diff --git a/docs/conf.py b/docs/conf.py
index 6a20ace..5f9370b 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -33,7 +33,7 @@ version = '0.2.0'
release = '0.2.0'
language = None
-exclude_patterns = ['_build', '_templates', 'Thumbs.db', '.DS_Store', '.ipynb_checkpoints']
+exclude_patterns = ['_build', '_templates', 'Thumbs.db', '.DS_Store', 'guide/.ipynb_checkpoints']
pygments_style = 'sphinx'
todo_include_todos = False
diff --git a/docs/guide/creating.ipynb b/docs/guide/creating.ipynb
index bdcf1d7..2c0f132 100644
--- a/docs/guide/creating.ipynb
+++ b/docs/guide/creating.ipynb
@@ -2,7 +2,7 @@
"cells": [
{
"cell_type": "code",
- "execution_count": 7,
+ "execution_count": 1,
"metadata": {
"collapsed": true,
"nbsphinx": "hidden"
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -39,26 +70,101 @@
},
{
"cell_type": "code",
- "execution_count": 1,
+ "execution_count": 3,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--38feb147-4277-45d7-b16c-5f60e24b88e1\",\n",
- " \"created\": \"2017-09-14T18:17:15.709Z\",\n",
- " \"modified\": \"2017-09-14T18:17:15.709Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"name\": \"File hash for malware variant\",\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-14T18:17:15.709845Z\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "
{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",\n",
+ " "created": "2017-09-26T23:33:39.829Z",\n",
+ " "modified": "2017-09-26T23:33:39.829Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "name": "File hash for malware variant",\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:33:39.829952Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 3,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -81,8 +187,10 @@
},
{
"cell_type": "code",
- "execution_count": 8,
- "metadata": {},
+ "execution_count": 4,
+ "metadata": {
+ "collapsed": true
+ },
"outputs": [],
"source": [
"indicator2 = Indicator(type='indicator',\n",
@@ -99,7 +207,7 @@
},
{
"cell_type": "code",
- "execution_count": 9,
+ "execution_count": 5,
"metadata": {},
"outputs": [
{
@@ -127,7 +235,7 @@
},
{
"cell_type": "code",
- "execution_count": 11,
+ "execution_count": 6,
"metadata": {},
"outputs": [
{
@@ -154,7 +262,7 @@
},
{
"cell_type": "code",
- "execution_count": 12,
+ "execution_count": 7,
"metadata": {},
"outputs": [
{
@@ -181,7 +289,7 @@
},
{
"cell_type": "code",
- "execution_count": 15,
+ "execution_count": 8,
"metadata": {},
"outputs": [
{
@@ -190,7 +298,7 @@
"u'File hash for malware variant'"
]
},
- "execution_count": 15,
+ "execution_count": 8,
"metadata": {},
"output_type": "execute_result"
}
@@ -208,7 +316,7 @@
},
{
"cell_type": "code",
- "execution_count": 16,
+ "execution_count": 9,
"metadata": {},
"outputs": [
{
@@ -217,7 +325,7 @@
"u'File hash for malware variant'"
]
},
- "execution_count": 16,
+ "execution_count": 9,
"metadata": {},
"output_type": "execute_result"
}
@@ -235,7 +343,7 @@
},
{
"cell_type": "code",
- "execution_count": 17,
+ "execution_count": 10,
"metadata": {},
"outputs": [
{
@@ -253,7 +361,7 @@
},
{
"cell_type": "code",
- "execution_count": 18,
+ "execution_count": 11,
"metadata": {},
"outputs": [
{
@@ -285,24 +393,99 @@
},
{
"cell_type": "code",
- "execution_count": 21,
+ "execution_count": 12,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"malware\",\n",
- " \"id\": \"malware--b2eca08d-705a-4662-9b58-9ffe6a98cecd\",\n",
- " \"created\": \"2017-09-14T18:38:09.395Z\",\n",
- " \"modified\": \"2017-09-14T18:38:09.395Z\",\n",
- " \"name\": \"Poison Ivy\",\n",
- " \"labels\": [\n",
- " \"remote-access-trojan\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "malware",\n",
+ " "id": "malware--d7fd675d-94eb-4d95-b0bc-b3c5e28e8ed2",\n",
+ " "created": "2017-09-26T23:33:56.908Z",\n",
+ " "modified": "2017-09-26T23:33:56.908Z",\n",
+ " "name": "Poison Ivy",\n",
+ " "labels": [\n",
+ " "remote-access-trojan"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 12,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -331,23 +514,98 @@
},
{
"cell_type": "code",
- "execution_count": 23,
+ "execution_count": 13,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"relationship\",\n",
- " \"id\": \"relationship--c42147ec-827a-492d-98d1-33eaaf4678e7\",\n",
