2017-09-21 14:28:31 +02:00
|
|
|
|Build_Status| |Coverage| |Version|
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
cti-python-stix2
|
|
|
|
================
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
This is an `OASIS TC Open
|
|
|
|
Repository <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
See the `Governance <#governance>`__ section for more information.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
This repository provides Python APIs for serializing and de-
|
|
|
|
serializing
|
2017-07-20 00:04:54 +02:00
|
|
|
STIX 2 JSON content, along with higher-level APIs for common tasks,
|
|
|
|
including data markings, versioning, and for resolving STIX IDs across
|
|
|
|
multiple data sources.
|
|
|
|
|
|
|
|
For more information, see `the
|
2017-10-23 20:38:58 +02:00
|
|
|
documentation <https://stix2.readthedocs.io/>`__ on
|
2017-07-20 00:04:54 +02:00
|
|
|
ReadTheDocs.
|
|
|
|
|
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
|
|
|
Install with `pip <https://pip.pypa.io/en/stable/>`__:
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
pip install stix2
|
|
|
|
|
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
|
|
|
To create a STIX object, provide keyword arguments to the type's
|
2018-04-03 18:20:43 +02:00
|
|
|
constructor. Certain required attributes of all objects, such as
|
|
|
|
``type`` or
|
|
|
|
``id``, will be set automatically if not provided as keyword
|
|
|
|
arguments.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
.. code:: python
|
|
|
|
|
|
|
|
from stix2 import Indicator
|
|
|
|
|
|
|
|
indicator = Indicator(name="File hash for malware variant",
|
2017-08-18 14:59:27 +02:00
|
|
|
labels=["malicious-activity"],
|
2018-04-04 18:12:09 +02:00
|
|
|
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
To parse a STIX JSON string into a Python STIX object, use
|
|
|
|
``parse()``:
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
.. code:: python
|
|
|
|
|
2017-10-02 19:22:07 +02:00
|
|
|
from stix2 import parse
|
|
|
|
|
|
|
|
indicator = parse("""{
|
|
|
|
"type": "indicator",
|
|
|
|
"id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",
|
|
|
|
"created": "2017-09-26T23:33:39.829Z",
|
|
|
|
"modified": "2017-09-26T23:33:39.829Z",
|
|
|
|
"labels": [
|
|
|
|
"malicious-activity"
|
|
|
|
],
|
|
|
|
"name": "File hash for malware variant",
|
2018-04-03 18:20:43 +02:00
|
|
|
"pattern": "[file:hashes.md5 =
|
|
|
|
'd41d8cd98f00b204e9800998ecf8427e']",
|
2017-10-02 19:22:07 +02:00
|
|
|
"valid_from": "2017-09-26T23:33:39.829952Z"
|
|
|
|
}""")
|
|
|
|
print(indicator)
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
For more in-depth documentation, please see
|
|
|
|
`https://stix2.readthedocs.io/ <https://stix2.readthedocs.io/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2017-10-27 18:38:25 +02:00
|
|
|
STIX 2.X Technical Specification Support
|
|
|
|
----------------------------------------
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
This version of python-stix2 supports STIX 2.0 by default. Although,
|
|
|
|
the
|
|
|
|
`stix2` Python library is built to support multiple versions of the
|
|
|
|
STIX
|
|
|
|
Technical Specification. With every major release of stix2 the
|
|
|
|
``import stix2``
|
|
|
|
statement will automatically load the SDO/SROs equivalent to the most
|
|
|
|
recent
|
|
|
|
supported 2.X Technical Specification. Please see the library
|
|
|
|
documentation
|
2017-10-27 18:38:25 +02:00
|
|
|
for more details.
