threatgrid/ctim
1.3.21
cljdoc
threatgrid/ctim
Liking cljdoc? Tell your friends :D
Articles
Readme
Cisco Threat Intel Model (CTIM)
Common Relationship Type
Sorting CTIM Entities
*Actor* Object
*Asset* Object
*AssetMapping* Object
*AssetProperties* Object
*AttackPattern* Object
*Bundle* Object
*Campaign* Object
*Casebook* Object
*COA* Object
*Feedback* Object
*Incident* Object
*Indicator* Object
*Judgement* Object
*Malware* Object
*Note* Object
*Relationship* Object
*Sighting* Object
*TargetRecord* Object
*Tool* Object
*Verdict* Object
*Vulnerability* Object
*Weakness* Object
How to Build an Excellent External ID
SecureX Incident Summary Guidelines
Modeling Complex Events in CTIM
Modeling Incidents in CTIM
Modeling Threat Intelligence in CTIM
Namespaces
ctim
document
domain
disposition
id
observables
ip
sorting
time
validity
examples
actors
asset-mappings
asset-properties
assets
attack-patterns
bundles
campaigns
casebooks
coas
data-tables
feedbacks
identity-assertions
incidents
indicators
investigations
judgements
malwares
notes
relationships
sightings
target-records
tools
verdicts
vulnerabilities
weaknesses
generate
generators
common
entities
id
lib
generators
predicates
schema
schemas
actor
asset
asset-mapping
asset-properties
attack-pattern
bundle
campaign
casebook
coa
common
data-table
feedback
identity-assertion
incident
indicator
investigation
judgement
malware
note
openc2-network
openc2-network-sdn
openc2vocabularies
relationship
sighting
context
target-record
tool
verdict
vocabularies
vulnerability
weakness
ctim.schemas.actor
Actor
actor-desc
actor-desc-link
ActorRef
ActorTypeIdentifier
NewActor
type-identifier
ctim.schemas.asset
Asset
asset-types
AssetRef
AssetType
AssetTypeIdentifier
NewAsset
ctim.schemas.asset-mapping
AssetMapping
AssetMappingRef
AssetMappingTypeIdentifier
NewAssetMapping
Specificity
specificity
stability
Stability
ctim.schemas.asset-properties
AssetProperties
AssetPropertiesRef
AssetPropertiesTypeIdentifier
AssetProperty
NewAssetProperties
ctim.schemas.attack-pattern
attack-pattern-desc
attack-pattern-desc-link
AttackPattern
AttackPatternRef
AttackPatternTypeIdentifier
NewAttackPattern
type-identifier
ctim.schemas.bundle
Bundle
bundle-desc
bundle-entries
BundleReference
BundleTypeIdentifier
new-bundle-entries
new-objects-entries
NewBundle
objects-entries
references-entries
type-identifier
ctim.schemas.campaign
Campaign
campaign-desc
campaign-desc-link
CampaignRef
CampaignTypeIdentifier
NewCampaign
type-identifier
ctim.schemas.casebook
Casebook
casebook-desc
CasebookRef
CasebookTypeIdentifier
NewCasebook
Text
type-identifier
ctim.schemas.coa
ActionType
ActuatorType
AdditionalProperties
COA
coa-desc
coa-desc-link
COARef
COATypeIdentifier
destination
method
ModifierType
NewCOA
OpenC2COA
OpenC2StructuredCOAType
search
structured-coa-entries
StructuredCOAType
TargetType
type-identifier
ctim.schemas.common
Activity
base-entity-entries
base-new-entity-entries
Contributor
ctim-schema-version
CTIMSchemaVersion
default-tlp
describable-entity-entries
described-entity-entries
determine-disposition-id
disposition-map
disposition-map-inverted
DispositionName
DispositionNumber
dispositions
ExternalReference
ID
id-generator
Identity
IdentitySpecification
KillChainPhase
LongString
Markdown
MedString
MetaData
Observable
observable-relations-map
ObservableRelation
ObservableRelationType
ObservedRelation
ObservedTime
open-vocab
OpenVocab
PosInt
ref
ref-for-type
Reference
RelatedIdentity
relation-types
scalar
SchemaVersion
scope-wrapper-entries
ShortString
sourcable-object-entries
sourced-object-entries
specification-types
SpecificationType
Time
TLP
URI
uri?
ValidTime
ctim.schemas.data-table
check-datatable
column-type
ColumnDefinition
ColumnType
DataTable
DataTableRef
DataTableTypeIdentifier
Datum
NewDataTable
type-identifier
ctim.schemas.feedback
Feedback
FeedbackRef
FeedbackTypeIdentifier
NewFeedback
type-identifier
ctim.schemas.identity-assertion
Assertion
assertion
AssertionType
IdentityAssertion
IdentityAssertionRef
IdentityAssertionTypeIdentifier
IdentityCoordinates
NewIdentityAssertion
type-identifier
ctim.schemas.incident
Incident
incident-desc
incident-desc-link
IncidentRef
IncidentScores
IncidentTime
IncidentTypeIdentifier
NewIncident
sample-score-types
Score
ScoreType
type-identifier
valid-score?
