-
Notifications
You must be signed in to change notification settings - Fork 33
/
actor.cljc
48 lines (41 loc) · 1.49 KB
/
actor.cljc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
(ns ctim.schemas.actor
(:require [ctim.schemas.common :as c]
[ctim.schemas.relationship :as rel]
[ctim.schemas.vocabularies :as v]
#?(:clj [flanders.core :as f :refer [def-entity-type def-eq]]
:cljs [flanders.core :as f :refer-macros [def-entity-type def-eq]])))
(def type-identifier "actor")
(def-eq ActorTypeIdentifier type-identifier)
(def actor-desc
"Describes malicious actors (or adversaries) related to a cyber attack")
(def actor-desc-link
"[ThreatActorType](http://stixproject.github.io/data-model/1.2/ta/ThreatActorType/)")
(def-entity-type Actor
{:description actor-desc
:reference actor-desc-link}
c/base-entity-entries
c/sourced-object-entries
c/described-entity-entries
(f/required-entries
(f/entry :type ActorTypeIdentifier)
(f/entry :valid_time c/ValidTime)
(f/entry :actor_type v/ThreatActorType))
(f/optional-entries
(f/entry :identity c/Identity)
(f/entry :motivation v/Motivation)
(f/entry :sophistication v/Sophistication)
(f/entry :intended_effect v/IntendedEffect)
(f/entry :planning_and_operational_support c/LongString)
(f/entry :confidence v/HighMedLow))
;; Not provided: handling
;; Not provided: related_packages (deprecated)
)
(def-entity-type NewActor
"Schema for submitting new Actors"
(:entries Actor)
c/base-new-entity-entries
(f/optional-entries
(f/entry :type ActorTypeIdentifier)
(f/entry :valid_time c/ValidTime)))
(def ActorRef
(c/ref-for-type type-identifier))