2019-09-30 19:55:07 +02:00
|
|
|
|Build_Status| |Coverage| |Version| |Downloads_Badge| |Documentation_Status|
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
cti-python-stix2
|
|
|
|
================
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This is an `OASIS TC Open Repository <https://www.oasis-open.org/resources/open-repositories/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
See the `Governance <#governance>`__ section for more information.
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This repository provides Python APIs for serializing and de-serializing STIX2
|
|
|
|
JSON content, along with higher-level APIs for common tasks, including data
|
|
|
|
markings, versioning, and for resolving STIX IDs across multiple data sources.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
For more information, see `the documentation <https://stix2.readthedocs.io/>`__ on ReadTheDocs.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Installation
|
|
|
|
------------
|
|
|
|
|
|
|
|
Install with `pip <https://pip.pypa.io/en/stable/>`__:
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: bash
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
$ pip install stix2
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2021-02-19 02:45:38 +01:00
|
|
|
Note: The library requires Python 3.6+.
|
|
|
|
|
2017-07-20 00:04:54 +02:00
|
|
|
Usage
|
|
|
|
-----
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
To create a STIX object, provide keyword arguments to the type's constructor.
|
|
|
|
Certain required attributes of all objects, such as ``type`` or ``id``, will
|
|
|
|
be set automatically if not provided as keyword arguments.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: python
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
from stix2 import Indicator
|
|
|
|
|
|
|
|
indicator = Indicator(name="File hash for malware variant",
|
2020-06-12 20:31:01 +02:00
|
|
|
indicator_types=["malicious-activity"],
|
|
|
|
pattern_type="stix",
|
2017-08-18 14:59:27 +02:00
|
|
|
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2021-04-02 17:18:08 +02:00
|
|
|
To parse a STIX JSON string into a Python STIX object, use ``parse()``. To serialize a STIX object, use ``serialize()``:
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
.. code-block:: python
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2017-10-02 19:22:07 +02:00
|
|
|
from stix2 import parse
|
|
|
|
|
|
|
|
indicator = parse("""{
|
|
|
|
"type": "indicator",
|
2018-07-26 15:00:20 +02:00
|
|
|
"spec_version": "2.1",
|
2017-10-02 19:22:07 +02:00
|
|
|
"id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",
|
|
|
|
"created": "2017-09-26T23:33:39.829Z",
|
|
|
|
"modified": "2017-09-26T23:33:39.829Z",
|
2018-07-26 15:00:20 +02:00
|
|
|
"name": "File hash for malware variant",
|
|
|
|
"indicator_types": [
|
2017-10-02 19:22:07 +02:00
|
|
|
"malicious-activity"
|
|
|
|
],
|
2019-11-25 19:05:42 +01:00
|
|
|
"pattern_type": "stix",
|
2020-06-26 22:22:50 +02:00
|
|
|
"pattern_version": "2.1",
|
2018-06-13 07:34:27 +02:00
|
|
|
"pattern": "[file:hashes.md5 ='d41d8cd98f00b204e9800998ecf8427e']",
|
2017-10-02 19:22:07 +02:00
|
|
|
"valid_from": "2017-09-26T23:33:39.829952Z"
|
|
|
|
}""")
|
2018-07-13 17:02:29 +02:00
|
|
|
|
2021-04-02 17:18:46 +02:00
|
|
|
print(indicator.serialize(pretty=True))
|
2017-10-02 19:22:07 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
For more in-depth documentation, please see `https://stix2.readthedocs.io/ <https://stix2.readthedocs.io/>`__.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2020-07-01 16:23:30 +02:00
|
|
|
STIX 2 Technical Specification Support
|
|
|
|
--------------------------------------
|
|
|
|
|
2021-08-31 02:58:21 +02:00
|
|
|
This version of cti-python-stix2 brings support to `STIX Version 2.1 <https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html>`__
|
|
|
|
published on 10 June 2021 currently at the Committee Specification (CS) 03 level, also know as the "OASIS Standard".