ctim.schemas.indicator
BooleanOperator
CompositeIndicatorExpression
generalize-indicator
Indicator
indicator-desc
indicator-desc-link
IndicatorRef
IndicatorTypeIdentifier
JudgementSpecification
JudgementSpecificationType
NewIndicator
OpenIOCSpecification
OpenIOCSpecificationType
SIOCSpecification
SIOCSpecificationType
SnortSpecification
SnortSpecificationType
ThreatBrainSpecification
ThreatBrainSpecificationType
type-identifier
ctim.schemas.investigation
Investigation
InvestigationIdentifier
NewInvestigation
type-identifier
ctim.schemas.judgement
fix-disposition
Judgement
judgement-desc
JudgementRef
JudgementTypeIdentifier
NewJudgement
Priority
type-identifier
ctim.schemas.malware
Malware
malware-desc
malware-desc-link
MalwareRef
MalwareTypeIdentifier
NewMalware
type-identifier
ctim.schemas.note
NewNote
Note
NoteRef
NoteRelatedEntity
NoteTypeIdentifier
type-identifier
ctim.schemas.openc2-network
ACL-action
ACLAction
BGPBlackhole
BGPBlackholeTypeIdentifier
BlockModifier
BlockModifierType
ContainModifier
ContainTypeIdentifier
DNSSinkhole
DNSSinkholeTypeIdentifier
Encapsulation
HoneyPot
HoneyPotRoutes
HoneyPotTypeIdentifier
InspectModifier
InspectModifierTypeIdentifier
NetworkACL
NetworkACLTypeIdentifier
NonSensitive
NonSensitiveTypeIdentifier
PacketCaptureModifier
PacketCaptureModifierTypeIdentifier
protocol
Protocol
Remediation
RemediationTypeIdentifier
SecGroupProfile
Traffic
VLANProfile
ctim.schemas.openc2-network-sdn
Scan
ScanMethods
ScanTypeIdentifier
ctim.schemas.openc2vocabularies
actuator-type
ActuatorType
COA-type
COAType
location-class
LocationClass
loss-duration
LossDuration
modifier-type
ModifierType
TargetTypeVocab
ctim.schemas.relationship
ActorReference
AttackPatternReference
CampaignReference
COAReference
DataTableReference
FeedbackReference
IdentityAssertionReference
IncidentReference
IndicatorReference
JudgementReference
MalwareReference
NewRelationship
RelatedActor
RelatedActors
RelatedAttackPattern
RelatedAttackPatterns
RelatedCampaign
RelatedCampaigns
RelatedCOA
RelatedCOAs
RelatedIdentityAssertion
RelatedIdentityAssertions
RelatedIncident
RelatedIncidents
RelatedIndicator
RelatedIndicators
RelatedJudgement
RelatedJudgements
RelatedMalware
RelatedMalwares
RelatedSighting
RelatedSightings
RelatedTool
RelatedTools
Relationship
relationship-entries
RelationshipRef
RelationshipTypeIdentifier
SightingReference
ToolReference
type-identifier
VerdictReference
ctim.schemas.sighting
NewSighting
SensorCoordinates
Sighting
sighting-desc
sighting-desc-link
SightingDataTable
SightingRef
SightingTypeIdentifier
type-identifier
ctim.schemas.sighting.context
base-event-entries
Context
file-create-type-identifier
file-delete-type-identifier
file-event-entries
file-modify-type-identifier
file-move-type-identifier
FileCreateType
FileCreateTypeIdentifier
FileDeleteType
FileDeleteTypeIdentifier
FileModifyType
FileModifyTypeIdentifier
FileMoveType
FileMoveTypeIdentifier
http-methods
http-type-identifier
HTTPMethod
HTTPType
HTTPTypeIdentifier
library-load-type-identifier
LibraryLoadType
LibraryLoadTypeIdentifier
netflow-type-identifier
NetflowType
NetflowTypeIdentifier
process-create-type-identifier
ProcessCreateType
ProcessCreateTypeIdentifier
registry-create-type-identifier
registry-delete-type-identifier
registry-event-entries
registry-rename-type-identifier
registry-set-type-identifier
RegistryCreateType
RegistryCreateTypeIdentifier
RegistryDeleteType
RegistryDeleteTypeIdentifier
RegistryRenameType
RegistryRenameTypeIdentifier
RegistrySetType
RegistrySetTypeIdentifier
Traffic
traffic-direction
TrafficDirection
ctim.schemas.target-record
NewTargetRecord
Target
TargetRecord
TargetRecordRef
TargetRecordTypeIdentifier
ctim.schemas.tool
NewTool
Tool
tool-desc
tool-desc-link
ToolRef
ToolTypeIdentifier
type-identifier
ctim.schemas.verdict
type-identifier
Verdict
VerdictRef
VerdictTypeIdentifier
ctim.schemas.vocabularies
architecture-classes
ArchitectureClass
attack-pattern-abstraction-labels
AttackPatternAbstractions
campaign-status
CampaignStatus
COA-stage
COA-type
COAStage
COAType
consequence-scopes
