update to guide to match Filter code changes
=
parent
4af665bf81
commit
6bfa516604
|
|
@ -101,7 +101,7 @@
|
||||||
"* revoked\n",
|
"* revoked\n",
|
||||||
"* type\n",
|
"* type\n",
|
||||||
"\n",
|
"\n",
|
||||||
"(TAXII2)\n",
|
"(TAXII2 filter fields)\n",
|
||||||
"\n",
|
"\n",
|
||||||
"* added_after\n",
|
"* added_after\n",
|
||||||
"* match[id]\n",
|
"* match[id]\n",
|
||||||
|
|
@ -133,7 +133,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"execution_count": 2,
|
"execution_count": 1,
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"collapsed": true
|
"collapsed": true
|
||||||
},
|
},
|
||||||
|
|
@ -168,9 +168,7 @@
|
||||||
{
|
{
|
||||||
"cell_type": "code",
|
"cell_type": "code",
|
||||||
"execution_count": 3,
|
"execution_count": 3,
|
||||||
"metadata": {
|
"metadata": {},
|
||||||
"collapsed": true
|
|
||||||
},
|
|
||||||
"outputs": [],
|
"outputs": [],
|
||||||
"source": [
|
"source": [
|
||||||
"from stix2 import MemoryStore, FileSystemStore, FileSystemSource\n",
|
"from stix2 import MemoryStore, FileSystemStore, FileSystemSource\n",
|
||||||
|
|
@ -193,7 +191,7 @@
|
||||||
"\n",
|
"\n",
|
||||||
"# As it is impractical to only use MemorySink or MemorySource,\n",
|
"# As it is impractical to only use MemorySink or MemorySource,\n",
|
||||||
"# attach a filter to a MemoryStore\n",
|
"# attach a filter to a MemoryStore\n",
|
||||||
"mem.source.filter.add(f)\n",
|
"mem.source.filters.add(f)\n",
|
||||||
"\n",
|
"\n",
|
||||||
"# attach multiple filters to a MemoryStore\n",
|
"# attach multiple filters to a MemoryStore\n",
|
||||||
"mem.source.filters.update([f1,f2])"
|
"mem.source.filters.update([f1,f2])"
|
||||||
|
|
|
||||||
|
|
@ -51,15 +51,15 @@
|
||||||
"text": [
|
"text": [
|
||||||
"{\n",
|
"{\n",
|
||||||
" \"type\": \"indicator\",\n",
|
" \"type\": \"indicator\",\n",
|
||||||
" \"id\": \"indicator--340e9e90-80f7-4587-a1cb-172af51356e3\",\n",
|
" \"id\": \"indicator--d91ef175-8a82-470a-a610-bbd2ee8a1516\",\n",
|
||||||
" \"created\": \"2017-09-24T19:32:32.257Z\",\n",
|
" \"created\": \"2017-09-29T19:52:16.930Z\",\n",
|
||||||
" \"modified\": \"2017-09-24T19:32:32.257Z\",\n",
|
" \"modified\": \"2017-09-29T19:52:16.930Z\",\n",
|
||||||
" \"labels\": [\n",
|
" \"labels\": [\n",
|
||||||
" \"malicious-activity\"\n",
|
" \"malicious-activity\"\n",
|
||||||
" ],\n",
|
" ],\n",
|
||||||
" \"description\": \"Crusades C2 implant\",\n",
|
" \"description\": \"Crusades C2 implant\",\n",
|
||||||
" \"pattern\": \"[file:hashes.'SHA-256' = '54b7e05e39a59428743635242e4a867c932140a999f52a1e54fa7ee6a440c73b']\",\n",
|
" \"pattern\": \"[file:hashes.'SHA-256' = '54b7e05e39a59428743635242e4a867c932140a999f52a1e54fa7ee6a440c73b']\",\n",
|
||||||
" \"valid_from\": \"2017-09-24T19:32:32.257186Z\"\n",
|
" \"valid_from\": \"2017-09-29T19:52:16.930909Z\"\n",