|
2020-07-01 16:23:30 +02:00
|
|
|
|
2020-07-01 21:05:42 +02:00
|
|
|
The stix2 Python library supports multiple versions of the STIX 2 Technical
|
|
|
|
Specification. The library will be updated to support new Committee
|
|
|
|
Specification Drafts (CSDs) as they are released, but modules for these
|
|
|
|
versions must be imported manually until the CSD reaches CS level. In new
|
|
|
|
major releases of stix2 the ``import stix2`` implicit import statement
|
2020-07-01 16:23:30 +02:00
|
|
|
will be updated to automatically load the STIX Objects equivalent to the most
|
2020-07-01 21:05:42 +02:00
|
|
|
recently supported CS. Please see the `library documentation <https://stix2.readthedocs.io/en/latest/guide/ts_support.html>`__
|
|
|
|
for details.
|
2017-11-02 12:48:37 +01:00
|
|
|
|
2017-07-20 00:04:54 +02:00
|
|
|
Governance
|
|
|
|
----------
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
This GitHub public repository (**https://github.com/oasis-open/cti-python-stix2**) was
|
|
|
|
`proposed <https://lists.oasis-open.org/archives/cti/201702/msg00008.html>`__ and
|
|
|
|
`approved <https://www.oasis-open.org/committees/download.php/60009/>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
[`bis <https://issues.oasis-open.org/browse/TCADMIN-2549>`__] by the
|
2018-07-13 17:02:29 +02:00
|
|
|
`OASIS Cyber Threat Intelligence (CTI) TC <https://www.oasis-open.org/committees/cti/>`__
|
|
|
|
as an `OASIS TC Open Repository <https://www.oasis-open.org/resources/open-repositories/>`__
|
|
|
|
to support development of open source resources related to Technical Committee work.
|
|
|
|
|
|
|
|
While this TC Open Repository remains associated with the sponsor TC, its
|
|
|
|
development priorities, leadership, intellectual property terms, participation
|
|
|
|
rules, and other matters of governance are `separate and distinct
|
|
|
|
<https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#governance-distinct-from-oasis-tc-process>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
from the OASIS TC Process and related policies.
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
All contributions made to this TC Open Repository are subject to open
|
2018-07-13 17:02:29 +02:00
|
|
|
source license terms expressed in the `BSD-3-Clause License <https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt>`__.
|
|
|
|
That license was selected as the declared `"Applicable License" <https://www.oasis-open.org/resources/open-repositories/licenses>`__
|
2018-04-03 18:20:43 +02:00
|
|
|
when the TC Open Repository was created.
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
As documented in `"Public Participation Invited
|
|
|
|
<https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#public-participation-invited>`__",
|
|
|
|
contributions to this OASIS TC Open Repository are invited from all parties,
|
|
|
|
whether affiliated with OASIS or not. Participants must have a GitHub account,
|
|
|
|
but no fees or OASIS membership obligations are required. Participation is
|
|
|
|
expected to be consistent with the `OASIS TC Open Repository Guidelines and Procedures
|
|
|
|
<https://www.oasis-open.org/policies-guidelines/open-repositories>`__,
|
|
|
|
the open source `LICENSE <https://github.com/oasis-open/cti-python-stix2/blob/master/LICENSE>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
designated for this particular repository, and the requirement for an
|
2018-07-13 17:02:29 +02:00
|
|
|
`Individual Contributor License Agreement <https://www.oasis-open.org/resources/open-repositories/cla/individual-cla>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
that governs intellectual property.
|
|
|
|
|
|
|
|
Maintainers
|
|
|
|
~~~~~~~~~~~
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
TC Open Repository `Maintainers <https://www.oasis-open.org/resources/open-repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
are responsible for oversight of this project's community development
|
2018-07-13 17:02:29 +02:00
|
|
|
activities, including evaluation of GitHub
|
|
|
|
`pull requests <https://github.com/oasis-open/cti-python-stix2/blob/master/CONTRIBUTING.md#fork-and-pull-collaboration-model>`__
|
|
|
|
and `preserving <https://www.oasis-open.org/policies-guidelines/open-repositories#repositoryManagement>`__
|
|
|
|
open source principles of openness and fairness. Maintainers are recognized
|
|
|
|
and trusted experts who serve to implement community goals and consensus design
|
|
|
|
preferences.
|
|
|
|
|
|
|
|
Initially, the associated TC members have designated one or more persons to
|
|
|
|
serve as Maintainer(s); subsequently, participating community members may
|
|
|
|
select additional or substitute Maintainers, per `consensus agreements
|
|
|
|
<https://www.oasis-open.org/resources/open-repositories/maintainers-guide#additionalMaintainers>`__.