|
|
|
|
|
2017-07-20 00:04:54 +02:00
|
|
|
Governance
|
|
|
|
----------
|
|
|
|
|
|
|
|
This GitHub public repository (
|
|
|
|
**https://github.com/oasis-open/cti-python-stix2** ) was
|
2018-04-03 18:20:43 +02:00
|
|
|
`proposed <https://lists.oasis-
|
|
|
|
open.org/archives/cti/201702/msg00008.html>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
and
|
2018-04-03 18:20:43 +02:00
|
|
|
`approved <https://www.oasis-
|
|
|
|
open.org/committees/download.php/60009/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
[`bis <https://issues.oasis-open.org/browse/TCADMIN-2549>`__] by the
|
|
|
|
`OASIS Cyber Threat Intelligence (CTI)
|
2018-04-03 18:20:43 +02:00
|
|
|
TC <https://www.oasis-open.org/committees/cti/>`__ as an `OASIS TC
|
|
|
|
Open
|
|
|
|
Repository <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
to support development of open source resources related to Technical
|
|
|
|
Committee work.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
While this TC Open Repository remains associated with the sponsor TC,
|
|
|
|
its
|
2017-07-20 00:04:54 +02:00
|
|
|
development priorities, leadership, intellectual property terms,
|
|
|
|
participation rules, and other matters of governance are `separate and
|
2018-04-03 18:20:43 +02:00
|
|
|
distinct <https://github.com/oasis-open/cti-python-
|
|
|
|
stix2/blob/master/CONTRIBUTING.md#governance-distinct-from-oasis-tc-
|
|
|
|
process>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
from the OASIS TC Process and related policies.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
All contributions made to this TC Open Repository are subject to open
|
2017-07-20 00:04:54 +02:00
|
|
|
source license terms expressed in the `BSD-3-Clause
|
2018-04-03 18:20:43 +02:00
|
|
|
License <https://www.oasis-open.org/sites/www.oasis-
|
|
|
|
open.org/files/BSD-3-Clause.txt>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
That license was selected as the declared `"Applicable
|
2018-04-03 18:20:43 +02:00
|
|
|
License" <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/licenses>`__
|
|
|
|
when the TC Open Repository was created.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
As documented in `"Public Participation
|
2018-04-03 18:20:43 +02:00
|
|
|
Invited <https://github.com/oasis-open/cti-python-
|
|
|
|
stix2/blob/master/CONTRIBUTING.md#public-participation-invited>`__",
|
|
|
|
contributions to this OASIS TC Open Repository are invited from all
|
|
|
|
parties, whether affiliated with OASIS or not. Participants must have
|
|
|
|
a
|
2017-07-20 00:04:54 +02:00
|
|
|
GitHub account, but no fees or OASIS membership obligations are
|
|
|
|
required. Participation is expected to be consistent with the `OASIS
|
2018-04-03 18:20:43 +02:00
|
|
|
TC Open Repository Guidelines and
|
|
|
|
Procedures <https://www.oasis-open.org/policies-guidelines/open-
|
|
|
|
repositories>`__,
|
2017-07-20 00:04:54 +02:00
|
|
|
the open source
|
2018-04-03 18:20:43 +02:00
|
|
|
`LICENSE <https://github.com/oasis-open/cti-python-
|
|
|
|
stix2/blob/master/LICENSE>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
designated for this particular repository, and the requirement for an
|
|
|
|
`Individual Contributor License
|
2018-04-03 18:20:43 +02:00
|
|
|
Agreement <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/cla/individual-cla>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
that governs intellectual property.
