marking-definition

2019-05-03 15:41:58 -04:00 · 2019-05-03 15:41:58 -04:00 · 851ed3e85a
parent 8d842aeb94
commit 851ed3e85a
1 changed files with 131 additions and 4 deletions
--- a/docs/guide/markings.ipynb
+++ b/docs/guide/markings.ipynb
@ -1315,7 +1315,7 @@
   "cell_type": "markdown",
   "metadata": {},
   "source": [
-    "# Extracting lang Data Markings or marking-definition Data Markings\n",
+    "# Extracting Lang Data Markings or marking-definition Data Markings\n",
    "\n",
    "If you need a specific kind of marking, you can also filter them using the API. By default the library will get both types of markings by default. You can choose between `lang=True/False` or `marking_ref=True/False` depending on your use-case."
   ]
@ -1385,9 +1385,136 @@
    "    ]\n",
    ")\n",
    "print(v21_indicator)\n",
-    "print(v21_indicator.get_markings('description'))  # Gets both lang and marking_ref markings for 'description'\n",
+    "\n",
-    "print(v21_indicator.get_markings('description', lang=False))  # Exclude lang markings from results\n",
+    "# Gets both lang and marking_ref markings for 'description'\n",
-    "print(v21_indicator.get_markings('description', marking_ref=False))  # Exclude marking-definition markings from results"
+    "print(v21_indicator.get_markings('description'))\n",
    "\n",
    "# Exclude lang markings from results\n",
    "print(v21_indicator.get_markings('description', lang=False))\n",
    "\n",
    "# Exclude marking-definition markings from results\n",
    "print(v21_indicator.get_markings('description', marking_ref=False))"
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "In this same manner, calls to `clear_markings` and `set_markings` also have the ability to operate in for one or both types of markings."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 5,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "{\n",
      "    \"type\": \"indicator\",\n",
      "    \"spec_version\": \"2.1\",\n",
      "    \"id\": \"indicator--a612665a-2df4-4fd2-851c-7fbb8c92339a\",\n",
      "    \"created\": \"2019-05-03T19:13:59.010Z\",\n",
      "    \"modified\": \"2019-05-03T19:15:41.173Z\",\n",
      "    \"description\": \"Una descripcion sobre este indicador\",\n",
      "    \"indicator_types\": [\n",
      "        \"malware\"\n",
      "    ],\n",
      "    \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
      "    \"valid_from\": \"2019-05-03T19:13:59.010624Z\",\n",
      "    \"object_marking_refs\": [\n",
      "        \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
      "    ]\n",
      "}\n"
     ]
    }
   ],
   "source": [
    "print(v21_indicator.clear_markings(\"description\"))  # By default, both types of markings will be removed"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 13,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "{\n",
      "    \"type\": \"indicator\",\n",
      "    \"spec_version\": \"2.1\",\n",
      "    \"id\": \"indicator--982aeb4d-4dd3-4b04-aa50-a1d00c31986c\",\n",
      "    \"created\": \"2019-05-03T19:19:26.542Z\",\n",
      "    \"modified\": \"2019-05-03T19:20:51.818Z\",\n",
      "    \"description\": \"Una descripcion sobre este indicador\",\n",
      "    \"indicator_types\": [\n",
      "        \"malware\"\n",
      "    ],\n",
      "    \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
      "    \"valid_from\": \"2019-05-03T19:19:26.542267Z\",\n",
      "    \"object_marking_refs\": [\n",
      "        \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
      "    ],\n",
      "    \"granular_markings\": [\n",
      "        {\n",
      "            \"lang\": \"es\",\n",
      "            \"selectors\": [\n",
      "                \"description\"\n",
      "            ]\n",
      "        }\n",
      "    ]\n",
      "}\n"
     ]
    }
   ],
   "source": [
    "# If lang is False, no lang markings will be removed\n",
    "print(v21_indicator.clear_markings(\"description\", lang=False))"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "{\n",
      "    \"type\": \"indicator\",\n",
      "    \"spec_version\": \"2.1\",\n",
      "    \"id\": \"indicator--de0316d6-38e1-43c2-af4f-649305251864\",\n",
      "    \"created\": \"2019-05-03T19:40:21.459Z\",\n",
      "    \"modified\": \"2019-05-03T19:40:26.431Z\",\n",
      "    \"description\": \"Una descripcion sobre este indicador\",\n",
      "    \"indicator_types\": [\n",
      "        \"malware\"\n",
      "    ],\n",
      "    \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
      "    \"valid_from\": \"2019-05-03T19:40:21.459582Z\",\n",
      "    \"object_marking_refs\": [\n",
      "        \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
      "    ],\n",
      "    \"granular_markings\": [\n",
      "        {\n",
      "            \"marking_ref\": \"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\",\n",
      "            \"selectors\": [\n",
      "                \"description\"\n",
      "            ]\n",
      "        }\n",
      "    ]\n",
      "}\n"
     ]
    }
   ],
   "source": [
    "# If marking_ref is False, no marking-definition markings will be removed\n",
    "print(v21_indicator.clear_markings(\"description\", marking_ref=False))"
   ]
  }
 ],