The name of the indicator’s provider.
Sourcepub fn set_enrichments_indicator_provider(
&mut self,
enrichments_indicator_provider_arg: String,
)
pub fn set_enrichments_indicator_provider( &mut self, enrichments_indicator_provider_arg: String, )
Sourcepub fn get_enrichments_matched_atomic(&self) -> Option<&String>
pub fn get_enrichments_matched_atomic(&self) -> Option<&String>
Identifies the atomic indicator value that matched a local environment endpoint or network event.
Sourcepub fn set_enrichments_matched_atomic(
&mut self,
enrichments_matched_atomic_arg: String,
)
pub fn set_enrichments_matched_atomic( &mut self, enrichments_matched_atomic_arg: String, )
Identifies the atomic indicator value that matched a local environment endpoint or network event.
§Example
bad-domain.com
Sourcepub fn get_enrichments_matched_field(&self) -> Option<&String>
pub fn get_enrichments_matched_field(&self) -> Option<&String>
Identifies the field of the atomic indicator that matched a local environment endpoint or network event.
Sourcepub fn set_enrichments_matched_field(
&mut self,
enrichments_matched_field_arg: String,
)
pub fn set_enrichments_matched_field( &mut self, enrichments_matched_field_arg: String, )
Identifies the field of the atomic indicator that matched a local environment endpoint or network event.
§Example
file.hash.sha256
Sourcepub fn get_enrichments_matched_id(&self) -> Option<&String>
pub fn get_enrichments_matched_id(&self) -> Option<&String>
Identifies the _id of the indicator document enriching the event.
Sourcepub fn set_enrichments_matched_id(&mut self, enrichments_matched_id_arg: String)
pub fn set_enrichments_matched_id(&mut self, enrichments_matched_id_arg: String)
Identifies the _id of the indicator document enriching the event.
§Example
ff93aee5-86a1-4a61-b0e6-0cdc313d01b5
Sourcepub fn get_enrichments_matched_index(&self) -> Option<&String>
pub fn get_enrichments_matched_index(&self) -> Option<&String>
Identifies the _index of the indicator document enriching the event.
Sourcepub fn set_enrichments_matched_index(
&mut self,
enrichments_matched_index_arg: String,
)
pub fn set_enrichments_matched_index( &mut self, enrichments_matched_index_arg: String, )
Identifies the _index of the indicator document enriching the event.
§Example
filebeat-8.0.0-2021.05.23-000011
Sourcepub fn get_enrichments_matched_occurred(&self) -> Option<&Timestamp>
pub fn get_enrichments_matched_occurred(&self) -> Option<&Timestamp>
Indicates when the indicator match was generated
Sourcepub fn set_enrichments_matched_occurred(
&mut self,
enrichments_matched_occurred_arg: Timestamp,
)
pub fn set_enrichments_matched_occurred( &mut self, enrichments_matched_occurred_arg: Timestamp, )
Sourcepub fn get_enrichments_matched_type(&self) -> Option<&String>
pub fn get_enrichments_matched_type(&self) -> Option<&String>
Identifies the type of match that caused the event to be enriched with the given indicator
Sourcepub fn set_enrichments_matched_type(
&mut self,
enrichments_matched_type_arg: String,
)
pub fn set_enrichments_matched_type( &mut self, enrichments_matched_type_arg: String, )
Identifies the type of match that caused the event to be enriched with the given indicator
§Example
indicator_match_rule
Sourcepub fn get_feed_dashboard_id(&self) -> Option<&String>
pub fn get_feed_dashboard_id(&self) -> Option<&String>
The saved object ID of the dashboard belonging to the threat feed for displaying dashboard links to threat feeds in Kibana.
Sourcepub fn set_feed_dashboard_id(&mut self, feed_dashboard_id_arg: String)
pub fn set_feed_dashboard_id(&mut self, feed_dashboard_id_arg: String)
The saved object ID of the dashboard belonging to the threat feed for displaying dashboard links to threat feeds in Kibana.
§Example
5ba16340-72e6-11eb-a3e3-b3cc7c78a70f
Sourcepub fn get_feed_name(&self) -> Option<&String>
pub fn get_feed_name(&self) -> Option<&String>
The name of the threat feed in UI friendly format.
Sourcepub fn set_feed_name(&mut self, feed_name_arg: String)
pub fn set_feed_name(&mut self, feed_name_arg: String)
Sourcepub fn get_feed_description(&self) -> Option<&String>
pub fn get_feed_description(&self) -> Option<&String>
Description of the threat feed in a UI friendly format.
Sourcepub fn set_feed_description(&mut self, feed_description_arg: String)
pub fn set_feed_description(&mut self, feed_description_arg: String)
Description of the threat feed in a UI friendly format.
§Example
Threat feed from the AlienVault Open Threat eXchange network.
