MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update Indicator example to 2.1 representation.

stix2.1
Emmanuelle Vargas-Gonzalez 2018-07-26 09:00:20 -04:00
parent 211b8d8cee
commit 120e897e9b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.rst
View File

@ -33,7 +33,7 @@ be set automatically if not provided as keyword arguments.
from stix2 import Indicator from stix2 import Indicator
indicator = Indicator(name="File hash for malware variant", indicator = Indicator(name="File hash for malware variant",
labels=["malicious-activity"], indicator_types=["malicious-activity"],
pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']") pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']")
To parse a STIX JSON string into a Python STIX object, use ``parse()``: To parse a STIX JSON string into a Python STIX object, use ``parse()``:
@ -44,13 +44,14 @@ To parse a STIX JSON string into a Python STIX object, use ``parse()``:
indicator = parse("""{ indicator = parse("""{
"type": "indicator", "type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394", "id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",
"created": "2017-09-26T23:33:39.829Z", "created": "2017-09-26T23:33:39.829Z",
"modified": "2017-09-26T23:33:39.829Z", "modified": "2017-09-26T23:33:39.829Z",
"labels": [ "name": "File hash for malware variant",
"indicator_types": [
"malicious-activity" "malicious-activity"
], ],
"name": "File hash for malware variant",
"pattern": "[file:hashes.md5 ='d41d8cd98f00b204e9800998ecf8427e']", "pattern": "[file:hashes.md5 ='d41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-09-26T23:33:39.829952Z" "valid_from": "2017-09-26T23:33:39.829952Z"
}""") }""")