2019-09-30 19:55:07 +02:00
|
|
|
|Build_Status| |Coverage| |Version| |Downloads_Badge| |Documentation_Status|
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
cti-python-stix2
|
|
|
|
================
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This is an `OASIS TC Open Repository <https://www.oasis-open.org/resources/open-repositories/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
See the `Governance <#governance>`__ section for more information.
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This repository provides Python APIs for serializing and de-serializing STIX2
|
|
|
|
JSON content, along with higher-level APIs for common tasks, including data
|
|
|
|
markings, versioning, and for resolving STIX IDs across multiple data sources.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
For more information, see `the documentation <https://stix2.readthedocs.io/>`__ on ReadTheDocs.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
|
|
|
Install with `pip <https://pip.pypa.io/en/stable/>`__:
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: bash
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
$ pip install stix2
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
To create a STIX object, provide keyword arguments to the type's constructor.
|
|
|
|
Certain required attributes of all objects, such as ``type`` or ``id``, will
|
|
|
|
be set automatically if not provided as keyword arguments.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: python
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
from stix2 import Indicator
|
|
|
|
|
|
|
|
indicator = Indicator(name="File hash for malware variant",
|
2020-06-12 20:31:01 +02:00
|
|
|
indicator_types=["malicious-activity"],
|
|
|
|
pattern_type="stix",
|
2017-08-18 14:59:27 +02:00
|
|
|
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
To parse a STIX JSON string into a Python STIX object, use ``parse()``:
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: python
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2017-10-02 19:22:07 +02:00
|
|
|
from stix2 import parse
|
|
|
|
|
|
|
|
indicator = parse("""{
|
|
|
|
"type": "indicator",
|
2018-07-26 15:00:20 +02:00
|
|
|
"spec_version": "2.1",
|
2017-10-02 19:22:07 +02:00
|
|
|
"id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",
|
|
|
|
"created": "2017-09-26T23:33:39.829Z",
|
|
|
|
"modified": "2017-09-26T23:33:39.829Z",
|
2018-07-26 15:00:20 +02:00
|
|
|
"name": "File hash for malware variant",
|
|
|
|
"indicator_types": [
|
2017-10-02 19:22:07 +02:00
|
|
|
"malicious-activity"
|
|
|
|
],
|
2019-11-25 19:05:42 +01:00
|
|
|
"pattern_type": "stix",
|
2020-06-26 22:22:50 +02:00
|
|
|
"pattern_version": "2.1",
|
2018-06-13 07:34:27 +02:00
|
|
|
"pattern": "[file:hashes.md5 ='d41d8cd98f00b204e9800998ecf8427e']",
|
2017-10-02 19:22:07 +02:00
|
|
|
"valid_from": "2017-09-26T23:33:39.829952Z"
|
|
|
|
}""")
|
2018-07-13 17:02:29 +02:00
|
|
|
|
2017-10-02 19:22:07 +02:00
|
|
|
print(indicator)
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
For more in-depth documentation, please see `https://stix2.readthedocs.io/ <https://stix2.readthedocs.io/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2017-11-02 12:48:37 +01:00
|
|
|
STIX 2.X Technical Specification Support
|
|
|
|
----------------------------------------
|
|
|
|
|
2018-11-01 14:21:02 +01:00
|
|
|
This version of python-stix2 brings initial support to STIX 2.1 currently at the
|
|
|
|
CSD level. The intention is to help debug components of the library and also
|
|
|
|
check for problems that should be fixed in the specification.
|
|
|
|
|
|
|
|
The `stix2` Python library is built to support multiple versions of the STIX
|
2017-11-02 12:48:37 +01:00
|
|
|
Technical Specification. With every major release of stix2 the ``import stix2``
|
|
|
|
statement will automatically load the SDO/SROs equivalent to the most recent
|
2018-11-01 14:21:02 +01:00
|
|
|
supported 2.X Committee Specification. Please see the library documentation for
|
|
|
|
more details.