|
|
|
|
|
|
|
|
.. _currentmaintainers:
|
2017-07-20 15:45:39 +02:00
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
**Current Maintainers of this TC Open Repository**
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2019-07-25 14:43:36 +02:00
|
|
|
- `Jason Keirstead <mailto:Jason.Keirstead@ca.ibm.com>`__; GitHub ID:
|
|
|
|
https://github.com/JasonKeirstead; WWW: `IBM <http://www.ibm.com/>`__
|
2018-11-16 21:18:55 +01:00
|
|
|
|
2022-07-13 21:10:48 +02:00
|
|
|
- `Emily Ratliff <mailto:Emily.Ratliff@ibm.com>`__; GitHub ID:
|
|
|
|
https://github.com/ejratl; WWW: `IBM <http://www.ibm.com/>`__
|
|
|
|
|
|
|
|
- `Duncan Sparrell <mailto:duncan@sfractal.com>`__; GitHub ID:
|
|
|
|
https://github.com/sparrell; WWW: `sFractal <http://sfractal.com/>`__
|
|
|
|
|
2018-04-03 18:20:43 +02:00
|
|
|
About OASIS TC Open Repositories
|
2018-04-16 21:47:25 +02:00
|
|
|
--------------------------------
|
2017-07-20 00:04:54 +02:00
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
- `TC Open Repositories: Overview and Resources <https://www.oasis-open.org/resources/open-repositories/>`__
|
|
|
|
- `Frequently Asked Questions <https://www.oasis-open.org/resources/open-repositories/faq>`__
|
|
|
|
- `Open Source Licenses <https://www.oasis-open.org/resources/open-repositories/licenses>`__
|
|
|
|
- `Contributor License Agreements (CLAs) <https://www.oasis-open.org/resources/open-repositories/cla>`__
|
|
|
|
- `Maintainers' Guidelines and Agreement <https://www.oasis-open.org/resources/open-repositories/maintainers-guide>`__
|
2017-07-20 00:04:54 +02:00
|
|
|
|
|
|
|
Feedback
|
|
|
|
--------
|
|
|
|
|
2018-07-13 17:02:29 +02:00
|
|
|
Questions or comments about this TC Open Repository's activities should be
|
|
|
|
composed as GitHub issues or comments. If use of an issue/comment is not
|
2017-07-20 00:04:54 +02:00
|
|
|
possible or appropriate, questions may be directed by email to the
|
2018-07-13 17:02:29 +02:00
|
|
|
Maintainer(s) `listed above <#currentmaintainers>`__. Please send general
|
|
|
|
questions about TC Open Repository participation to OASIS Staff at
|
2017-07-20 00:04:54 +02:00
|
|
|
repository-admin@oasis-open.org and any specific CLA-related questions
|
|
|
|
to repository-cla@oasis-open.org.
|
|
|
|
|
2021-01-13 23:20:21 +01:00
|
|
|
.. |Build_Status| image:: https://github.com/oasis-open/cti-python-stix2/workflows/cti-python-stix2%20test%20harness/badge.svg
|
|
|
|
:target: https://github.com/oasis-open/cti-python-stix2/actions?query=workflow%3A%22cti-python-stix2+test+harness%22
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Build Status
|
2017-09-21 14:28:31 +02:00
|
|
|
.. |Coverage| image:: https://codecov.io/gh/oasis-open/cti-python-stix2/branch/master/graph/badge.svg
|
2017-07-20 00:04:54 +02:00
|
|
|
:target: https://codecov.io/gh/oasis-open/cti-python-stix2
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Coverage
|
2017-09-21 14:28:31 +02:00
|
|
|
.. |Version| image:: https://img.shields.io/pypi/v/stix2.svg?maxAge=3600
|
|
|
|
:target: https://pypi.python.org/pypi/stix2/
|
2018-11-28 15:31:17 +01:00
|
|
|
:alt: Version
|
|
|
|
.. |Downloads_Badge| image:: https://img.shields.io/pypi/dm/stix2.svg?maxAge=3600
|
|
|
|
:target: https://pypi.python.org/pypi/stix2/
|
|
|
|
:alt: Downloads
|
2019-09-30 19:55:07 +02:00
|
|
|
.. |Documentation_Status| image:: https://readthedocs.org/projects/stix2/badge/?version=latest
|
|
|
|
:target: https://stix2.readthedocs.io/en/latest/?badge=latest
|
|
|
|
:alt: Documentation Status
|