- " \"created\": \"2017-09-14T18:39:40.965Z\",\n",
- " \"modified\": \"2017-09-14T18:39:40.965Z\",\n",
- " \"relationship_type\": \"indicates\",\n",
- " \"source_ref\": \"indicator--38feb147-4277-45d7-b16c-5f60e24b88e1\",\n",
- " \"target_ref\": \"malware--b2eca08d-705a-4662-9b58-9ffe6a98cecd\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "relationship",\n",
+ " "id": "relationship--637aa3b1-d4b8-4bc4-85e7-77cc82b198a3",\n",
+ " "created": "2017-09-26T23:34:01.765Z",\n",
+ " "modified": "2017-09-26T23:34:01.765Z",\n",
+ " "relationship_type": "indicates",\n",
+ " "source_ref": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",\n",
+ " "target_ref": "malware--d7fd675d-94eb-4d95-b0bc-b3c5e28e8ed2"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 13,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -368,23 +626,98 @@
},
{
"cell_type": "code",
- "execution_count": 24,
+ "execution_count": 14,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"relationship\",\n",
- " \"id\": \"relationship--0097e73a-6340-4394-a499-74e34dcd52fa\",\n",
- " \"created\": \"2017-09-14T18:40:05.097Z\",\n",
- " \"modified\": \"2017-09-14T18:40:05.097Z\",\n",
- " \"relationship_type\": \"indicates\",\n",
- " \"source_ref\": \"indicator--38feb147-4277-45d7-b16c-5f60e24b88e1\",\n",
- " \"target_ref\": \"malware--b2eca08d-705a-4662-9b58-9ffe6a98cecd\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "relationship",\n",
+ " "id": "relationship--70fe77c2-ab00-4181-a2dc-fe5567d971ca",\n",
+ " "created": "2017-09-26T23:34:03.923Z",\n",
+ " "modified": "2017-09-26T23:34:03.923Z",\n",
+ " "relationship_type": "indicates",\n",
+ " "source_ref": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",\n",
+ " "target_ref": "malware--d7fd675d-94eb-4d95-b0bc-b3c5e28e8ed2"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 14,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -403,52 +736,127 @@
},
{
"cell_type": "code",
- "execution_count": 26,
+ "execution_count": 15,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"bundle\",\n",
- " \"id\": \"bundle--54d649a4-5ab4-4ab6-b4c4-b52c09fbee9c\",\n",
- " \"spec_version\": \"2.0\",\n",
- " \"objects\": [\n",
- " {\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--38feb147-4277-45d7-b16c-5f60e24b88e1\",\n",
- " \"created\": \"2017-09-14T18:17:15.709Z\",\n",
- " \"modified\": \"2017-09-14T18:17:15.709Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"name\": \"File hash for malware variant\",\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-14T18:17:15.709845Z\"\n",
- " },\n",
- " {\n",
- " \"type\": \"malware\",\n",
- " \"id\": \"malware--b2eca08d-705a-4662-9b58-9ffe6a98cecd\",\n",
- " \"created\": \"2017-09-14T18:38:09.395Z\",\n",
- " \"modified\": \"2017-09-14T18:38:09.395Z\",\n",
- " \"name\": \"Poison Ivy\",\n",
- " \"labels\": [\n",
- " \"remote-access-trojan\"\n",
- " ]\n",
- " },\n",
- " {\n",
- " \"type\": \"relationship\",\n",
- " \"id\": \"relationship--c42147ec-827a-492d-98d1-33eaaf4678e7\",\n",
- " \"created\": \"2017-09-14T18:39:40.965Z\",\n",
- " \"modified\": \"2017-09-14T18:39:40.965Z\",\n",
- " \"relationship_type\": \"indicates\",\n",
- " \"source_ref\": \"indicator--38feb147-4277-45d7-b16c-5f60e24b88e1\",\n",
- " \"target_ref\": \"malware--b2eca08d-705a-4662-9b58-9ffe6a98cecd\"\n",
- " }\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "bundle",\n",
+ " "id": "bundle--2536c43d-c874-418e-886c-20a22120d8cb",\n",
+ " "spec_version": "2.0",\n",
+ " "objects": [\n",
+ " {\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",\n",
+ " "created": "2017-09-26T23:33:39.829Z",\n",
+ " "modified": "2017-09-26T23:33:39.829Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "name": "File hash for malware variant",\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:33:39.829952Z"\n",
+ " },\n",
+ " {\n",
+ " "type": "malware",\n",
+ " "id": "malware--d7fd675d-94eb-4d95-b0bc-b3c5e28e8ed2",\n",
+ " "created": "2017-09-26T23:33:56.908Z",\n",
+ " "modified": "2017-09-26T23:33:56.908Z",\n",
+ " "name": "Poison Ivy",\n",
+ " "labels": [\n",
+ " "remote-access-trojan"\n",
+ " ]\n",
+ " },\n",
+ " {\n",
+ " "type": "relationship",\n",
+ " "id": "relationship--637aa3b1-d4b8-4bc4-85e7-77cc82b198a3",\n",
