From 851ed3e85ad09538f46478de247bd681b83d8680 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Fri, 3 May 2019 15:41:58 -0400 Subject: [PATCH] marking-definition --- docs/guide/markings.ipynb | 135 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 131 insertions(+), 4 deletions(-) diff --git a/docs/guide/markings.ipynb b/docs/guide/markings.ipynb index 270bfcd..44e023a 100644 --- a/docs/guide/markings.ipynb +++ b/docs/guide/markings.ipynb @@ -1315,7 +1315,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "# Extracting lang Data Markings or marking-definition Data Markings\n", + "# Extracting Lang Data Markings or marking-definition Data Markings\n", "\n", "If you need a specific kind of marking, you can also filter them using the API. By default the library will get both types of markings by default. You can choose between `lang=True/False` or `marking_ref=True/False` depending on your use-case." ] @@ -1385,9 +1385,136 @@ " ]\n", ")\n", "print(v21_indicator)\n", - "print(v21_indicator.get_markings('description')) # Gets both lang and marking_ref markings for 'description'\n", - "print(v21_indicator.get_markings('description', lang=False)) # Exclude lang markings from results\n", - "print(v21_indicator.get_markings('description', marking_ref=False)) # Exclude marking-definition markings from results" + "\n", + "# Gets both lang and marking_ref markings for 'description'\n", + "print(v21_indicator.get_markings('description'))\n", + "\n", + "# Exclude lang markings from results\n", + "print(v21_indicator.get_markings('description', lang=False))\n", + "\n", + "# Exclude marking-definition markings from results\n", + "print(v21_indicator.get_markings('description', marking_ref=False))" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "In this same manner, calls to `clear_markings` and `set_markings` also have the ability to operate in for one or both types of markings." + ] + }, + { + "cell_type": "code", + "execution_count": 5, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{\n", + " \"type\": \"indicator\",\n", + " \"spec_version\": \"2.1\",\n", + " \"id\": \"indicator--a612665a-2df4-4fd2-851c-7fbb8c92339a\",\n", + " \"created\": \"2019-05-03T19:13:59.010Z\",\n", + " \"modified\": \"2019-05-03T19:15:41.173Z\",\n", + " \"description\": \"Una descripcion sobre este indicador\",\n", + " \"indicator_types\": [\n", + " \"malware\"\n", + " ],\n", + " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n", + " \"valid_from\": \"2019-05-03T19:13:59.010624Z\",\n", + " \"object_marking_refs\": [\n", + " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n", + " ]\n", + "}\n" + ] + } + ], + "source": [ + "print(v21_indicator.clear_markings(\"description\")) # By default, both types of markings will be removed" + ] + }, + { + "cell_type": "code", + "execution_count": 13, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{\n", + " \"type\": \"indicator\",\n", + " \"spec_version\": \"2.1\",\n", + " \"id\": \"indicator--982aeb4d-4dd3-4b04-aa50-a1d00c31986c\",\n", + " \"created\": \"2019-05-03T19:19:26.542Z\",\n", + " \"modified\": \"2019-05-03T19:20:51.818Z\",\n", + " \"description\": \"Una descripcion sobre este indicador\",\n", + " \"indicator_types\": [\n", + " \"malware\"\n", + " ],\n", + " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n", + " \"valid_from\": \"2019-05-03T19:19:26.542267Z\",\n", + " \"object_marking_refs\": [\n", + " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n", + " ],\n", + " \"granular_markings\": [\n", + " {\n", + " \"lang\": \"es\",\n", + " \"selectors\": [\n", + " \"description\"\n", + " ]\n", + " }\n", + " ]\n", + "}\n" + ] + } + ], + "source": [ + "# If lang is False, no lang markings will be removed\n", + "print(v21_indicator.clear_markings(\"description\", lang=False))" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{\n", + " \"type\": \"indicator\",\n", + " \"spec_version\": \"2.1\",\n", + " \"id\": \"indicator--de0316d6-38e1-43c2-af4f-649305251864\",\n", + " \"created\": \"2019-05-03T19:40:21.459Z\",\n", + " \"modified\": \"2019-05-03T19:40:26.431Z\",\n", + " \"description\": \"Una descripcion sobre este indicador\",\n", + " \"indicator_types\": [\n", + " \"malware\"\n", + " ],\n", + " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n", + " \"valid_from\": \"2019-05-03T19:40:21.459582Z\",\n", + " \"object_marking_refs\": [\n", + " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n", + " ],\n", + " \"granular_markings\": [\n", + " {\n", + " \"marking_ref\": \"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\",\n", + " \"selectors\": [\n", + " \"description\"\n", + " ]\n", + " }\n", + " ]\n", + "}\n" + ] + } + ], + "source": [ + "# If marking_ref is False, no marking-definition markings will be removed\n", + "print(v21_indicator.clear_markings(\"description\", marking_ref=False))" ] } ],