Skip to content

Class: SocketExt

The Socket extension specifies a default extension for capturing network traffic properties specific to network sockets. Used as the value of the 'socket-ext' key in a NetworkTraffic object's extensions dictionary.

URI: attack:SocketExt

 classDiagram
    class SocketExt
    click SocketExt href "../SocketExt/"
      CommonSchemaComponent <|-- SocketExt
        click CommonSchemaComponent href "../CommonSchemaComponent/"

      SocketExt : address_family





        SocketExt --> "1" NetworkSocketAddressFamilyEnum : address_family
        click NetworkSocketAddressFamilyEnum href "../NetworkSocketAddressFamilyEnum/"



      SocketExt : description

      SocketExt : id

      SocketExt : is_blocking

      SocketExt : is_listening

      SocketExt : name

      SocketExt : socket_descriptor

      SocketExt : socket_handle

      SocketExt : socket_options

      SocketExt : socket_type





        SocketExt --> "0..1" NetworkSocketTypeEnum : socket_type
        click NetworkSocketTypeEnum href "../NetworkSocketTypeEnum/"



      SocketExt : type

Inheritance

Slots

Name Cardinality and Range Description Inheritance
address_family 1
NetworkSocketAddressFamilyEnum		 Specifies the address family (AF_*) that the socket is configured for direct
is_blocking 0..1
Boolean		 Specifies whether the socket is in blocking mode direct
is_listening 0..1
Boolean		 Specifies whether the socket is in listening mode direct
socket_options 0..1
String		 Specifies any options (SO_*) that may be used by the socket direct
socket_type 0..1
NetworkSocketTypeEnum		 Specifies the type of the socket direct
socket_descriptor 0..1
Integer		 Specifies the socket file descriptor value associated with the socket direct
socket_handle 0..1
Integer		 Specifies the handle or inode value associated with the socket direct
id 0..1
StixIdentifier		 STIX object identifier StixEntity
type 0..1
StixTypeName		 STIX object type StixEntity
name 0..1
String		 Human-readable name StixEntity
description 0..1
String		 Human-readable description StixEntity

In Subsets

Comments

  • stix_extension_key: socket-ext stix_parent_type: network-traffic jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/network-traffic.json

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/attack

Mappings

Mapping Type Mapped Value
self attack:SocketExt
native attack:SocketExt

LinkML Source

Direct

name: SocketExt
description: The Socket extension specifies a default extension for capturing network
  traffic properties specific to network sockets. Used as the value of the 'socket-ext'
  key in a NetworkTraffic object's extensions dictionary.
comments:
- 'stix_extension_key: socket-ext stix_parent_type: network-traffic jsonschema_source:
  https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/network-traffic.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
slots:
- address_family
- is_blocking
- is_listening
- socket_options
- socket_type
- socket_descriptor
- socket_handle
slot_usage:
  address_family:
    name: address_family
    required: true

Induced

name: SocketExt
description: The Socket extension specifies a default extension for capturing network
  traffic properties specific to network sockets. Used as the value of the 'socket-ext'
  key in a NetworkTraffic object's extensions dictionary.
comments:
- 'stix_extension_key: socket-ext stix_parent_type: network-traffic jsonschema_source:
  https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/network-traffic.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
is_a: CommonSchemaComponent
slot_usage:
  address_family:
    name: address_family
    required: true
attributes:
  address_family:
    name: address_family
    description: Specifies the address family (AF_*) that the socket is configured
      for.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: address_family
    owner: SocketExt
    domain_of:
    - SocketExt
    range: NetworkSocketAddressFamilyEnum
    required: true
  is_blocking:
    name: is_blocking
    description: Specifies whether the socket is in blocking mode.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: is_blocking
    owner: SocketExt
    domain_of:
    - SocketExt
    range: boolean
  is_listening:
    name: is_listening
    description: Specifies whether the socket is in listening mode.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: is_listening
    owner: SocketExt
    domain_of:
    - SocketExt
    range: boolean
  socket_options:
    name: socket_options
    description: Specifies any options (SO_*) that may be used by the socket.
    comments:
    - 'jsonschema_rule: patternProperties validator_hint: validate-socket-options-dictionary'
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: socket_options
    owner: SocketExt
    domain_of:
    - SocketExt
    range: string
  socket_type:
    name: socket_type
    description: Specifies the type of the socket.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: socket_type
    owner: SocketExt
    domain_of:
    - SocketExt
    range: NetworkSocketTypeEnum
  socket_descriptor:
    name: socket_descriptor
    description: Specifies the socket file descriptor value associated with the socket.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: socket_descriptor
    owner: SocketExt
    domain_of:
    - SocketExt
    range: integer
  socket_handle:
    name: socket_handle
    description: Specifies the handle or inode value associated with the socket.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: socket_handle
    owner: SocketExt
    domain_of:
    - SocketExt
    range: integer
  id:
    name: id
    description: STIX object identifier.
    from_schema: https://w3id.org/lmodel/attack
    related_mappings:
    - unified_cyber_ontology:externalReference
    rank: 1000
    alias: id
    owner: SocketExt
    domain_of:
    - StixEntity
    - Bundle
    - Core
    - CyberObservableCore
    - ExtensionDefinition
    - LanguageContent
    - MarkingDefinition
    - File
    range: stix_identifier
  type:
    name: type
    description: STIX object type.
    from_schema: https://w3id.org/lmodel/attack
    related_mappings:
    - unified_cyber_ontology:state
    rank: 1000
    alias: type
    owner: SocketExt
    domain_of:
    - StixEntity
    - Bundle
    - Core
    - CyberObservableCore
    - ExtensionDefinition
    - LanguageContent
    - MarkingDefinition
    - File
    range: stix_type_name
  name:
    name: name
    description: Human-readable name.
    from_schema: https://w3id.org/lmodel/attack
    exact_mappings:
    - unified_cyber_ontology:name
    rank: 1000
    alias: name
    owner: SocketExt
    domain_of:
    - RelatedAsset
    - StixEntity
    - ExtensionDefinition
    - MarkingDefinition
    - AutonomousSystem
    - File
    range: string
  description:
    name: description
    description: Human-readable description.
    from_schema: https://w3id.org/lmodel/attack
    close_mappings:
    - unified_cyber_ontology:description
    rank: 1000
    alias: description
    owner: SocketExt
    domain_of:
    - RelatedAsset
    - MutableElement
    - StixEntity
    - ExtensionDefinition
    - ExternalReference
    range: string