+ " "created": "2017-09-26T23:34:01.765Z",\n",
+ " "modified": "2017-09-26T23:34:01.765Z",\n",
+ " "relationship_type": "indicates",\n",
+ " "source_ref": "indicator--dbcbd659-c927-4f9a-994f-0a2632274394",\n",
+ " "target_ref": "malware--d7fd675d-94eb-4d95-b0bc-b3c5e28e8ed2"\n",
+ " }\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 15,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
diff --git a/docs/guide/custom.ipynb b/docs/guide/custom.ipynb
index 787f3e4..0626692 100644
--- a/docs/guide/custom.ipynb
+++ b/docs/guide/custom.ipynb
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -39,7 +70,7 @@
},
{
"cell_type": "code",
- "execution_count": 2,
+ "execution_count": 4,
"metadata": {},
"outputs": [
{
@@ -68,23 +99,98 @@
},
{
"cell_type": "code",
- "execution_count": 4,
+ "execution_count": 5,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"x_foo\": \"bar\",\n",
- " \"type\": \"identity\",\n",
- " \"id\": \"identity--1c4d65f9-cd62-4ee0-8fa7-f2686e5226bb\",\n",
- " \"created\": \"2017-09-21T13:11:37.863Z\",\n",
- " \"modified\": \"2017-09-21T13:11:37.863Z\",\n",
- " \"name\": \"John Smith\",\n",
- " \"identity_class\": \"individual\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "x_foo": "bar",\n",
+ " "type": "identity",\n",
+ " "id": "identity--8d7f0697-e589-4e3b-aa57-cae798d2d138",\n",
+ " "created": "2017-09-26T21:02:19.465Z",\n",
+ " "modified": "2017-09-26T21:02:19.465Z",\n",
+ " "name": "John Smith",\n",
+ " "identity_class": "individual"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 5,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -105,23 +211,98 @@
},
{
"cell_type": "code",
- "execution_count": 5,
+ "execution_count": 6,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"x_foo\": \"bar\",\n",
- " \"type\": \"identity\",\n",
- " \"id\": \"identity--d31a136a-49f6-44e6-b503-03f359349d4d\",\n",
- " \"created\": \"2017-09-21T13:11:39.777Z\",\n",
- " \"modified\": \"2017-09-21T13:11:39.777Z\",\n",
- " \"name\": \"John Smith\",\n",
- " \"identity_class\": \"individual\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "x_foo": "bar",\n",
+ " "type": "identity",\n",
+ " "id": "identity--1e8188eb-245f-400b-839d-7f612169c514",\n",
+ " "created": "2017-09-26T21:02:22.708Z",\n",
+ " "modified": "2017-09-26T21:02:22.708Z",\n",
+ " "name": "John Smith",\n",
+ " "identity_class": "individual"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 6,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -141,7 +322,7 @@
},
{
"cell_type": "code",
- "execution_count": 3,
+ "execution_count": 7,
"metadata": {},
"outputs": [
{
@@ -181,7 +362,7 @@
},
{
"cell_type": "code",
- "execution_count": 4,
+ "execution_count": 8,
"metadata": {
"collapsed": true
},
@@ -208,22 +389,97 @@
},
{
"cell_type": "code",
- "execution_count": 8,
+ "execution_count": 9,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"x-animal\",\n",
- " \"id\": \"x-animal--47ee8f49-d76c-4221-a924-c9e6662f78c9\",\n",
- " \"created\": \"2017-09-21T13:11:45.416Z\",\n",
- " \"modified\": \"2017-09-21T13:11:45.416Z\",\n",
- " \"species\": \"lion\",\n",
- " \"animal_class\": \"mammal\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "x-animal",\n",
+ " "id": "x-animal--caebdf17-9d2a-4c84-8864-7406326618f0",\n",
+ " "created": "2017-09-26T21:02:34.724Z",\n",
+ " "modified": "2017-09-26T21:02:34.724Z",\n",
+ " "species": "lion",\n",
+ " "animal_class": "mammal"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 9,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -241,7 +497,7 @@
},
{
"cell_type": "code",
- "execution_count": 9,
+ "execution_count": 10,
"metadata": {},
"outputs": [
{
@@ -267,7 +523,7 @@
},
{
"cell_type": "code",
- "execution_count": 10,
+ "execution_count": 11,
"metadata": {},
"outputs": [
{
@@ -300,7 +556,7 @@
},
{
"cell_type": "code",
- "execution_count": 11,
+ "execution_count": 12,
"metadata": {},
"outputs": [
{
@@ -335,19 +591,94 @@
},
{
"cell_type": "code",
- "execution_count": 5,
+ "execution_count": 13,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"x-new-observable\",\n",
- " \"a_property\": \"something\",\n",
- " \"property_2\": 10\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "x-new-observable",\n",
+ " "a_property": "something",\n",
