Navigation

Source code for cybox.objects.win_system_restore_object

# Copyright (c) 2015, The MITRE Corporation. All rights reserved.
# See LICENSE.txt for complete terms.

import cybox
import cybox.bindings.win_system_restore_object as win_system_restore_binding
from cybox.objects.system_object import System
from cybox.common import String, HexBinary, Long, DateTime, ObjectProperties



[docs]class HiveList(cybox.EntityList):
    _binding = win_system_restore_binding
    _binding_class = win_system_restore_binding.HiveListType
    _binding_var = "Hive"
    _contained_type = String
    _namespace = "http://cybox.mitre.org/objects#WinSystemObject-2"




[docs]class WinSystemRestore(ObjectProperties):
    _binding = win_system_restore_binding
    _binding_class = win_system_restore_binding.WindowsSystemRestoreObjectType
    _namespace = "http://cybox.mitre.org/objects#WinSystemRestoreObject-2"
    _XSI_NS = "WinSystemRestoreObj"
    _XSI_TYPE = "WindowsSystemRestoreObjectType"

    restore_point_description = cybox.TypedField("Restore_Point_Description", String)
    restore_point_full_path = cybox.TypedField("Restore_Point_Full_Path", String)
    acl_change_username = cybox.TypedField("ACL_Change_Username", String)
    restore_point_name = cybox.TypedField("Restore_Point_Name", String)
    restore_point_type = cybox.TypedField("Restore_Point_Type", String)
    backup_file_name = cybox.TypedField("Backup_File_Name", String)
    acl_change_sid = cybox.TypedField("ACL_Change_SID", String)
    changelog_entry_flags = cybox.TypedField("ChangeLog_Entry_Flags", String)
    changelog_entry_sequence_number = cybox.TypedField("ChangeLog_Entry_Sequence_Number", Long)
    created = cybox.TypedField("Created", DateTime)
    
    file_attributes = cybox.TypedField("File_Attributes", String)
    new_file_name = cybox.TypedField("New_File_Name", String)
    original_file_name = cybox.TypedField("Original_File_Name", String)
    original_short_file_name = cybox.TypedField("Original_Short_File_Name", String)
    process_name = cybox.TypedField("Process_Name", String)
    
    change_event = cybox.TypedField("Change_Event", String)
    changelog_entry_type = cybox.TypedField("ChangeLog_Entry_Type", String)
    
    registry_hive_list = cybox.TypedField("Registry_Hive_List", HiveList)

Related Documentation

Navigation

© Copyright 2015, The MITRE Corporation. Created using Sphinx 1.2.1.