Updates to extensions.ipynb:
- Change CS 02 reference to CS 03 - Fix typos - Remove the extension definition from the first example. It's not relevant. Change the explanation to explain the real reason why that example works: if unregistered toplevel property extensions are present, the library lets unrecognized toplevel properties pass. - Change the explained rationale for registering an extension. It had described "repetitive instantiation" of an extension, but I think it was referring to an extension definition, and that is not what happens. The benefit of registration is that the library will know which properties are associated with the extension and can enforce their requirements. Changed the commentary to explain this. - Fix the custom marking example to not use the @CustomMarking decorator. It is no longer used for extension-based custom markings. Instead, it just shows a normal extension being registered and applied to a marking-definition. The commentary is changed to explain this too.pull/1/head
parent
f0779d7802
commit
9f428c5efd
|
@ -59,11 +59,11 @@
|
||||||
"source": [
|
"source": [
|
||||||
"## STIX Extensions\n",
|
"## STIX Extensions\n",
|
||||||
"\n",
|
"\n",
|
||||||
"This page is specific for the STIX Extensions mechanism defined in STIX 2.1 CS 02. For the deprecated STIX Customization mechanisms see the [Custom](custom.ipynb) section.\n",
|
"This page is specific for the STIX Extensions mechanism defined in STIX 2.1 CS 03. For the deprecated STIX Customization mechanisms see the [Custom](custom.ipynb) section.\n",
|
||||||
"\n",
|
"\n",
|
||||||
"### Top Level Property Extensions\n",
|
"### Top Level Property Extensions\n",
|
||||||
"\n",
|
"\n",
|
||||||
"The example below shows how to create an `indicator` object with a `top-level-property-extension`. "
|
"The example below shows how to create an `indicator` object with a `toplevel-property-extension`. Because an unregistered toplevel property extension is present, any unrecognized toplevel properties are assumed to be extension properties. So the library lets them pass. "
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -72,239 +72,38 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [
|
"outputs": [
|
||||||
{
|
{
|
||||||
"data": {
|
"name": "stdout",
|
||||||
"text/html": [
|
"output_type": "stream",
|
||||||
"<style type=\"text/css\">pre { line-height: 125%; margin: 0; }\n",
|
"text": [
|
||||||
"td.linenos pre { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
"{\n",
|
||||||
"span.linenos { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
" \"type\": \"indicator\",\n",
|
||||||
"td.linenos pre.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
" \"spec_version\": \"2.1\",\n",
|
||||||
"span.linenos.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
" \"id\": \"indicator--e97bfccf-8970-4a3c-9cd1-5b5b97ed5d0c\",\n",
|
||||||
".highlight .hll { background-color: #ffffcc }\n",
|
" \"created\": \"2014-02-20T09:16:08.989Z\",\n",
|
||||||
".highlight { background: #f8f8f8; }\n",
|
" \"modified\": \"2014-02-20T09:16:08.989Z\",\n",
|
||||||
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
" \"name\": \"File hash for Poison Ivy variant\",\n",
|
||||||
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
" \"description\": \"This file hash indicates that a sample of Poison Ivy is present.\",\n",
|
||||||
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
" \"pattern\": \"[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']\",\n",
|
||||||
".highlight .o { color: #666666 } /* Operator */\n",
|
" \"pattern_type\": \"stix\",\n",
|
||||||
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
" \"pattern_version\": \"2.1\",\n",
|
||||||
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
" \"valid_from\": \"2014-02-20T09:00:00Z\",\n",
|
||||||
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
" \"labels\": [\n",
|
||||||
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
" \"malicious-activity\"\n",
|
||||||
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
" ],\n",
|
||||||
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
" \"extensions\": {\n",
|
||||||
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
" \"extension-definition--dd73de4f-a7f3-49ea-8ec1-8e884196b7a8\": {\n",
|
||||||
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
" \"extension_type\": \"toplevel-property-extension\"\n",
|
||||||
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
" }\n",
|
||||||
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
" },\n",
|
||||||
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
" \"rank\": 5,\n",
|
||||||
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
" \"toxicity\": 8\n",
|
||||||
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
"}\n"
|
||||||
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
||||||
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
||||||
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
||||||
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
||||||
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
||||||
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
||||||
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
||||||
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
||||||
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
||||||
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
||||||
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
||||||
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
||||||
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
||||||
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
||||||
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
||||||
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
||||||
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
||||||
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
||||||
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
||||||
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
||||||
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
||||||
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
||||||
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
||||||
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
||||||
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
||||||
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
||||||
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
||||||
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
||||||