Sourcepub fn get_feed_reference(&self) -> Option<&String>
pub fn get_feed_reference(&self) -> Option<&String>
Reference information for the threat feed in a UI friendly format.
Sourcepub fn set_feed_reference(&mut self, feed_reference_arg: String)
pub fn set_feed_reference(&mut self, feed_reference_arg: String)
Reference information for the threat feed in a UI friendly format.
§Example
https://otx.alienvault.com
Sourcepub fn get_framework(&self) -> Option<&String>
pub fn get_framework(&self) -> Option<&String>
Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events.
Sourcepub fn set_framework(&mut self, framework_arg: String)
pub fn set_framework(&mut self, framework_arg: String)
Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events.
§Example
MITRE ATT&CK
Sourcepub fn get_group_alias(&self) -> &Vec<String>
pub fn get_group_alias(&self) -> &Vec<String>
The alias(es) of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group alias(es).
Sourcepub fn add_group_alia(&mut self, group_alia_arg: String)
pub fn add_group_alia(&mut self, group_alia_arg: String)
The alias(es) of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group alias(es).
§Example
[ "Magecart Group 6" ]
Sourcepub fn get_group_id(&self) -> Option<&String>
pub fn get_group_id(&self) -> Option<&String>
The id of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group id.
Sourcepub fn set_group_id(&mut self, group_id_arg: String)
pub fn set_group_id(&mut self, group_id_arg: String)
The id of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group id.
§Example
G0037
Sourcepub fn get_group_name(&self) -> Option<&String>
pub fn get_group_name(&self) -> Option<&String>
The name of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group name.
Sourcepub fn set_group_name(&mut self, group_name_arg: String)
pub fn set_group_name(&mut self, group_name_arg: String)
The name of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group name.
§Example
FIN6
Sourcepub fn get_group_reference(&self) -> Option<&String>
pub fn get_group_reference(&self) -> Option<&String>
The reference URL of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group reference URL.
Sourcepub fn set_group_reference(&mut self, group_reference_arg: String)
pub fn set_group_reference(&mut self, group_reference_arg: String)
The reference URL of the group for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® group reference URL.
§Example
https://attack.mitre.org/groups/G0037/
Sourcepub fn get_indicator_first_seen(&self) -> Option<&Timestamp>
pub fn get_indicator_first_seen(&self) -> Option<&Timestamp>
The date and time when intelligence source first reported sighting this indicator.
Sourcepub fn set_indicator_first_seen(&mut self, indicator_first_seen_arg: Timestamp)
pub fn set_indicator_first_seen(&mut self, indicator_first_seen_arg: Timestamp)
The date and time when intelligence source first reported sighting this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_indicator_last_seen(&self) -> Option<&Timestamp>
pub fn get_indicator_last_seen(&self) -> Option<&Timestamp>
The date and time when intelligence source last reported sighting this indicator.
Sourcepub fn set_indicator_last_seen(&mut self, indicator_last_seen_arg: Timestamp)
pub fn set_indicator_last_seen(&mut self, indicator_last_seen_arg: Timestamp)
The date and time when intelligence source last reported sighting this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_indicator_modified_at(&self) -> Option<&Timestamp>
pub fn get_indicator_modified_at(&self) -> Option<&Timestamp>
The date and time when intelligence source last modified information for this indicator.
Sourcepub fn set_indicator_modified_at(
&mut self,
indicator_modified_at_arg: Timestamp,
)
pub fn set_indicator_modified_at( &mut self, indicator_modified_at_arg: Timestamp, )
The date and time when intelligence source last modified information for this indicator.
§Example
2020-11-05T17:25:47.000Z
Sourcepub fn get_indicator_sightings(&self) -> Option<&u64>
pub fn get_indicator_sightings(&self) -> Option<&u64>
Number of times this indicator was observed conducting threat activity.
Sourcepub fn set_indicator_sightings(&mut self, indicator_sightings_arg: u64)
pub fn set_indicator_sightings(&mut self, indicator_sightings_arg: u64)
Sourcepub fn get_indicator_type(&self) -> Option<&String>
pub fn get_indicator_type(&self) -> Option<&String>
Type of indicator as represented by Cyber Observable in STIX 2.0.
Sourcepub fn set_indicator_type(&mut self, indicator_type_arg: String)
pub fn set_indicator_type(&mut self, indicator_type_arg: String)
Sourcepub fn get_indicator_description(&self) -> Option<&String>
pub fn get_indicator_description(&self) -> Option<&String>
Describes the type of action conducted by the threat.
Sourcepub fn set_indicator_description(&mut self, indicator_description_arg: String)
pub fn set_indicator_description(&mut self, indicator_description_arg: String)
Describes the type of action conducted by the threat.
§Example
IP x.x.x.x was observed delivering the Angler EK.