+ " "property_2": 10\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 13,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -376,7 +707,7 @@
},
{
"cell_type": "code",
- "execution_count": 12,
+ "execution_count": 14,
"metadata": {},
"outputs": [
{
@@ -426,18 +757,93 @@
},
{
"cell_type": "code",
- "execution_count": 10,
+ "execution_count": 15,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"property1\": \"something\",\n",
- " \"property2\": 10\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "property1": "something",\n",
+ " "property2": 10\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 15,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -464,7 +870,7 @@
},
{
"cell_type": "code",
- "execution_count": 11,
+ "execution_count": 16,
"metadata": {},
"outputs": [
{
diff --git a/docs/guide/environment.ipynb b/docs/guide/environment.ipynb
new file mode 100644
index 0000000..0cb3f3e
--- /dev/null
+++ b/docs/guide/environment.ipynb
@@ -0,0 +1,592 @@
+{
+ "cells": [
+ {
+ "cell_type": "code",
+ "execution_count": 1,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# Delete this cell to re-enable tracebacks\n",
+ "import sys\n",
+ "ipython = get_ipython()\n",
+ "\n",
+ "def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
+ " exception_only=False, running_compiled_code=False):\n",
+ " etype, value, tb = sys.exc_info()\n",
+ " return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
+ "\n",
+ "ipython.showtraceback = hide_traceback"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {},
+ "source": [
+ "## Using Environments\n",
+ "\n",
+ "An ``Environment`` object makes it easier to use STIX 2 content as part of a larger application or ecosystem. It allows you to abstract away the nasty details of sending and receiving STIX data, and to create STIX objects with default values for common properties.\n",
+ "\n",
+ "### Storing and Retrieving STIX Content\n",
+ "\n",
+ "An ``Environment`` can be set up with a ``DataStore`` if you want to store and retrieve STIX content from the same place. "
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 3,
+ "metadata": {
+ "collapsed": true
+ },
+ "outputs": [],
+ "source": [
+ "from stix2 import Environment, MemoryStore\n",
+ "\n",
+ "env = Environment(store=MemoryStore())"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {},
+ "source": [
+ "If desired, you can instead set up an ``Environment`` with different data sources and sinks. In the following example we set up an environment that retrieves objects from memory and a directory on the filesystem, and stores objects in a different directory on the filesystem."
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 4,
+ "metadata": {},
+ "outputs": [
+ {
+ "ename": "RuntimeError",
+ "evalue": "maximum recursion depth exceeded while calling a Python object",
+ "output_type": "error",
+ "traceback": [
+ "\u001b[0;31mRuntimeError\u001b[0m\u001b[0;31m:\u001b[0m maximum recursion depth exceeded while calling a Python object\n"
+ ]
+ }
+ ],
+ "source": [
+ "from stix2 import CompositeDataSource, FileSystemSink, FileSystemSource, MemorySource\n",
+ "\n",
+ "src = CompositeDataSource()\n",
+ "src.add_data_source([MemorySource(), FileSystemSource(\"stix_source\")])\n",
+ "env2 = Environment(source=src,\n",
+ " sink=FileSystemSink(\"stix_sink\"))"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {},
+ "source": [
+ "Once you have an ``Environment`` you can store some STIX content in it with ``add()``:"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 5,
+ "metadata": {},
+ "outputs": [
+ {
+ "ename": "KeyError",
+ "evalue": "'objects'",
+ "output_type": "error",
+ "traceback": [
+ "\u001b[0;31mKeyError\u001b[0m\u001b[0;31m:\u001b[0m 'objects'\n"
+ ]
+ }
+ ],
+ "source": [
+ "from stix2 import Indicator\n",
+ "\n",
+ "indicator = Indicator(id=\"indicator--01234567-89ab-cdef-0123-456789abcdef\",\n",
+ " labels=[\"malicious-activity\"],\n",
+ " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
+ "env.add(indicator)"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {},
+ "source": [
+ "You can retrieve STIX objects from the DataSources in the Environment with ``get()``, ``query()``, and ``all_versions()``, just as you would for a DataSource."