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
||||||
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
||||||
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
||||||
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
||||||
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
||||||
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
||||||
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
||||||
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
||||||
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
||||||
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
||||||
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
||||||
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
||||||
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
||||||
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
||||||
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
||||||
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
||||||
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
||||||
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
||||||
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
||||||
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
||||||
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
||||||
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"extension-definition"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"extension-definition--dd73de4f-a7f3-49ea-8ec1-8e884196b7a8"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"created_by_ref"</span><span class=\"p\">:</span> <span class=\"s2\">"identity--11b76a96-5d2b-45e0-8a5a-f6994f370731"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2014-02-20T09:16:08.000Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"modified"</span><span class=\"p\">:</span> <span class=\"s2\">"2014-02-20T09:16:08.000Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"New SDO 1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"description"</span><span class=\"p\">:</span> <span class=\"s2\">"This schema adds two properties to a STIX object at the toplevel"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"schema"</span><span class=\"p\">:</span> <span class=\"s2\">"https://www.example.com/schema-foo-1a/v1/"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"version"</span><span class=\"p\">:</span> <span class=\"s2\">"1.2.1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"extension_types"</span><span class=\"p\">:</span> <span class=\"p\">[</span>\n",
|
|
||||||
" <span class=\"s2\">"toplevel-property-extension"</span>\n",
|
|
||||||
" <span class=\"p\">],</span>\n",
|
|
||||||
" <span class=\"nt\">"extension_properties"</span><span class=\"p\">:</span> <span class=\"p\">[</span>\n",
|
|
||||||
" <span class=\"s2\">"toxicity"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"s2\">"rank"</span>\n",
|
|
||||||
" <span class=\"p\">]</span>\n",
|
|
||||||
"<span class=\"p\">}</span>\n",
|
|
||||||
"</pre></div>\n"
|
|
||||||
],
|
|
||||||
"text/plain": [
|
|
||||||
"<IPython.core.display.HTML object>"
|
|
||||||
]
|
]
|
||||||
},
|
|
||||||
"execution_count": 3,
|
|
||||||
"metadata": {},
|
|
||||||
"output_type": "execute_result"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"data": {
|
|
||||||
"text/html": [
|
|
||||||
"<style type=\"text/css\">pre { line-height: 125%; margin: 0; }\n",
|
|
||||||
"td.linenos pre { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
|
||||||
"span.linenos { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
|
||||||
"td.linenos pre.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
|
||||||
"span.linenos.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
|
||||||
".highlight .hll { background-color: #ffffcc }\n",
|
|
||||||
".highlight { background: #f8f8f8; }\n",
|
|
||||||
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
|
||||||
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
|
||||||
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
|
||||||
".highlight .o { color: #666666 } /* Operator */\n",
|
|
||||||
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
|
||||||
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
|
||||||
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
|
||||||
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
|
||||||
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
|
||||||
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
|
||||||
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
|
||||||
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
|
||||||
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
|
||||||
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
|
||||||
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
|
||||||
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
|
||||||
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
|
||||||
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
||||||
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
||||||
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
||||||
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
||||||
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
||||||
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
||||||
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
||||||
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
||||||
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
||||||
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
||||||
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
||||||
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
||||||
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
||||||
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
||||||
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
||||||
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
||||||
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
||||||
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
||||||
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
||||||
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
||||||
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
||||||
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
||||||
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
||||||
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
||||||
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
||||||
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
||||||
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