ConsequenceScope
cvss-v2-access-complexities
cvss-v2-access-vectors
cvss-v2-authentications
cvss-v2-cdp-scores
cvss-v2-exploitability-scores
cvss-v2-impacts
cvss-v2-remediation-level-scores
cvss-v2-report-confidence-scores
cvss-v2-security-requirement-scores
cvss-v2-target-distribution-scores
cvss-v3-attack-complexities
cvss-v3-attack-vectors
cvss-v3-availability-impacts
cvss-v3-confidentiality-impacts
cvss-v3-exploit-code-maturities
cvss-v3-integrity-impacts
cvss-v3-modified-attack-complexities
cvss-v3-modified-attack-vectors
cvss-v3-modified-availability-impacts
cvss-v3-modified-confidentiality-impacts
cvss-v3-modified-integrity-impacts
cvss-v3-modified-privileges-required
cvss-v3-modified-scopes
cvss-v3-modified-user-interactions
cvss-v3-privileges-required
cvss-v3-remediation-levels
cvss-v3-report-confidences
cvss-v3-scopes
cvss-v3-security-requirements
cvss-v3-severities
CVSSv2AccessComplexity
CVSSv2AccessVector
CVSSv2Authentication
CVSSv2AvailabilityImpact
CVSSv2CollateralDamagePotential
CVSSv2ConfidentialityImpact
CVSSv2Exploitability
CVSSv2IntegrityImpact
CVSSv2RemediationLevel
CVSSv2ReportConfidence
CVSSv2SecurityRequirement
CVSSv2TargetDistribution
CVSSv3AttackComplexity
CVSSv3AttackVector
CVSSv3AvailabilityImpact
CVSSv3ConfidentialityImpact
CVSSv3ExploitCodeMaturity
CVSSv3IntegrityImpact
CVSSv3ModifiedAttackComplexity
CVSSv3ModifiedAttackVector
CVSSv3ModifiedAvailabilityImpact
CVSSv3ModifiedConfidentialityImpact
CVSSv3ModifiedIntegrityImpact
CVSSv3ModifiedPrivilegesRequired
CVSSv3ModifiedScope
CVSSv3ModifiedUserInteraction
CVSSv3PrivilegesRequired
CVSSv3RemediationLevel
CVSSv3ReportConfidence
CVSSv3Scope
CVSSv3SecurityRequirements
CVSSv3Severity
CVSSv3UserInteraction
default-resolution
detection-effectivness
detection-methods
DetectionEffectiveness
DetectionMethod
discovery-method
DiscoveryMethod
Effectiveness
effectiveness
functional-areas
FunctionalArea
high-med-low
HighMedLow
incident-category
IncidentCategory
indicator-type
IndicatorType
intended-effect
IntendedEffect
kill-chain-name
kill-chain-phases
language-classes
LanguageClass
location-class
LocationClass
loss-duration
loss-property
LossDuration
LossProperty
malware-abstraction-labels
malware-labels
MalwareAbstractions
MalwareLabel
mitigation-strategies
MitigationStrategy
Motivation
motivation
note-types
NoteType
observable-type-identifier
ObservableTypeIdentifier
operating-system-classes
OperatingSystemClass
Prevalence
prevalences
promotion-method
PromotionMethod
relationship-type
RelationshipType
Resolution
resolution
scope
Scope
sensor
Sensor
Severity
severity
software-phases
SoftwarePhase
sophistication
Sophistication
Status
status
system-resources
SystemResource
technical-impacts
TechnicalImpact
threat-actor-type
ThreatActorType
tool-labels
ToolLabel
user-interactions
weakness-abstraction-levels
weakness-structures
WeaknessAbstractionLevel
WeaknessStructure
ctim.schemas.vulnerability
Configurations
cpe-node-operator-string
cpe-node-operators
CPELeafNode
CPEMatch
CPENode
CVE
CVEDataMeta
cvss-v2-environmental-vector-string-exp
cvss-v2-environmental-vector-string?
cvss-v2-temporal-vector-string-exp
cvss-v2-temporal-vector-string?
cvss-v2-vector-string-exp
cvss-v2-vector-string?
cvss-v3-vector-string-exp
cvss-v3-vector-string?
CVSSv2
CVSSv2EnvironmentalVectorString
CVSSv2TemporalVectorString
CVSSv2VectorString
CVSSv3
CVSSv3VectorString
formatted-cpe-23-string-regex
formatted-cpe-23-string?
FormattedCPE23String
NewVulnerability
Score
type-identifier
valid-score?
Version
Vulnerability
vulnerability-desc
vulnerability-desc-link
VulnerabilityImpact
VulnerabilityRef
VulnerabilityTypeIdentifier
ctim.schemas.weakness
AlternateTerm
applicable-platform-entries
Architecture
Consequence
DetectionMethod
Language
Mitigation
ModeOfIntroduction
NewWeakness
Note
OperatingSystem
Paradigm
Technology
type-identifier
Weakness
weakness-desc
weakness-desc-link
WeaknessRef
WeaknessTypeIdentifier
cljdoc
is a website building & hosting documentation for Clojure/Script libraries
Keyboard shortcuts
Report a problem
cljdoc on GitHub
× close