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 6,
+ "metadata": {},
+ "outputs": [
+ {
+ "ename": "IndexError",
+ "evalue": "list index out of range",
+ "output_type": "error",
+ "traceback": [
+ "\u001b[0;31mIndexError\u001b[0m\u001b[0;31m:\u001b[0m list index out of range\n"
+ ]
+ }
+ ],
+ "source": [
+ "print(env.get(\"indicator--01234567-89ab-cdef-0123-456789abcdef\"))"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {},
+ "source": [
+ "### Creating STIX Objects With Defaults\n",
+ "\n",
+ "To create STIX objects with default values for certain properties, use an ``ObjectFactory``. For instance, say we want all objects we create to have a ``created_by_ref`` property pointing to the ``Identity`` object representing our organization."
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 7,
+ "metadata": {
+ "collapsed": true
+ },
+ "outputs": [],
+ "source": [
+ "from stix2 import Indicator, ObjectFactory\n",
+ "\n",
+ "factory = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\")"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {
+ "collapsed": true
+ },
+ "source": [
+ "Once you've set up the Object Factory, use its ``create()`` method, passing in the class for the type of object you wish to create, followed by the other properties and their values for the object."
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 8,
+ "metadata": {},
+ "outputs": [
+ {
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--cc2faac7-3c29-4912-bfff-d87935791d17",\n",
+ " "created_by_ref": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",\n",
+ " "created": "2017-09-26T23:35:34.669Z",\n",
+ " "modified": "2017-09-26T23:35:34.669Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:35:34.669764Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 8,
+ "metadata": {},
+ "output_type": "execute_result"
+ }
+ ],
+ "source": [
+ "ind = factory.create(Indicator,\n",
+ " labels=[\"malicious-activity\"],\n",
+ " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
+ "print(ind)"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {
+ "collapsed": true
+ },
+ "source": [
+ "All objects we create with that ``ObjectFactory`` will automatically get the default value for ``created_by_ref``. These are the properties for which defaults can be set:\n",
+ "\n",
+ "- ``created_by_ref``\n",
+ "- ``created``\n",
+ "- ``external_references``\n",
+ "- ``object_marking_refs``\n",
+ "\n",
+ "These defaults can be bypassed. For example, say you have an ``Environment`` with multiple default values but want to create an object with a different value for ``created_by_ref``, or none at all."