Sourcepub fn get_indicator_scanner_stats(&self) -> Option<&u64>
pub fn get_indicator_scanner_stats(&self) -> Option<&u64>
Count of AV/EDR vendors that successfully detected malicious file or URL.
Sourcepub fn set_indicator_scanner_stats(&mut self, indicator_scanner_stats_arg: u64)
pub fn set_indicator_scanner_stats(&mut self, indicator_scanner_stats_arg: u64)
Sourcepub fn get_indicator_confidence(&self) -> Option<&String>
pub fn get_indicator_confidence(&self) -> Option<&String>
Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields.
Sourcepub fn set_indicator_confidence(&mut self, indicator_confidence_arg: String)
pub fn set_indicator_confidence(&mut self, indicator_confidence_arg: String)
Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields.
§Example
Medium
Sourcepub fn get_indicator_ip(&self) -> Option<&String>
pub fn get_indicator_ip(&self) -> Option<&String>
Identifies a threat indicator as an IP address (irrespective of direction).
Sourcepub fn set_indicator_ip(&mut self, indicator_ip_arg: String)
pub fn set_indicator_ip(&mut self, indicator_ip_arg: String)
Sourcepub fn get_indicator_port(&self) -> Option<&u64>
pub fn get_indicator_port(&self) -> Option<&u64>
Identifies a threat indicator as a port number (irrespective of direction).
Sourcepub fn set_indicator_port(&mut self, indicator_port_arg: u64)
pub fn set_indicator_port(&mut self, indicator_port_arg: u64)
Sourcepub fn get_indicator_email_address(&self) -> Option<&String>
pub fn get_indicator_email_address(&self) -> Option<&String>
Identifies a threat indicator as an email address (irrespective of direction).
Sourcepub fn set_indicator_email_address(
&mut self,
indicator_email_address_arg: String,
)
pub fn set_indicator_email_address( &mut self, indicator_email_address_arg: String, )
Identifies a threat indicator as an email address (irrespective of direction).
§Example
phish@example.com
Sourcepub fn get_indicator_marking_tlp(&self) -> Option<&String>
pub fn get_indicator_marking_tlp(&self) -> Option<&String>
Traffic Light Protocol sharing markings.
Sourcepub fn set_indicator_marking_tlp(&mut self, indicator_marking_tlp_arg: String)
pub fn set_indicator_marking_tlp(&mut self, indicator_marking_tlp_arg: String)
Sourcepub fn get_threat_indicator_marking_tlp_version(&self) -> Option<&String>
pub fn get_threat_indicator_marking_tlp_version(&self) -> Option<&String>
Traffic Light Protocol version.
Sourcepub fn set_threat_indicator_marking_tlp_version(
&mut self,
threat_indicator_marking_tlp_version_arg: String,
)
pub fn set_threat_indicator_marking_tlp_version( &mut self, threat_indicator_marking_tlp_version_arg: String, )
Sourcepub fn get_indicator_reference(&self) -> Option<&String>
pub fn get_indicator_reference(&self) -> Option<&String>
Reference URL linking to additional information about this indicator.
Sourcepub fn set_indicator_reference(&mut self, indicator_reference_arg: String)
pub fn set_indicator_reference(&mut self, indicator_reference_arg: String)
Reference URL linking to additional information about this indicator.
§Example
https://system.example.com/indicator/0001234
Sourcepub fn get_indicator_provider(&self) -> Option<&String>
pub fn get_indicator_provider(&self) -> Option<&String>
The name of the indicator’s provider.
Sourcepub fn set_indicator_provider(&mut self, indicator_provider_arg: String)
pub fn set_indicator_provider(&mut self, indicator_provider_arg: String)
Sourcepub fn get_software_id(&self) -> Option<&String>
pub fn get_software_id(&self) -> Option<&String>
The id of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software id.
Sourcepub fn set_software_id(&mut self, software_id_arg: String)
pub fn set_software_id(&mut self, software_id_arg: String)
The id of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software id.
§Example
S0552
Sourcepub fn get_software_name(&self) -> Option<&String>
pub fn get_software_name(&self) -> Option<&String>
The name of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software name.
Sourcepub fn set_software_name(&mut self, software_name_arg: String)
pub fn set_software_name(&mut self, software_name_arg: String)
The name of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software name.
§Example
AdFind
Sourcepub fn get_software_alias(&self) -> &Vec<String>
pub fn get_software_alias(&self) -> &Vec<String>
The alias(es) of the software for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® associated software description.
Sourcepub fn add_software_alia(&mut self, software_alia_arg: String)
pub fn add_software_alia(&mut self, software_alia_arg: String)
The alias(es) of the software for a set of related intrusion activity that are tracked by a common name in the security community.
While not required, you can use a MITRE ATT&CK® associated software description.
