164 lines
4.4 KiB
Plaintext
164 lines
4.4 KiB
Plaintext
|
{
|
|||
|
|
"cells": [
|
|||
|
|
{
|
|||
|
|
"cell_type": "code",
|
|||
|
|
"execution_count": 5,
|
|||
|
|
"metadata": {
|
|||
|
|
"collapsed": true,
|
|||
|
|
"nbsphinx": "hidden"
|
|||
|
|
},
|
|||
|
|
"outputs": [],
|
|||
|
|
"source": [
|
|||
|
|
"# Delete this cell to re-enable tracebacks\n",
|
|||
|
|
"import sys\n",
|
|||
|
|
"ipython = get_ipython()\n",
|
|||
|
|
"\n",
|
|||
|
|
"def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
|
|||
|
|
" exception_only=False, running_compiled_code=False):\n",
|
|||
|
|
" etype, value, tb = sys.exc_info()\n",
|
|||
|
|
" return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
|
|||
|
|
"\n",
|
|||
|
|
"ipython.showtraceback = hide_traceback"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "markdown",
|
|||
|
|
"metadata": {},
|
|||
|
|
"source": [
|
|||
|
|
"## Versioning"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "markdown",
|
|||
|
|
"metadata": {},
|
|||
|
|
"source": [
|
|||
|
|
"To create a new version of an existing object, specify the property(ies) you want to change and their new values:"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "code",
|
|||
|
|
"execution_count": 6,
|
|||
|
|
"metadata": {},
|
|||
|
|
"outputs": [
|
|||
|
|
{
|
|||
|
|
"name": "stdout",
|
|||
|
|
"output_type": "stream",
|
|||
|
|
"text": [
|
|||
|
|
"{\n",
|
|||
|
|
" \"type\": \"indicator\",\n",
|
|||
|
|
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
|
|||
|
|
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
|
|||
|
|
" \"modified\": \"2017-09-14T16:59:28.100Z\",\n",
|
|||
|
|
" \"labels\": [\n",
|
|||
|
|
" \"malicious-activity\"\n",
|
|||
|
|
" ],\n",
|
|||
|
|
" \"name\": \"File hash for Foobar malware\",\n",
|
|||
|
|
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
|
|||
|
|
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\"\n",
|
|||
|
|
"}\n"
|
|||
|
|
]
|
|||
|
|
}
|
|||
|
|
],
|
|||
|
|
"source": [
|
|||
|
|
"from stix2 import Indicator\n",
|
|||
|
|
"\n",
|
|||
|
|
"indicator = Indicator(created=\"2016-01-01T08:00:00.000Z\",\n",
|
|||
|
|
" name=\"File hash for suspicious file\",\n",
|
|||
|
|
" labels=[\"anomalous-activity\"],\n",
|
|||
|
|
" pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
|
|||
|
|
"\n",
|
|||
|
|
"indicator2 = indicator.new_version(name=\"File hash for Foobar malware\",\n",
|
|||
|
|
" labels=[\"malicious-activity\"])\n",
|
|||
|
|
"print(indicator2)"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "markdown",
|
|||
|
|
"metadata": {},
|
|||
|
|
"source": [
|
|||
|
|
"The modified time will be updated to the current time unless you provide a specific value as a keyword argument. Note that you can’t change the type, id, or created properties."
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "code",
|
|||
|
|
"execution_count": 3,
|
|||
|
|
"metadata": {
|
|||
|
|
"scrolled": true
|
|||
|
|
},
|
|||
|
|
"outputs": [
|
|||
|
|
{
|
|||
|
|
"ename": "UnmodifiablePropertyError",
|
|||
|
|
"evalue": "These properties cannot be changed when making a new version: id.",
|
|||
|
|
"output_type": "error",
|
|||
|
|
"traceback": [
|
|||
|
|
"\u001b[0;31mUnmodifiablePropertyError\u001b[0m\u001b[0;31m:\u001b[0m These properties cannot be changed when making a new version: id.\n"
|
|||
|
|
]
|
|||
|
|
}
|
|||
|
|
],
|
|||
|
|
"source": [
|
|||
|
|
"indicator.new_version(id=\"indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21\")"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "markdown",
|
|||
|
|
"metadata": {
|
|||
|
|
"collapsed": true
|
|||
|
|
},
|
|||
|
|
"source": [
|
|||
|
|
"To revoke an object:"
|
|||
|
|
]
|
|||
|
|
},
|
|||
|
|
{
|
|||
|
|
"cell_type": "code",
|
|||
|
|
"execution_count": 9,
|
|||
|
|
"metadata": {},
|
|||
|
|
"outputs": [
|
|||
|
|
{
|
|||
|
|
"name": "stdout",
|
|||
|
|
"output_type": "stream",
|
|||
|
|
"text": [
|
|||
|
|
"{\n",
|
|||
|
|
" \"type\": \"indicator\",\n",
|
|||
|
|
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
|
|||
|
|
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
|
|||
|
|
" \"modified\": \"2017-09-14T17:03:31.222Z\",\n",
|
|||
|
|
" \"labels\": [\n",
|
|||
|
|
" \"malicious-activity\"\n",
|
|||
|
|
" ],\n",
|
|||
|
|
" \"name\": \"File hash for Foobar malware\",\n",
|
|||
|
|
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
|
|||
|
|
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\",\n",
|
|||
|
|
" \"revoked\": true\n",
|
|||
|
|
"}\n"
|
|||
|
|
]
|
|||
|
|
}
|
|||
|
|
],
|
|||
|
|
"source": [
|
|||
|
|
"indicator2 = indicator2.revoke()\n",
|
|||
|
|
"print(indicator2)"
|
|||
|
|
]
|
|||
|
|
}
|
|||
|
|
],
|
|||
|
|
"metadata": {
|
|||
|
|
"kernelspec": {
|
|||
|
|
"display_name": "Python 2",
|
|||
|
|
"language": "python",
|
|||
|
|
"name": "python2"
|
|||
|
|
},
|
|||
|
|
"language_info": {
|
|||
|
|
"codemirror_mode": {
|
|||
|
|
"name": "ipython",
|
|||
|
|
"version": 2
|
|||
|
|
},
|
|||
|
|
"file_extension": ".py",
|
|||
|
|
"mimetype": "text/x-python",
|
|||
|
|
"name": "python",
|
|||
|
|
"nbconvert_exporter": "python",
|
|||
|
|
"pygments_lexer": "ipython2",
|
|||
|
|
"version": "2.7.12"
|
|||
|
|
}
|
|||
|
|
},
|
|||
|
|
"nbformat": 4,
|
|||
|
|
"nbformat_minor": 2
|
|||
|
|
}
|