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 9,
+ "metadata": {},
+ "outputs": [
+ {
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--fc423952-2088-4182-a5da-65bcc989c0cc",\n",
+ " "created": "2017-09-25T18:07:46.255Z",\n",
+ " "modified": "2017-09-25T18:07:46.255Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:35:37.083918Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 9,
+ "metadata": {},
+ "output_type": "execute_result"
+ }
+ ],
+ "source": [
+ "factory2 = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\",\n",
+ " created=\"2017-09-25T18:07:46.255472Z\")\n",
+ "env2 = Environment(factory=factory2)\n",
+ "\n",
+ "ind2 = env2.create(Indicator,\n",
+ " created_by_ref=None,\n",
+ " labels=[\"malicious-activity\"],\n",
+ " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
+ "print(ind2)"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 10,
+ "metadata": {},
+ "outputs": [
+ {
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--4850716c-7ff2-4f01-9bef-72c873f8bd29",\n",
+ " "created_by_ref": "identity--962cabe5-f7f3-438a-9169-585a8c971d12",\n",
+ " "created": "2017-09-25T18:07:46.255Z",\n",
+ " "modified": "2017-09-25T18:07:46.255Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:35:39.049647Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 10,
+ "metadata": {},
+ "output_type": "execute_result"
+ }
+ ],
+ "source": [
+ "ind3 = env2.create(Indicator,\n",
+ " created_by_ref=\"identity--962cabe5-f7f3-438a-9169-585a8c971d12\",\n",
+ " labels=[\"malicious-activity\"],\n",
+ " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
+ "print(ind3)"
+ ]
+ },
+ {
+ "cell_type": "markdown",
+ "metadata": {
+ "collapsed": true
+ },
+ "source": [
+ "For the full power of the Environment layer, create an Environment with both a DataStore/Source/Sink and an Object Factory:"
+ ]
+ },
+ {
+ "cell_type": "code",
+ "execution_count": 11,
+ "metadata": {},
+ "outputs": [
+ {
+ "ename": "KeyError",
+ "evalue": "'objects'",
+ "output_type": "error",
+ "traceback": [
+ "\u001b[0;31mKeyError\u001b[0m\u001b[0;31m:\u001b[0m 'objects'\n"
+ ]
+ }
+ ],
+ "source": [
+ "environ = Environment(ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\"),\n",
+ " MemoryStore())\n",
+ "\n",
+ "i = environ.create(Indicator,\n",
+ " labels=[\"malicious-activity\"],\n",
+ " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
+ "environ.add(i)\n",
+ "print(environ.get(i.id))"
+ ]
+ }
+ ],
+ "metadata": {
+ "kernelspec": {
+ "display_name": "Python 2",
+ "language": "python",
+ "name": "python2"
+ },
+ "language_info": {
+ "codemirror_mode": {
+ "name": "ipython",
+ "version": 2
+ },
+ "file_extension": ".py",
+ "mimetype": "text/x-python",
+ "name": "python",
+ "nbconvert_exporter": "python",
+ "pygments_lexer": "ipython2",
+ "version": "2.7.12"
+ }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 2
+}
diff --git a/docs/guide/markings.ipynb b/docs/guide/markings.ipynb
index d93181e..7e512a9 100644
--- a/docs/guide/markings.ipynb
+++ b/docs/guide/markings.ipynb
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -39,28 +70,103 @@
},
{
"cell_type": "code",
- "execution_count": 1,
+ "execution_count": 3,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--bfa184d8-0168-4a8a-86e6-9db9cecd294c\",\n",
- " \"created\": \"2017-09-24T19:14:54.608Z\",\n",
- " \"modified\": \"2017-09-24T19:14:54.608Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-24T19:14:54.608584Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--aa0a1159-32b8-44d7-ba58-574ab6b9c9af",\n",
+ " "created": "2017-09-26T23:38:12.161Z",\n",
+ " "modified": "2017-09-26T23:38:12.161Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:12.161492Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 3,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -81,23 +187,98 @@
},
{
"cell_type": "code",
- "execution_count": 3,
+ "execution_count": 4,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"marking-definition\",\n",
- " \"id\": \"marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0\",\n",
- " \"created\": \"2017-09-15T16:32:07.947008Z\",\n",
- " \"definition_type\": \"statement\",\n",
- " \"definition\": {\n",
- " \"statement\": \"Copyright 2017, Example Corp\"\n",
- " }\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "marking-definition",\n",
+ " "id": "marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b",\n",
+ " "created": "2017-09-26T23:38:13.988639Z",\n",
+ " "definition_type": "statement",\n",
+ " "definition": {\n",
+ " "statement": "Copyright 2017, Example Corp"\n",
+ " }\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 4,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -119,28 +300,103 @@
},
{
"cell_type": "code",
- "execution_count": 4,
+ "execution_count": 5,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--06eea9e3-ea6d-418b-a517-4b1fff96f4aa\",\n",
- " \"created\": \"2017-09-15T16:32:10.859Z\",\n",
