Package security.whisper.javastix.sdo.objects

Interface MalwareAnalysisSdo

All Superinterfaces:
BundleableObject, DomainObject, SdoDefaultValidator, Serializable, Stix, StixCommonProperties, StixCustomProperties, StixLabels, StixModified, StixRevoked, StixSpecVersion
All Known Implementing Classes:
MalwareAnalysis
@Immutable @DefaultTypeValue(value="malware-analysis", groups=DefaultValuesProcessor.class) @Redactable public interface MalwareAnalysisSdo extends DomainObject
malware-analysis

A Malware Analysis captures the results of a particular analysis performed on a malware instance or family. Each result captures the analysis product (including version) that was used to analyze the malware along with the result of that analysis.

  • Method Details

    • getProduct

      @NotBlank @JsonPropertyDescription("The name of the analysis product that was used to perform the analysis.") @Redactable @NotBlank String getProduct()

    • getVersion

      @JsonPropertyDescription("The version of the analysis product that was used to perform the analysis.") @Redactable Optional<String> getVersion()

    • getHostVmRef

      @JsonPropertyDescription("A reference to a SCO Software object for the VM that hosted the malware during the analysis.") @Redactable Optional<String> getHostVmRef()

    • getOperatingSystemRef

      @JsonPropertyDescription("A reference to a SCO Software object for the operating system used for the analysis VM.") @Redactable Optional<String> getOperatingSystemRef()

    • getInstalledSoftwareRefs

      @JsonPropertyDescription("A list of references to SCO Software objects for the operating system software installed on the analysis VM.") @Redactable Set<String> getInstalledSoftwareRefs()

    • getConfigurationVersion

      @JsonPropertyDescription("The version of the configuration used for the analysis.") @Redactable Optional<String> getConfigurationVersion()

    • getModule

      @JsonPropertyDescription("The name of the specific analysis module that was used, if different from the product.") @Redactable Optional<String> getModule()

    • getAnalysisEngineVersion

      @JsonPropertyDescription("The version of the analysis engine or runtime environment.") @Redactable Optional<String> getAnalysisEngineVersion()

    • getAnalysisDefinitionVersion

      @JsonPropertyDescription("The version of the analysis definitions used (e.g., virus definition version).") @Redactable Optional<String> getAnalysisDefinitionVersion()

    • getSubmitted

      @JsonPropertyDescription("The date and time that the malware sample was submitted for analysis.") @Redactable Optional<StixInstant> getSubmitted()

    • getAnalysisStarted

      @JsonPropertyDescription("The date and time that the malware analysis started.") @Redactable Optional<StixInstant> getAnalysisStarted()

    • getAnalysisEnded

      @JsonPropertyDescription("The date and time that the malware analysis ended.") @Redactable Optional<StixInstant> getAnalysisEnded()

    • getAvResult

      @JsonPropertyDescription("The result of the anti-virus analysis. Open vocabulary - malware-av-result-ov") @Vocab(MalwareResult.class) @Redactable @Vocab(MalwareResult.class) Optional<String> getAvResult()

    • getAnalysisScoRefs

      @JsonPropertyDescription("A list of references to SCOs that were captured during the analysis process.") @Redactable Set<String> getAnalysisScoRefs()

    • getSampleRef

      @JsonPropertyDescription("A reference to the SCO file, malware or artifact object that was analyzed.") @Redactable Optional<String> getSampleRef()