||||||
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
||||||
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
||||||
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
||||||
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
||||||
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
||||||
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
||||||
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
||||||
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
||||||
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
||||||
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
||||||
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
||||||
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
||||||
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
||||||
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
||||||
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
||||||
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
||||||
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
||||||
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
||||||
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
||||||
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
||||||
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
||||||
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
||||||
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator--e97bfccf-8970-4a3c-9cd1-5b5b97ed5d0c"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2014-02-20T09:16:08.989Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"modified"</span><span class=\"p\">:</span> <span class=\"s2\">"2014-02-20T09:16:08.989Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"File hash for Poison Ivy variant"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"description"</span><span class=\"p\">:</span> <span class=\"s2\">"This file hash indicates that a sample of Poison Ivy is present."</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"pattern"</span><span class=\"p\">:</span> <span class=\"s2\">"[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"pattern_type"</span><span class=\"p\">:</span> <span class=\"s2\">"stix"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"pattern_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"valid_from"</span><span class=\"p\">:</span> <span class=\"s2\">"2014-02-20T09:00:00Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"labels"</span><span class=\"p\">:</span> <span class=\"p\">[</span>\n",
|
|
||||||
" <span class=\"s2\">"malicious-activity"</span>\n",
|
|
||||||
" <span class=\"p\">],</span>\n",
|
|
||||||
" <span class=\"nt\">"extensions"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"extension-definition--dd73de4f-a7f3-49ea-8ec1-8e884196b7a8"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"extension_type"</span><span class=\"p\">:</span> <span class=\"s2\">"toplevel-property-extension"</span>\n",
|
|
||||||
" <span class=\"p\">}</span>\n",
|
|
||||||
" <span class=\"p\">},</span>\n",
|
|
||||||
" <span class=\"nt\">"rank"</span><span class=\"p\">:</span> <span class=\"mi\">5</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"toxicity"</span><span class=\"p\">:</span> <span class=\"mi\">8</span>\n",
|
|
||||||
"<span class=\"p\">}</span>\n",
|
|
||||||
"</pre></div>\n"
|
|
||||||
],
|
|
||||||
"text/plain": [
|
|
||||||
"<IPython.core.display.HTML object>"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"execution_count": 3,
|
|
||||||
"metadata": {},
|
|
||||||
"output_type": "execute_result"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": [
|
"source": [
|
||||||
"import stix2\n",
|
"import stix2\n",
|
||||||
"\n",
|
"\n",
|
||||||
"extension_definition1 = stix2.v21.ExtensionDefinition(\n",
|
|
||||||
" id=\"extension-definition--dd73de4f-a7f3-49ea-8ec1-8e884196b7a8\",\n",
|
|
||||||
" created_by_ref=\"identity--11b76a96-5d2b-45e0-8a5a-f6994f370731\",\n",
|
|
||||||
" created=\"2014-02-20T09:16:08.000Z\",\n",
|
|
||||||
" modified=\"2014-02-20T09:16:08.000Z\",\n",
|
|
||||||
" name=\"New SDO 1\",\n",
|
|
||||||
" description=\"This schema adds two properties to a STIX object at the toplevel\",\n",
|
|
||||||
" schema=\"https://www.example.com/schema-foo-1a/v1/\",\n",
|
|
||||||
" version=\"1.2.1\",\n",
|
|
||||||
" extension_types=[\"toplevel-property-extension\"],\n",
|
|
||||||
" extension_properties=[\n",
|
|
||||||
" \"toxicity\",\n",
|
|
||||||
" \"rank\",\n",
|
|
||||||
" ],\n",
|
|
||||||
")\n",
|
|
||||||
"\n",
|
|
||||||
"indicator = stix2.v21.Indicator(\n",
|
"indicator = stix2.v21.Indicator(\n",
|
||||||
" id='indicator--e97bfccf-8970-4a3c-9cd1-5b5b97ed5d0c',\n",
|
" id='indicator--e97bfccf-8970-4a3c-9cd1-5b5b97ed5d0c',\n",
|
||||||
" created='2014-02-20T09:16:08.989000Z',\n",
|
" created='2014-02-20T09:16:08.989000Z',\n",
|
||||||
|
@ -320,13 +119,12 @@
|
||||||
" pattern_type='stix',\n",
|
" pattern_type='stix',\n",
|
||||||
" valid_from='2014-02-20T09:00:00.000000Z',\n",
|
" valid_from='2014-02-20T09:00:00.000000Z',\n",
|
||||||
" extensions={\n",
|
" extensions={\n",
|
||||||
" extension_definition1.id : {\n",
|
" \"extension-definition--dd73de4f-a7f3-49ea-8ec1-8e884196b7a8\" : {\n",
|
||||||
" 'extension_type': 'toplevel-property-extension',\n",
|
" 'extension_type': 'toplevel-property-extension',\n",
|
||||||
" },\n",
|
" },\n",
|
||||||
" }\n",
|
" }\n",
|
||||||
")\n",
|
")\n",
|
||||||
"\n",
|
"\n",
|
||||||
"print(extension_definition1.serialize(pretty=True))\n",
|
|
||||||
"print(indicator.serialize(pretty=True))"
|
"print(indicator.serialize(pretty=True))"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -336,7 +134,7 @@
|
||||||
"source": [
|
"source": [
|
||||||
"### Using CustomExtension decorator\n",
|
"### Using CustomExtension decorator\n",
|
||||||
"\n",
|
"\n",
|
||||||
"However, in order to prevent repetitive instantiation of the same extension, the `@CustomExtension` decorator can be used to register the `extension-definition` with stix2. Use the `extension_type` class variable to define what kind of extension it is. Then its id can be passed into objects that use this extension."
|
"However, in order to define which properties are actually included with an extension, the `@CustomExtension` decorator can be used to register an extension type and its properties with stix2. Use the `extension_type` class variable to define what kind of extension it is. Then its id can be passed into objects that use this extension."