|
||||||
"}\n"
|
"}\n"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -92,15 +92,15 @@
|
||||||
"text": [
|
"text": [
|
||||||
"{\n",
|
"{\n",
|
||||||
" \"type\": \"indicator\",\n",
|
" \"type\": \"indicator\",\n",
|
||||||
" \"id\": \"indicator--8f6df0be-6ada-4e2f-b711-886f355b3628\",\n",
|
" \"id\": \"indicator--79fdaad7-c461-49bb-ad1d-caa5e9c51c90\",\n",
|
||||||
" \"created\": \"2017-09-24T19:32:32.359Z\",\n",
|
" \"created\": \"2017-09-29T19:52:17.021Z\",\n",
|
||||||
" \"modified\": \"2017-09-24T19:32:32.359Z\",\n",
|
" \"modified\": \"2017-09-29T19:52:17.021Z\",\n",
|
||||||
" \"labels\": [\n",
|
" \"labels\": [\n",
|
||||||
" \"malicious-activity\"\n",
|
" \"malicious-activity\"\n",
|
||||||
" ],\n",
|
" ],\n",
|
||||||
" \"description\": \"Crusades stage 2 implant variant\",\n",
|
" \"description\": \"Crusades stage 2 implant variant\",\n",
|
||||||
" \"pattern\": \"[file:hashes.'SHA-256' = '31a45e777e4d58b97f4c43e38006f8cd6580ddabc4037905b2fad734712b582c']\",\n",
|
" \"pattern\": \"[file:hashes.'SHA-256' = '31a45e777e4d58b97f4c43e38006f8cd6580ddabc4037905b2fad734712b582c']\",\n",
|
||||||
" \"valid_from\": \"2017-09-24T19:32:32.359374Z\"\n",
|
" \"valid_from\": \"2017-09-29T19:52:17.021728Z\"\n",
|
||||||
"}\n"
|
"}\n"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
@ -132,19 +132,19 @@
|
||||||
"name": "stdout",
|
"name": "stdout",
|
||||||
"output_type": "stream",
|
"output_type": "stream",
|
||||||
"text": [
|
"text": [
|
||||||
|
"-----------------------\n",
|
||||||
|
"{'name': 'Urban2', 'created': '2017-09-12T13:26:18.023Z', 'labels': ['rootkit'], 'modified': '2017-09-12T13:26:18.023Z', 'type': 'malware', 'id': 'malware--2daa14d6-cbf3-4308-bb8e-226d324a08e4'}\n",
|
||||||
"-----------------------\n",
|
"-----------------------\n",
|
||||||
"{\n",
|
"{\n",
|
||||||
" \"type\": \"malware\",\n",
|
" \"type\": \"malware\",\n",
|
||||||
" \"id\": \"malware--b14b7ae7-5738-46db-bf8d-aec4ddd7c38c\",\n",
|
" \"id\": \"malware--2b3dd412-18a5-4e81-8742-4977068eb3eb\",\n",
|
||||||
" \"created\": \"2017-09-24T19:32:32.367Z\",\n",
|
" \"created\": \"2017-09-29T19:52:17.028Z\",\n",
|
||||||
" \"modified\": \"2017-09-24T19:32:32.367Z\",\n",
|
" \"modified\": \"2017-09-29T19:52:17.028Z\",\n",
|
||||||
" \"name\": \"Alexios\",\n",
|
" \"name\": \"Alexios\",\n",
|
||||||
" \"labels\": [\n",
|
" \"labels\": [\n",
|
||||||
" \"rootkit\"\n",
|
" \"rootkit\"\n",
|
||||||
" ]\n",
|
" ]\n",
|
||||||
"}\n",
|
"}\n"
|
||||||
"-----------------------\n",
|
|
||||||
"{'name': 'Urban2', 'created': '2017-09-12T13:26:18.023Z', 'labels': ['rootkit'], 'modified': '2017-09-12T13:26:18.023Z', 'type': 'malware', 'id': 'malware--2daa14d6-cbf3-4308-bb8e-226d324a08e4'}\n"
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue