File Coverage

blib/lib/STIX/Indicator.pm

Criterion	Covered	Total	%
statement	41	41	100.0
branch			n/a
condition			n/a
subroutine	14	14	100.0
pod			n/a
total	55	55	100.0

line	stmt	sub	time	code
1				package STIX::Indicator;
2
3	25	25	1107	use 5.010001;
	25		121
4	25	25	168	use strict;
	25		67
	25		877
5	25	25	130	use warnings;
	25		75
	25		1546
6	25	25	169	use utf8;
	25		115
	25		198
7
8	25	25	1049	use STIX::Common::List;
	25		78
	25		747
9	25	25	516	use STIX::Common::OpenVocabulary;
	25		48
	25		955
10	25	25	136	use Types::Standard qw(Str Enum InstanceOf);
	25		84
	25		232
11	25	25	54018	use Types::TypeTiny qw(ArrayLike);
	25		67
	25		383
12
13	25	25	14985	use Moo;
	25		56
	25		258
14	25	25	11351	use namespace::autoclean;
	25		60
	25		309
15
16				extends 'STIX::Common::Properties';
17
18	25		2691	use constant SCHEMA =>
19	25	25	2656	'http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/indicator.json';
	25		60
20
21	25		1752	use constant PROPERTIES => (
22				qw(type spec_version id created modified),
23				qw(created_by_ref revoked labels confidence lang external_references object_marking_refs granular_markings extensions),
24				qw(name description indicator_types pattern pattern_type pattern_version valid_from valid_until kill_chain_phases)
25	25	25	164	);
	25		52
26
27	25	25	167	use constant STIX_OBJECT => 'SDO';
	25		51
	25		1321
28	25	25	144	use constant STIX_OBJECT_TYPE => 'indicator';
	25		49
	25		9053
29
30				has name => (is => 'rw', required => 1, isa => Str);
31				has description => (is => 'rw', isa => Str);
32
33				has indicator_types => (
34				is => 'rw',
35				isa => ArrayLike [Enum [STIX::Common::OpenVocabulary->INDICATOR_TYPE()]],
36				default => sub { STIX::Common::List->new }
37				);
38
39				has pattern => (is => 'rw', required => 1, isa => Str);
40				has pattern_type => (is => 'rw', required => 1, isa => Enum [STIX::Common::OpenVocabulary->PATTERN_TYPE()]);
41				has pattern_version => (is => 'rw', isa => Str);
42
43				has valid_from => (
44				is => 'rw',
45				required => 1,
46				isa => InstanceOf ['STIX::Common::Timestamp'],
47				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
48				);
49
50				has valid_until => (is => 'rw', isa => InstanceOf ['STIX::Common::Timestamp']);
51				has kill_chain_phases => (
52				is => 'rw',
53				isa => ArrayLike [InstanceOf ['STIX::Common::KillChainPhase']],
54				default => sub { STIX::Common::List->new }
55				);
56
57				1;
58
59
60				=encoding utf-8
61
62				=head1 NAME
63
64				STIX::Indicator - STIX Domain Object (SDO) - Indicator
65
66				=head1 SYNOPSIS
67
68				use STIX::Indicator;
69
70				my $indicator = STIX::Indicator->new();
71
72
73				=head1 DESCRIPTION
74
75				Indicators contain a pattern that can be used to detect suspicious or
76				malicious cyber activity.
77
78
79				=head2 METHODS
80
81				L inherits all methods from L
82				and implements the following new ones.
83
84				=over
85
86				=item STIX::Indicator->new(%properties)
87
88				Create a new instance of L.
89
90				=item $indicator->description
91
92				A description that provides the recipient with context about this Indicator
93				potentially including its purpose and its key characteristics.
94
95				=item $indicator->id
96
97				=item $indicator->indicator_types
98
99				This field is an Open Vocabulary that specifies the type of indicator.
100				(See C in L)
101
102				=item $indicator->kill_chain_phases
103
104				The phases of the kill chain that this indicator detects.
105
106				=item $indicator->name
107
108				The name used to identify the Indicator.
109
110				=item $indicator->pattern
111
112				The detection pattern for this indicator.
113
114				=item $indicator->pattern_type
115
116				The type of pattern used in this indicator.
117				(See C in L)
118
119				=item $indicator->pattern_version
120
121				The version of the pattern that is used.
122
123				=item $indicator->type
124
125				The type of this object, which MUST be the literal C.
126
127				=item $indicator->valid_from
128
129				The time from which this indicator should be considered valuable
130				intelligence.
131
132				=item $indicator->valid_until
133
134				The time at which this indicator should no longer be considered valuable
135				intelligence.
136
137				=back
138
139
140				=head2 HELPERS
141
142				=over
143
144				=item $indicator->TO_JSON
145
146				Encode the object in JSON.
147
148				=item $indicator->to_hash
149
150				Return the object HASH.
151
152				=item $indicator->to_string
153
154				Encode the object in JSON.
155
156				=item $indicator->validate
157
158				Validate the object using JSON Schema (see L).
159
160				=back
161
162
163				=head1 SUPPORT
164
165				=head2 Bugs / Feature Requests
166
167				Please report any bugs or feature requests through the issue tracker
168				at L.
169				You will be notified automatically of any progress on your issue.
170
171				=head2 Source Code
172
173				This is open source software. The code repository is available for
174				public review and contribution under the terms of the license.
175
176				L
177
178				git clone https://github.com/giterlizzi/perl-STIX.git
179
180
181				=head1 AUTHOR
182
183				=over 4
184
185				=item * Giuseppe Di Terlizzi
186
187				=back
188
189
190				=head1 LICENSE AND COPYRIGHT
191
192				This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
193
194				This is free software; you can redistribute it and/or modify it under
195				the same terms as the Perl 5 programming language system itself.
196
197				=cut