|
2017-11-02 12:48:37 +01:00
|
|
|
|
2017-07-20 00:04:54 +02:00
|
|
|
Governance
|
|
|
|
----------
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This GitHub public repository (**https://github.com/oasis-open/cti-python-stix2**) was
|
|
|
|
`proposed <https://lists.oasis-open.org/archives/cti/201702/msg00008.html>`__ and
|
|
|
|
`approved <https://www.oasis-open.org/committees/download.php/60009/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
[`bis <https://issues.oasis-open.org/browse/TCADMIN-2549>`__] by the
|
2018-07-13 17:02:29 +02:00
|
|
|
`OASIS Cyber Threat Intelligence (CTI) TC <https://www.oasis-open.org/committees/cti/>`__
|
|
|
|
as an `OASIS TC Open Repository <https://www.oasis-open.org/resources/open-repositories/>`__
|
|
|
|
to support development of open source resources related to Technical Committee work.
|
|
|
|
|
|
|
|
While this TC Open Repository remains associated with the sponsor TC, its
|
|
|
|
development priorities, leadership, intellectual property terms, participation
|
|
|
|
rules, and other matters of governance are `separate and distinct
|
|
|
|
<https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#governance-distinct-from-oasis-tc-process>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
from the OASIS TC Process and related policies.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
All contributions made to this TC Open Repository are subject to open
|
2018-07-13 17:02:29 +02:00
|
|
|
source license terms expressed in the `BSD-3-Clause License <https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt>`__.
|
|
|
|
That license was selected as the declared `"Applicable License" <https://www.oasis-open.org/resources/open-repositories/licenses>`__
|
2018-04-03 18:20:43 +02:00
|
|
|
when the TC Open Repository was created.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
As documented in `"Public Participation Invited
|
|
|
|
<https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#public-participation-invited>`__",
|
|
|
|
contributions to this OASIS TC Open Repository are invited from all parties,
|
|
|
|
whether affiliated with OASIS or not. Participants must have a GitHub account,
|
|
|
|
but no fees or OASIS membership obligations are required. Participation is
|
|
|
|
expected to be consistent with the `OASIS TC Open Repository Guidelines and Procedures
|
|
|
|
<https://www.oasis-open.org/policies-guidelines/open-repositories>`__,
|
|
|
|
the open source `LICENSE <https://github.com/oasis-open/cti-python-stix2/blob/master/LICENSE>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
designated for this particular repository, and the requirement for an
|
2018-07-13 17:02:29 +02:00
|
|
|
`Individual Contributor License Agreement <https://www.oasis-open.org/resources/open-repositories/cla/individual-cla>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
that governs intellectual property.
|
|
|
|
|
|
|
|
Maintainers
|
|
|
|
~~~~~~~~~~~
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
TC Open Repository `Maintainers <https://www.oasis-open.org/resources/open-repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
are responsible for oversight of this project's community development
|
2018-07-13 17:02:29 +02:00
|
|
|
activities, including evaluation of GitHub
|
|
|
|
`pull requests <https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#fork-and-pull-collaboration-model>`__
|
|
|
|
and `preserving <https://www.oasis-open.org/policies-guidelines/open-repositories#repositoryManagement>`__
|
|
|
|
open source principles of openness and fairness. Maintainers are recognized
|
|
|
|
and trusted experts who serve to implement community goals and consensus design
|
|
|
|
preferences.
|
|
|
|
|
|
|
|
Initially, the associated TC members have designated one or more persons to
|
|
|
|
serve as Maintainer(s); subsequently, participating community members may
|
|
|
|
select additional or substitute Maintainers, per `consensus agreements
|
|
|
|
<https://www.oasis-open.org/resources/open-repositories/maintainers-guide#additionalMaintainers>`__.