- " \"modified\": \"2017-09-15T16:32:10.859Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:10.859197Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--79913250-0e10-45d2-925d-53ee3747eac5",\n",
+ " "created": "2017-09-26T23:38:15.669Z",\n",
+ " "modified": "2017-09-26T23:38:15.669Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:15.669626Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 5,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -152,28 +408,103 @@
},
{
"cell_type": "code",
- "execution_count": 5,
+ "execution_count": 6,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--94457e6e-4282-4355-8f2a-a59be2192b31\",\n",
- " \"created\": \"2017-09-15T16:32:13.322Z\",\n",
- " \"modified\": \"2017-09-15T16:32:13.322Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:13.322982Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--f96f6de3-184d-4d18-85cd-c1517265b775",\n",
+ " "created": "2017-09-26T23:38:17.187Z",\n",
+ " "modified": "2017-09-26T23:38:17.187Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:17.18725Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 6,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -192,39 +523,114 @@
},
{
"cell_type": "code",
- "execution_count": 6,
+ "execution_count": 7,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"malware\",\n",
- " \"id\": \"malware--c91e0491-ea7f-46e4-85cd-90004da16b8a\",\n",
- " \"created\": \"2017-09-15T16:32:15.801Z\",\n",
- " \"modified\": \"2017-09-15T16:32:15.801Z\",\n",
- " \"name\": \"Poison Ivy\",\n",
- " \"description\": \"A ransomware related to ...\",\n",
- " \"labels\": [\n",
- " \"remote-access-trojan\"\n",
- " ],\n",
- " \"granular_markings\": [\n",
- " {\n",
- " \"marking_ref\": \"marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0\",\n",
- " \"selectors\": [\n",
- " \"description\"\n",
- " ]\n",
- " },\n",
- " {\n",
- " \"marking_ref\": \"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9\",\n",
- " \"selectors\": [\n",
- " \"name\"\n",
- " ]\n",
- " }\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "malware",\n",
+ " "id": "malware--1c57d899-1255-4f08-b084-289296b3aa0d",\n",
+ " "created": "2017-09-26T23:38:18.729Z",\n",
+ " "modified": "2017-09-26T23:38:18.729Z",\n",
+ " "name": "Poison Ivy",\n",
+ " "description": "A ransomware related to ...",\n",
+ " "labels": [\n",
+ " "remote-access-trojan"\n",
+ " ],\n",
+ " "granular_markings": [\n",
+ " {\n",
+ " "marking_ref": "marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b",\n",
+ " "selectors": [\n",
+ " "description"\n",
+ " ]\n",
+ " },\n",
+ " {\n",
+ " "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",\n",
+ " "selectors": [\n",
+ " "name"\n",
+ " ]\n",
+ " }\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 7,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -255,7 +661,7 @@
},
{
"cell_type": "code",
- "execution_count": 7,
+ "execution_count": 8,
"metadata": {},
"outputs": [
{
@@ -295,29 +701,104 @@
},
{
"cell_type": "code",
- "execution_count": 16,
+ "execution_count": 9,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--e459c8d7-09aa-41c5-968d-66bf8610687e\",\n",
- " \"created\": \"2017-09-15T16:32:04.495Z\",\n",
- " \"modified\": \"2017-09-15T16:51:40.883Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:04.495379Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0\",\n",
- " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--aa0a1159-32b8-44d7-ba58-574ab6b9c9af",\n",
+ " "created": "2017-09-26T23:38:12.161Z",\n",
+ " "modified": "2017-09-26T23:38:22.548Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:12.161492Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b",\n",
+ " "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 9,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -336,28 +817,103 @@
},
{
"cell_type": "code",
- "execution_count": 21,
+ "execution_count": 10,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--e459c8d7-09aa-41c5-968d-66bf8610687e\",\n",
- " \"created\": \"2017-09-15T16:32:04.495Z\",\n",
- " \"modified\": \"2017-09-15T16:59:35.160Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:04.495379Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--f88d31f6-486f-44da-b317-01333bde0b82\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--aa0a1159-32b8-44d7-ba58-574ab6b9c9af",\n",
+ " "created": "2017-09-26T23:38:12.161Z",\n",
+ " "modified": "2017-09-26T23:38:24.574Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:12.161492Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 10,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -376,29 +932,104 @@
},
{
"cell_type": "code",
- "execution_count": 22,
+ "execution_count": 11,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--e459c8d7-09aa-41c5-968d-66bf8610687e\",\n",
- " \"created\": \"2017-09-15T16:32:04.495Z\",\n",
