tmnpy.dsl.threat.Threat

class tmnpy.dsl.threat.Threat(name: str, desc: str = None, examples: list = None, threat_source_desc: str = None, required_skills: str = 'Unknown', required_resources: str = 'Unknown', avenue: str = 'Unknown', attack_steps: list = [], **kwargs)

A threat is an instance of a weakness (or set of weaknesses) in the system that the threat model is for, that has been determined to apply. A threat is evaluated on it’s own, such as the potential worst-case severity of the threat.

Parameters:

namestr

Name of the threat, can be a short hand.

descstr, default None

A short description of the threat to help understand it’s applicability.

exampleslist, default None

Any examples of this threat.

threat_source_descstr, default None

A description about the threat source, for example APT or Insider Threat that provides some information about who the threat could be from. NIST 800-30 provides detailed examples of threat sources that can be used in Appendix D.

required_skillsstr, default “Unknown”

The level of skills or specific knowledge needed by an adversary to execute this type of attack. Options are: High, Medium, Low, and Unknown.

Source: SkillLevelEnumeration MITRE CAPEC <https://capec.mitre.org/data/xsd/ap_schema_latest.xsd>

required_resourcesstr, default “Unknown”

The resources (e.g., CPU cycles, IP addresses, tools) required by an adversary to effectively execute this type of attack.

Source: RequiredResourcesType MITRE CAPEC <https://capec.mitre.org/data/xsd/ap_schema_latest.xsd>

avenuestr, default “Unknown

The avenue is the area or place from which an attack must occur. Each separate avenue represents varying levels of implied trust and attack surface. Options are: Remote, Limited Remote, Local, Physical. More information on these options, as well as additional options can be found in See threat_source().

Source: NIST Vulnerability Data Ontology

attack_stepslist, default []

List of steps associated with the threat, this generally only applies to attack patterns, such as those given in MITRE CAPEC.

**kwargs

See Issue().

Attributes:

attack_steps: Attack steps provides a detailed step by step flow of a threat, specifically an attack pattern.
children: Children Elements.
consequences: Consquences refers to the potential impact of an issue.
desc: Description of the Element
meta: meta consists of the meta data associated with an Issue. In particular,
name: Name of the Element
parent: Parent Element.
threat_source: A description of the threat source as well as the required resources, skills, and how the attack surface can be accessed.

Methods

`add_child`(child)	add_child allows you to add a single child to an Element.
`add_consequence`(scope, impact[, likelihood, ...])	Adding a consequence to an issue.
`add_step`(order, phase[, desc, technique])	Add a step to the attack steps.
`remove_child`(child)	remove_child allows you to remove a single child to an Element.
`remove_consequence`(cid)	Removing a consequence from an issue.

remove_step

__init__(name: str, desc: str = None, examples: list = None, threat_source_desc: str = None, required_skills: str = 'Unknown', required_resources: str = 'Unknown', avenue: str = 'Unknown', attack_steps: list = [], **kwargs) → None

Methods

`__init__`(name[, desc, examples, ...])
`add_child`(child)	add_child allows you to add a single child to an Element.
`add_consequence`(scope, impact[, likelihood, ...])	Adding a consequence to an issue.
`add_step`(order, phase[, desc, technique])	Add a step to the attack steps.
`remove_child`(child)	remove_child allows you to remove a single child to an Element.
`remove_consequence`(cid)	Removing a consequence from an issue.
`remove_step`(order)

Attributes

`attack_steps`	Attack steps provides a detailed step by step flow of a threat, specifically an attack pattern.
`children`	Children Elements.
`consequences`	Consquences refers to the potential impact of an issue.
`desc`	Description of the Element
`meta`	meta consists of the meta data associated with an Issue.
`name`	Name of the Element
`parent`	Parent Element.
`threat_source`	A description of the threat source as well as the required resources, skills, and how the attack surface can be accessed.