|
|
|
|
|
|
|
|
Maintainers
|
|
|
|
~~~~~~~~~~~
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
TC Open Repository
|
|
|
|
`Maintainers <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
are responsible for oversight of this project's community development
|
|
|
|
activities, including evaluation of GitHub `pull
|
2018-04-03 18:20:43 +02:00
|
|
|
requests <https://github.com/oasis-open/cti-python-
|
|
|
|
stix2/blob/master/CONTRIBUTING.md#fork-and-pull-collaboration-
|
|
|
|
model>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
and
|
2018-04-03 18:20:43 +02:00
|
|
|
`preserving <https://www.oasis-open.org/policies-guidelines/open-
|
|
|
|
repositories#repositoryManagement>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
open source principles of openness and fairness. Maintainers are
|
|
|
|
recognized and trusted experts who serve to implement community goals
|
|
|
|
and consensus design preferences.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
Initially, the associated TC members have designated one or more
|
|
|
|
persons
|
|
|
|
to serve as Maintainer(s); subsequently, participating community
|
|
|
|
members
|
2017-07-20 00:04:54 +02:00
|
|
|
may select additional or substitute Maintainers, per `consensus
|
2018-04-03 18:20:43 +02:00
|
|
|
agreements <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/maintainers-guide#additionalMaintainers>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2017-07-20 15:45:39 +02:00
|
|
|
.. _currentMaintainers:
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
**Current Maintainers of this TC Open Repository**
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
- `Greg Back <mailto:gback@mitre.org>`__; GitHub ID:
|
|
|
|
https://github.com/gtback/; WWW: `MITRE
|
|
|
|
Corporation <http://www.mitre.org/>`__
|
|
|
|
- `Chris Lenk <mailto:clenk@mitre.org>`__; GitHub ID:
|
|
|
|
https://github.com/clenk/; WWW: `MITRE
|
|
|
|
Corporation <http://www.mitre.org/>`__
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
About OASIS TC Open Repositories
|
2018-04-16 21:47:25 +02:00
|
|
|
--------------------------------
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
- `TC Open Repositories: Overview and
|
|
|
|
Resources <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
- `Frequently Asked
|
2018-04-03 18:20:43 +02:00
|
|
|
Questions <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/faq>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
- `Open Source
|
2018-04-03 18:20:43 +02:00
|
|
|
Licenses <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/licenses>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
- `Contributor License Agreements
|
2018-04-03 18:20:43 +02:00
|
|
|
(CLAs) <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/cla>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
- `Maintainers' Guidelines and
|
2018-04-03 18:20:43 +02:00
|
|
|
Agreement <https://www.oasis-open.org/resources/open-
|
|
|
|
repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Feedback
|
|
|
|
--------
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
Questions or comments about this TC Open Repository's activities
|
|
|
|
should be
|
|
|
|
composed as GitHub issues or comments. If use of an issue/comment is
|
|
|
|
not
|
2017-07-20 00:04:54 +02:00
|
|
|
possible or appropriate, questions may be directed by email to the
|
2017-07-20 15:45:39 +02:00
|
|
|
Maintainer(s) `listed above <#currentmaintainers>`__. Please send
|
2018-04-03 18:20:43 +02:00
|
|
|
general questions about TC Open Repository participation to OASIS
|
|
|
|
Staff at
|
2017-07-20 00:04:54 +02:00
|
|
|
repository-admin@oasis-open.org and any specific CLA-related questions
|
|
|
|
to repository-cla@oasis-open.org.
|
|
|
|
|
2018-04-04 11:48:32 +02:00
|
|
|
.. |Build_Status| image:: https://travis-ci.org/oasis-open/cti-python-stix2.svg?branch=master
|
2017-07-20 00:04:54 +02:00
|
|
|
:target: https://travis-ci.org/oasis-open/cti-python-stix2
|
2018-04-04 11:48:32 +02:00
|
|
|
.. |Coverage| image:: https://codecov.io/gh/oasis-open/cti-python-stix2/branch/master/graph/badge.svg
|
2017-07-20 00:04:54 +02:00
|
|
|
:target: https://codecov.io/gh/oasis-open/cti-python-stix2
|
2018-04-04 11:48:32 +02:00
|
|
|
.. |Version| image:: https://img.shields.io/pypi/v/stix2.svg?maxAge=3600
|
2017-09-21 14:28:31 +02:00
|
|
|
:target: https://pypi.python.org/pypi/stix2/
|