§Example
[ "X-Agent" ]
Sourcepub fn get_software_platforms(&self) -> &Vec<String>
pub fn get_software_platforms(&self) -> &Vec<String>
The platforms of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use MITRE ATT&CK® software platform values.
Sourcepub fn add_software_platform(&mut self, software_platform_arg: String)
pub fn add_software_platform(&mut self, software_platform_arg: String)
The platforms of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use MITRE ATT&CK® software platform values.
§Example
[ "Windows" ]
Sourcepub fn get_software_reference(&self) -> Option<&String>
pub fn get_software_reference(&self) -> Option<&String>
The reference URL of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software reference URL.
Sourcepub fn set_software_reference(&mut self, software_reference_arg: String)
pub fn set_software_reference(&mut self, software_reference_arg: String)
The reference URL of the software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software reference URL.
§Example
https://attack.mitre.org/software/S0552/
Sourcepub fn get_software_type(&self) -> Option<&String>
pub fn get_software_type(&self) -> Option<&String>
The type of software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software type.
Sourcepub fn set_software_type(&mut self, software_type_arg: String)
pub fn set_software_type(&mut self, software_type_arg: String)
The type of software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®.
While not required, you can use a MITRE ATT&CK® software type.
§Example
Tool
Sourcepub fn get_tactic_id(&self) -> &Vec<String>
pub fn get_tactic_id(&self) -> &Vec<String>
The id of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ )
Sourcepub fn add_tactic_id(&mut self, tactic_id_arg: String)
pub fn add_tactic_id(&mut self, tactic_id_arg: String)
The id of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ )
§Example
TA0002
Sourcepub fn get_tactic_name(&self) -> &Vec<String>
pub fn get_tactic_name(&self) -> &Vec<String>
Name of the type of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/)
Sourcepub fn add_tactic_name(&mut self, tactic_name_arg: String)
pub fn add_tactic_name(&mut self, tactic_name_arg: String)
Name of the type of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/)
§Example
Execution
Sourcepub fn get_tactic_reference(&self) -> &Vec<String>
pub fn get_tactic_reference(&self) -> &Vec<String>
The reference url of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ )
Sourcepub fn add_tactic_reference(&mut self, tactic_reference_arg: String)
pub fn add_tactic_reference(&mut self, tactic_reference_arg: String)
The reference url of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ )
§Example
https://attack.mitre.org/tactics/TA0002/
Sourcepub fn get_technique_id(&self) -> &Vec<String>
pub fn get_technique_id(&self) -> &Vec<String>
The id of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
Sourcepub fn add_technique_id(&mut self, technique_id_arg: String)
pub fn add_technique_id(&mut self, technique_id_arg: String)
The id of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
§Example
T1059
Sourcepub fn get_technique_name(&self) -> &Vec<String>
pub fn get_technique_name(&self) -> &Vec<String>
The name of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
Sourcepub fn add_technique_name(&mut self, technique_name_arg: String)
pub fn add_technique_name(&mut self, technique_name_arg: String)
The name of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
§Example
Command and Scripting Interpreter
Sourcepub fn get_technique_reference(&self) -> &Vec<String>
pub fn get_technique_reference(&self) -> &Vec<String>
The reference url of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
Sourcepub fn add_technique_reference(&mut self, technique_reference_arg: String)
pub fn add_technique_reference(&mut self, technique_reference_arg: String)
The reference url of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/)
§Example
https://attack.mitre.org/techniques/T1059/
Sourcepub fn get_technique_subtechnique_id(&self) -> &Vec<String>
pub fn get_technique_subtechnique_id(&self) -> &Vec<String>
The full id of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
Sourcepub fn add_technique_subtechnique_id(
&mut self,
technique_subtechnique_id_arg: String,
)
pub fn add_technique_subtechnique_id( &mut self, technique_subtechnique_id_arg: String, )
The full id of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
§Example
T1059.001
Sourcepub fn get_technique_subtechnique_name(&self) -> &Vec<String>
pub fn get_technique_subtechnique_name(&self) -> &Vec<String>
The name of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
Sourcepub fn add_technique_subtechnique_name(
&mut self,
technique_subtechnique_name_arg: String,
)
pub fn add_technique_subtechnique_name( &mut self, technique_subtechnique_name_arg: String, )
The name of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
§Example
PowerShell
Sourcepub fn get_technique_subtechnique_reference(&self) -> &Vec<String>
pub fn get_technique_subtechnique_reference(&self) -> &Vec<String>
The reference url of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
Sourcepub fn add_technique_subtechnique_reference(
&mut self,
technique_subtechnique_reference_arg: String,
)
pub fn add_technique_subtechnique_reference( &mut self, technique_subtechnique_reference_arg: String, )
The reference url of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/)
§Example
https://attack.mitre.org/techniques/T1059/001/