/ 
STIX-1.01
/ STIX::Observable::UserAccount

NAME

STIX::Observable::UserAccount - STIX Cyber-observable Object (SCO) - User Account

SYNOPSIS

use STIX::Observable::UserAccount;

my $user_account = STIX::Observable::UserAccount->new();

DESCRIPTION

The User Account Object represents an instance of any type of user account, including but not limited to operating system, device, messaging service, and social media platform accounts.

METHODS

STIX::Observable::UserAccount inherits all methods from STIX::Observable and implements the following new ones.

STIX::Observable::UserAccount->new(%properties)

Create a new instance of STIX::Observable::UserAccount.

$user_account->account_created

Specifies when the account was created.

$user_account->account_expires

Specifies the expiration date of the account.

$user_account->account_first_login

Specifies when the account was first accessed.

$user_account->account_last_login

Specifies when the account was last accessed.

$user_account->account_login

Specifies the account login string, used in cases where the user_id property specifies something other than what a user would type when they login.

$user_account->account_type

Specifies the type of the account. This is an open vocabulary and values SHOULD come from the account-type-ov vocabulary.

$user_account->can_escalate_privs

Specifies that the account has the ability to escalate privileges (i.e., in the case of sudo on Unix or a Windows Domain Admin account).

$user_account->credential

Specifies a cleartext credential. This is only intended to be used in capturing metadata from malware analysis (e.g., a hard-coded domain administrator password that the malware attempts to use for lateral movement) and SHOULD NOT be used for sharing of PII.

$user_account->credential_last_changed

Specifies when the account credential was last changed.

$user_account->display_name

Specifies the display name of the account, to be shown in user interfaces, if applicable.

$user_account->extensions

The User Account Object defines the following extensions. In addition to these, producers MAY create their own. Extensions: unix-account-ext.

$user_account->id
$user_account->is_disabled

Specifies if the account is disabled.

$user_account->is_privileged

Specifies that the account has elevated privileges (i.e., in the case of root on Unix or the Windows Administrator account).

$user_account->is_service_account

Indicates that the account is associated with a network service or system process (daemon), not a specific individual.

$user_account->type

The value of this property MUST be user-account.

$user_account->user_id

Specifies the identifier of the account.

HELPERS

$user_account->TO_JSON

Encode the object in JSON.

$user_account->to_hash

Return the object HASH.

$user_account->to_string

Encode the object in JSON.

$user_account->validate

Validate the object using JSON Schema (see STIX::Schema).

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-STIX/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-STIX

git clone https://github.com/giterlizzi/perl-STIX.git

AUTHOR

  • Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This software is copyright (c) 2024 by Giuseppe Di Terlizzi.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.