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -500,7 +298,7 @@
|
||||||
"\n",
|
"\n",
|
||||||
"---\n",
|
"---\n",
|
||||||
"**Note:**\n",
|
"**Note:**\n",
|
||||||
"Creating an instance of an extension-definition object **does not** mean it is registered in the library. Please use the appropriate decorator for this step: `@CustomExtension`, `@CustomObject`, `@CustomObservable`, `@CustomMarking`\n",
|
"Creating an instance of an extension object **does not** mean it is registered in the library. Please use the appropriate decorator for this step: `@CustomExtension`, `@CustomObject`, `@CustomObservable`, `@CustomMarking`\n",
|
||||||
"\n",
|
"\n",
|
||||||
"---"
|
"---"
|
||||||
]
|
]
|
||||||
|
@ -632,9 +430,9 @@
|
||||||
"cell_type": "markdown",
|
"cell_type": "markdown",
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"source": [
|
"source": [
|
||||||
"### Using CustomMarking for Extension Definition\n",
|
"### Custom Markings\n",
|
||||||
"\n",
|
"\n",
|
||||||
"The example below shows the use for MarkingDefinition extensions. Currently this is only supported as a `property-extension`. Now, as another option to building the `extensions` as a dictionary, it can also be built with objects as shown below by extracting the registered class."
|
"The example below show how to create a user-defined marking based on an extension. The STIX `marking-definition` object is essentially a base upon which you build the particulars of your marking, via an extension. This is done in the same way as any other extension. Marking definitions are no different in this regard. The below example illustrates an alternative to building the extension entirely as a dictionary: it can also be built by instantiating the registered class."
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -643,123 +441,43 @@
|
||||||
"metadata": {},
|
"metadata": {},
|
||||||
"outputs": [
|
"outputs": [
|
||||||
{
|
{
|
||||||
"data": {
|
"name": "stdout",
|
||||||
"text/html": [
|
"output_type": "stream",
|
||||||
"<style type=\"text/css\">pre { line-height: 125%; margin: 0; }\n",
|
"text": [
|
||||||
"td.linenos pre { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
"{\n",
|
||||||
"span.linenos { color: #000000; background-color: #f0f0f0; padding: 0 5px 0 5px; }\n",
|
" \"type\": \"marking-definition\",\n",
|
||||||
"td.linenos pre.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
" \"spec_version\": \"2.1\",\n",
|
||||||
"span.linenos.special { color: #000000; background-color: #ffffc0; padding: 0 5px 0 5px; }\n",
|
" \"id\": \"marking-definition--0a970182-06fd-4bc8-ae27-863fdb0e794c\",\n",
|
||||||
".highlight .hll { background-color: #ffffcc }\n",
|
" \"created\": \"2021-07-11T23:02:29.893782Z\",\n",
|
||||||
".highlight { background: #f8f8f8; }\n",
|
" \"name\": \"This is the name of my favorite Marking\",\n",
|
||||||
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
" \"extensions\": {\n",
|
||||||
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
" \"extension-definition--a932fcc6-e032-176c-126f-cb970a5a1fff\": {\n",
|
||||||
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
" \"extension_type\": \"property-extension\",\n",
|
||||||
".highlight .o { color: #666666 } /* Operator */\n",
|
" \"some_marking_field\": \"value\"\n",
|
||||||
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
" }\n",
|
||||||
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
" }\n",
|
||||||
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
"}\n"
|
||||||
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
|
||||||
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
|
||||||
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
|
||||||
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
|
||||||
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
|
||||||
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
|
||||||
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
|
||||||
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
|
||||||
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
|
||||||
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
|
||||||
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
||||||
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
||||||
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
||||||
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
||||||
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
||||||
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
||||||
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
||||||
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
||||||
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
||||||
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
||||||
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
||||||
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
||||||
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
||||||
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
||||||
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
||||||
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
||||||
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
||||||
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
||||||
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
