cti-python-stix2/examples/taxii_example.py

41 lines
1.5 KiB
Python
Raw Normal View History

2018-04-23 21:22:38 +02:00
from taxii2client import Collection
2017-06-01 23:17:03 +02:00
2018-04-23 21:22:38 +02:00
import stix2
2017-05-24 17:25:40 +02:00
2018-04-23 21:22:38 +02:00
# This example is based on the medallion server with default_data.json
# See https://github.com/oasis-open/cti-taxii-server for more information
2017-05-24 17:25:40 +02:00
def main():
2018-04-23 21:22:38 +02:00
collection = Collection("http://127.0.0.1:5000/trustgroup1/collections/52892447-4d7e-4f70-b94d-d7f22742ff63/",
user="admin", password="Password0")
2017-05-24 17:25:40 +02:00
# instantiate TAXII data source
2018-04-23 21:22:38 +02:00
taxii = stix2.TAXIICollectionSource(collection)
2017-05-24 17:25:40 +02:00
2018-04-23 21:22:38 +02:00
# get (url watch indicator)
indicator_fw = taxii.get("indicator--00000000-0000-4000-8000-000000000001")
2017-05-24 17:25:40 +02:00
print("\n\n-------Queried for Indicator - got:")
2018-04-23 21:22:38 +02:00
print(indicator_fw.serialize(indent=4))
2017-05-24 17:25:40 +02:00
2018-04-23 21:22:38 +02:00
# all versions (url watch indicator - currently two)
indicator_fw_versions = taxii.all_versions("indicator--00000000-0000-4000-8000-000000000001")
2017-05-24 17:25:40 +02:00
print("\n\n------Queried for indicator (all_versions()) - got:")
2018-04-23 21:22:38 +02:00
for indicator in indicator_fw_versions:
print(indicator.serialize(indent=4))
2017-05-24 17:25:40 +02:00
# add TAXII filter (ie filter should be passed to TAXII)
2018-04-23 21:22:38 +02:00
query_filter = stix2.Filter("type", "in", "malware")
2017-05-24 17:25:40 +02:00
2018-04-23 21:22:38 +02:00
# query() - but with filter attached. There are no malware objects in this collection
malwares = taxii.query(query=query_filter)
print("\n\n\n--------Queried for Malware string (with above filter attached) - got:")
for malware in malwares:
print(malware.serialize(indent=4))
if not malwares:
print(malwares)
2017-05-24 17:25:40 +02:00
if __name__ == "__main__":
main()