update user guide on marking extraction via API

2019-05-03 14:48:16 -04:00 · 2019-05-03 14:48:16 -04:00 · 8d842aeb94
parent c3aecd76ba
commit 8d842aeb94
1 changed files with 79 additions and 0 deletions
--- a/docs/guide/markings.ipynb
+++ b/docs/guide/markings.ipynb
@ -1310,6 +1310,85 @@
   "source": [
    "malware.is_marked(TLP_WHITE.id, 'description')"
   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "# Extracting lang Data Markings or marking-definition Data Markings\n",
+    "\n",
+    "If you need a specific kind of marking, you can also filter them using the API. By default the library will get both types of markings by default. You can choose between `lang=True/False` or `marking_ref=True/False` depending on your use-case."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 16,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "{\n",
+      "    \"type\": \"indicator\",\n",
+      "    \"spec_version\": \"2.1\",\n",
+      "    \"id\": \"indicator--634ef462-d6b5-48bc-9d9f-b46a6919227c\",\n",
+      "    \"created\": \"2019-05-03T18:36:44.354Z\",\n",
+      "    \"modified\": \"2019-05-03T18:36:44.354Z\",\n",
+      "    \"description\": \"Una descripcion sobre este indicador\",\n",
+      "    \"indicator_types\": [\n",
+      "        \"malware\"\n",
+      "    ],\n",
+      "    \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
+      "    \"valid_from\": \"2019-05-03T18:36:44.354443Z\",\n",
+      "    \"object_marking_refs\": [\n",
+      "        \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
+      "    ],\n",
+      "    \"granular_markings\": [\n",
+      "        {\n",
+      "            \"lang\": \"es\",\n",
+      "            \"selectors\": [\n",
+      "                \"description\"\n",
+      "            ]\n",
+      "        },\n",
+      "        {\n",
+      "            \"marking_ref\": \"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\",\n",
+      "            \"selectors\": [\n",
+      "                \"description\"\n",
+      "            ]\n",
+      "        }\n",
+      "    ]\n",
+      "}\n",
+      "['es', 'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da']\n",
+      "['marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da']\n",
+      "['es']\n"
+     ]
+    }
+   ],
+   "source": [
+    "from stix2 import v21\n",
+    "\n",
+    "v21_indicator = v21.Indicator(\n",
+    "    description=\"Una descripcion sobre este indicador\",\n",
+    "    pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
+    "    object_marking_refs=['marking-definition--f88d31f6-486f-44da-b317-01333bde0b82'],\n",
+    "    indicator_types=['malware'],\n",
+    "    granular_markings=[\n",
+    "        {\n",
+    "            'selectors': ['description'],\n",
+    "            'lang': 'es'\n",
+    "        },\n",
+    "        {\n",
+    "            'selectors': ['description'],\n",
+    "            'marking_ref': 'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da'\n",
+    "        }\n",
+    "    ]\n",
+    ")\n",
+    "print(v21_indicator)\n",
+    "print(v21_indicator.get_markings('description'))  # Gets both lang and marking_ref markings for 'description'\n",
+    "print(v21_indicator.get_markings('description', lang=False))  # Exclude lang markings from results\n",
+    "print(v21_indicator.get_markings('description', marking_ref=False))  # Exclude marking-definition markings from results"
+   ]
  }
 ],
 "metadata": {