||||||
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
||||||
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
||||||
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
||||||
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
||||||
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
||||||
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
||||||
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
||||||
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
||||||
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
||||||
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
||||||
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
||||||
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
||||||
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
||||||
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
||||||
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
||||||
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
||||||
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
||||||
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
||||||
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
||||||
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
||||||
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
||||||
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
||||||
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
||||||
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
||||||
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
||||||
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
||||||
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
||||||
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
||||||
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
||||||
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
||||||
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"marking-definition"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"marking-definition--28417f9f-1963-4e7f-914d-233f8fd4829f"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2021-03-31T21:54:46.652069Z"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"This is the name of my favorite Marking"</span><span class=\"p\">,</span>\n",
|
|
||||||
" <span class=\"nt\">"extensions"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"extension-definition--a932fcc6-e032-176c-126f-cb970a5a1fff"</span><span class=\"p\">:</span> <span class=\"p\">{</span>\n",
|
|
||||||
" <span class=\"nt\">"extension_type"</span><span class=\"p\">:</span> <span class=\"s2\">"property-extension"</span>\n",
|
|
||||||
" <span class=\"p\">}</span>\n",
|
|
||||||
" <span class=\"p\">}</span>\n",
|
|
||||||
"<span class=\"p\">}</span>\n",
|
|
||||||
"</pre></div>\n"
|
|
||||||
],
|
|
||||||
"text/plain": [
|
|
||||||
"<IPython.core.display.HTML object>"
|
|
||||||
]
|
]
|
||||||
},
|
|
||||||
"execution_count": 4,
|
|
||||||
"metadata": {},
|
|
||||||
"output_type": "execute_result"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": [
|
"source": [
|
||||||
"from stix2 import registry\n",
|
"import stix2\n",
|
||||||
|
"import stix2.properties\n",
|
||||||
"\n",
|
"\n",
|
||||||
"MARKING_EXTENSION_ID = 'extension-definition--a932fcc6-e032-176c-126f-cb970a5a1fff'\n",
|
"MARKING_EXTENSION_ID = 'extension-definition--a932fcc6-e032-176c-126f-cb970a5a1fff'\n",
|
||||||
"\n",
|
"\n",
|
||||||
"@stix2.v21.CustomMarking(\n",
|
"@stix2.CustomExtension(MARKING_EXTENSION_ID, [\n",
|
||||||
" 'my-favorite-marking', [\n",
|
" ('some_marking_field', stix2.properties.StringProperty(required=True))\n",
|
||||||
" ('some_marking_field', stix2.properties.StringProperty(required=True)),\n",
|
"])\n",
|
||||||
" ], MARKING_EXTENSION_ID,\n",
|
|
||||||
")\n",
|
|
||||||
"class MyFavMarking:\n",
|
"class MyFavMarking:\n",
|
||||||
" pass\n",
|
" extension_type = 'property-extension'\n",
|
||||||
"\n",
|
"\n",
|
||||||
"ext_class = registry.class_for_type(MARKING_EXTENSION_ID, '2.1')\n",
|
"my_favorite_marking = stix2.MarkingDefinition(\n",
|
||||||
"\n",
|
|
||||||
"my_favorite_marking = MyFavMarking(\n",
|
|
||||||
" name='This is the name of my favorite Marking',\n",
|
" name='This is the name of my favorite Marking',\n",
|
||||||
" extensions={\n",
|
" extensions={\n",
|
||||||
" MARKING_EXTENSION_ID: ext_class(some_marking_field='value')\n",
|
" MARKING_EXTENSION_ID: MyFavMarking(\n",
|
||||||
|
" some_marking_field='value'\n",
|
||||||
|
" )\n",
|
||||||
" }\n",
|
" }\n",
|
||||||
")\n",
|
")\n",
|
||||||
"\n",
|
"\n",
|
||||||
|
@ -908,7 +626,7 @@
|
||||||
],
|
],
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"kernelspec": {
|
"kernelspec": {
|
||||||
"display_name": "Python 3",
|
"display_name": "Python 3 (ipykernel)",
|
||||||
"language": "python",
|
"language": "python",
|
||||||
"name": "python3"
|
"name": "python3"
|
||||||
},
|
},
|
||||||
|
@ -922,7 +640,7 @@
|
||||||
"name": "python",
|
"name": "python",
|
||||||
"nbconvert_exporter": "python",
|
"nbconvert_exporter": "python",
|
||||||
"pygments_lexer": "ipython3",
|
"pygments_lexer": "ipython3",
|
||||||
"version": "3.9.2"
|
"version": "3.8.1"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nbformat": 4,
|
"nbformat": 4,
|
||||||
|
|
Loading…
Reference in New Issue