Interface IndicatorSdo
- All Superinterfaces:
BundleableObject,DomainObject,SdoDefaultValidator,Serializable,Stix,StixCommonProperties,StixCustomProperties,StixLabels,StixModified,StixRevoked,StixSpecVersion
- All Known Implementing Classes:
Indicator
@Immutable
@DefaultTypeValue(value="indicator",
groups=DefaultValuesProcessor.class)
@Redactable
public interface IndicatorSdo
extends DomainObject
indicator
Indicators contain a pattern that can be used to detect suspicious or malicious cyber activity.
-
Field Summary
Fields inherited from interface security.whisper.javastix.validation.SdoDefaultValidator
VALIDATOR -
Method Summary
Modifier and TypeMethodDescription@NotNull Set<KillChainPhaseType> @NotNull @Size(min=1) @Vocab(IndicatorLabels.class) Set<@Length(min=1) String> getName()@NotBlank Stringdefault String@NotNull StixInstantMethods inherited from interface security.whisper.javastix.sdo.DomainObject
getRelationshipsMethods inherited from interface security.whisper.javastix.validation.SdoDefaultValidator
validate, validateOnlyIdMethods inherited from interface security.whisper.javastix.common.StixCommonProperties
checkHydrationValidation, getCreated, getCreatedByRef, getExternalReferences, getGranularMarkings, getHydrated, getId, getLang, getObjectMarkingRefs, getType, toJsonStringMethods inherited from interface security.whisper.javastix.common.StixCustomProperties
getCustomPropertiesMethods inherited from interface security.whisper.javastix.common.StixModified
getModifiedMethods inherited from interface security.whisper.javastix.common.StixRevoked
getRevokedMethods inherited from interface security.whisper.javastix.common.StixSpecVersion
getSpecVersion
-
Method Details
-
getLabels
@NotNull @Size(min=1) @Vocab(IndicatorLabels.class) @JsonPropertyDescription("This field is an Open Vocabulary that specifies the type of indicator. Open vocab - indicator-label-ov") @Redactable(useMask=true) @NotNull @Size(min=1) @Vocab(IndicatorLabels.class) Set<@Length(min=1) String> getLabels()- Specified by:
getLabelsin interfaceStixLabels
-
getIndicatorTypes
@Vocab(IndicatorTypes.class) @JsonPropertyDescription("This field is an Open Vocabulary that specifies the type of indicator. Open vocab - indicator-type-ov") @Redactable @Vocab(IndicatorTypes.class) Set<String> getIndicatorTypes() -
getConfidence
@JsonPropertyDescription("This field identifies the confidence that the creator has in the correctness of their data. The value ranges from 0 (no confidence) to 100 (complete confidence).") @Redactable Optional<Integer> getConfidence() -
getName
@JsonPropertyDescription("The name used to identify the Indicator.") @Redactable Optional<String> getName() -
getDescription
@JsonPropertyDescription("A description that provides more details and context about this Indicator, potentially including its purpose and its key characteristics.") @Redactable Optional<String> getDescription() -
getPattern
@NotBlank @JsonPropertyDescription("The detection pattern for this indicator. The default language is STIX Patterning.") @Redactable(useMask=true) @NotBlank String getPattern() -
getPatternType
@JsonPropertyDescription("The pattern language used in this indicator. The default is \'stix\' which represents STIX Patterning.") @Redactable @Default default String getPatternType() -
getValidFrom
@NotNull @JsonPropertyDescription("The time from which this indicator should be considered valuable intelligence.") @Redactable(useMask=true) @NotNull StixInstant getValidFrom() -
getValidUntil
@JsonPropertyDescription("The time at which this indicator should no longer be considered valuable intelligence.") @Redactable Optional<StixInstant> getValidUntil() -
getKillChainPhases
@NotNull @JsonPropertyDescription("The list of kill chain phases for which this attack pattern is used.") @Redactable @NotNull Set<KillChainPhaseType> getKillChainPhases()
-