|
|
|
|
|
|
|
|
.. _currentmaintainers:
|
2017-07-20 15:45:39 +02:00
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
**Current Maintainers of this TC Open Repository**
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
- `Chris Lenk <mailto:clenk@mitre.org>`__; GitHub ID:
|
2018-07-13 17:02:29 +02:00
|
|
|
https://github.com/clenk/; WWW: `MITRE Corporation <http://www.mitre.org/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-11-16 21:18:55 +01:00
|
|
|
- `Emmanuelle Vargas-Gonzalez <mailto:emmanuelle@mitre.org>`__; GitHub ID:
|
|
|
|
https://github.com/emmanvg/; WWW: `MITRE
|
|
|
|
Corporation <https://www.mitre.org/>`__
|
2019-07-25 20:33:02 +02:00
|
|
|
|
2019-07-25 14:43:36 +02:00
|
|
|
- `Jason Keirstead <mailto:Jason.Keirstead@ca.ibm.com>`__; GitHub ID:
|
|
|
|
https://github.com/JasonKeirstead; WWW: `IBM <http://www.ibm.com/>`__
|
2018-11-16 21:18:55 +01:00
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
About OASIS TC Open Repositories
|
2018-04-16 21:47:25 +02:00
|
|
|
--------------------------------
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
- `TC Open Repositories: Overview and Resources <https://www.oasis-open.org/resources/open-repositories/>`__
|
|
|
|
- `Frequently Asked Questions <https://www.oasis-open.org/resources/open-repositories/faq>`__
|
|
|
|
- `Open Source Licenses <https://www.oasis-open.org/resources/open-repositories/licenses>`__
|
|
|
|
- `Contributor License Agreements (CLAs) <https://www.oasis-open.org/resources/open-repositories/cla>`__
|
|
|
|
- `Maintainers' Guidelines and Agreement <https://www.oasis-open.org/resources/open-repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Feedback
|
|
|
|
--------
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
Questions or comments about this TC Open Repository's activities should be
|
|
|
|
composed as GitHub issues or comments. If use of an issue/comment is not
|
2017-07-20 00:04:54 +02:00
|
|
|
possible or appropriate, questions may be directed by email to the
|
2018-07-13 17:02:29 +02:00
|
|
|
Maintainer(s) `listed above <#currentmaintainers>`__. Please send general
|
|
|
|
questions about TC Open Repository participation to OASIS Staff at
|
2017-07-20 00:04:54 +02:00
|
|
|
repository-admin@oasis-open.org and any specific CLA-related questions
|
|
|
|
to repository-cla@oasis-open.org.
|
|
|
|
|
2017-09-21 14:28:31 +02:00
|
|
|
.. |Build_Status| image:: https://travis-ci.org/oasis-open/cti-python-stix2.svg?branch=master
|
2017-07-20 00:04:54 +02:00
|
|
|
:target: https://travis-ci.org/oasis-open/cti-python-stix2
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Build Status
|
2017-09-21 14:28:31 +02:00
|
|
|
.. |Coverage| image:: https://codecov.io/gh/oasis-open/cti-python-stix2/branch/master/graph/badge.svg
|
2017-07-20 00:04:54 +02:00
|
|
|
:target: https://codecov.io/gh/oasis-open/cti-python-stix2
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Coverage
|
2017-09-21 14:28:31 +02:00
|
|
|
.. |Version| image:: https://img.shields.io/pypi/v/stix2.svg?maxAge=3600
|
|
|
|
:target: https://pypi.python.org/pypi/stix2/
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Version
|
|
|
|
.. |Downloads_Badge| image:: https://img.shields.io/pypi/dm/stix2.svg?maxAge=3600
|
|
|
|
:target: https://pypi.python.org/pypi/stix2/
|
|
|
|
:alt: Downloads
|
2019-09-30 19:55:07 +02:00
|
|
|
.. |Documentation_Status| image:: https://readthedocs.org/projects/stix2/badge/?version=latest
|
|
|
|
:target: https://stix2.readthedocs.io/en/latest/?badge=latest
|
|
|
|
:alt: Documentation Status
|