- " \"modified\": \"2017-09-15T16:59:42.906Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:04.495379Z\",\n",
- " \"object_marking_refs\": [\n",
- " \"marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0\",\n",
- " \"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\"\n",
- " ]\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--aa0a1159-32b8-44d7-ba58-574ab6b9c9af",\n",
+ " "created": "2017-09-26T23:38:12.161Z",\n",
+ " "modified": "2017-09-26T23:38:26.215Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:12.161492Z",\n",
+ " "object_marking_refs": [\n",
+ " "marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b",\n",
+ " "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"\n",
+ " ]\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 11,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -418,25 +1049,100 @@
},
{
"cell_type": "code",
- "execution_count": 23,
+ "execution_count": 12,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--e459c8d7-09aa-41c5-968d-66bf8610687e\",\n",
- " \"created\": \"2017-09-15T16:32:04.495Z\",\n",
- " \"modified\": \"2017-09-15T17:04:48.386Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-15T16:32:04.495379Z\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--aa0a1159-32b8-44d7-ba58-574ab6b9c9af",\n",
+ " "created": "2017-09-26T23:38:12.161Z",\n",
+ " "modified": "2017-09-26T23:38:27.900Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:12.161492Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 12,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -464,17 +1170,17 @@
},
{
"cell_type": "code",
- "execution_count": 24,
+ "execution_count": 13,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
- "['marking-definition--674e3f0f-8547-41df-80b4-784eb4c5b4d0',\n",
+ "['marking-definition--b039cd22-b453-40c7-b9d8-20f8ae1ba29b',\n",
" 'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da']"
]
},
- "execution_count": 24,
+ "execution_count": 13,
"metadata": {},
"output_type": "execute_result"
}
@@ -494,7 +1200,7 @@
},
{
"cell_type": "code",
- "execution_count": 25,
+ "execution_count": 14,
"metadata": {},
"outputs": [
{
@@ -503,7 +1209,7 @@
"['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9']"
]
},
- "execution_count": 25,
+ "execution_count": 14,
"metadata": {},
"output_type": "execute_result"
}
@@ -521,7 +1227,7 @@
},
{
"cell_type": "code",
- "execution_count": 11,
+ "execution_count": 15,
"metadata": {},
"outputs": [
{
@@ -530,7 +1236,7 @@
"True"
]
},
- "execution_count": 11,
+ "execution_count": 15,
"metadata": {},
"output_type": "execute_result"
}
@@ -543,7 +1249,7 @@
},
{
"cell_type": "code",
- "execution_count": 13,
+ "execution_count": 16,
"metadata": {},
"outputs": [
{
@@ -552,7 +1258,7 @@
"True"
]
},
- "execution_count": 13,
+ "execution_count": 16,
"metadata": {},
"output_type": "execute_result"
}
@@ -563,7 +1269,7 @@
},
{
"cell_type": "code",
- "execution_count": 14,
+ "execution_count": 17,
"metadata": {
"scrolled": true
},
@@ -574,7 +1280,7 @@
"False"
]
},
- "execution_count": 14,
+ "execution_count": 17,
"metadata": {},
"output_type": "execute_result"
}
@@ -586,9 +1292,9 @@
],
"metadata": {
"kernelspec": {
- "display_name": "cti-python-stix2",
+ "display_name": "Python 2",
"language": "python",
- "name": "cti-python-stix2"
+ "name": "python2"
},
"language_info": {
"codemirror_mode": {
diff --git a/docs/guide/parsing.ipynb b/docs/guide/parsing.ipynb
index 107aead..f645740 100644
--- a/docs/guide/parsing.ipynb
+++ b/docs/guide/parsing.ipynb
@@ -2,7 +2,7 @@
"cells": [
{
"cell_type": "code",
- "execution_count": 2,
+ "execution_count": 1,
"metadata": {
"collapsed": true,
"nbsphinx": "hidden"
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -37,7 +68,7 @@
},
{
"cell_type": "code",
- "execution_count": 10,
+ "execution_count": 3,
"metadata": {},
"outputs": [
{
diff --git a/docs/guide/serializing.ipynb b/docs/guide/serializing.ipynb
index 4ca5b61..8ca4460 100644
--- a/docs/guide/serializing.ipynb
+++ b/docs/guide/serializing.ipynb
@@ -2,7 +2,7 @@
"cells": [
{
"cell_type": "code",
- "execution_count": 2,
+ "execution_count": 1,
"metadata": {
"collapsed": true,
"nbsphinx": "hidden"
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -37,26 +68,101 @@
},
{
"cell_type": "code",
- "execution_count": 4,
+ "execution_count": 3,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--d44ae7d5-01dc-4151-a5de-c9a763c7de3e\",\n",
- " \"created\": \"2017-09-14T18:15:08.073Z\",\n",
- " \"modified\": \"2017-09-14T18:15:08.073Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"name\": \"File hash for malware variant\",\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-14T18:15:08.073928Z\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--81b0644d-5e9d-48fb-bb83-aabe77918305",\n",
+ " "created": "2017-09-26T23:38:55.476Z",\n",
+ " "modified": "2017-09-26T23:38:55.476Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "name": "File hash for malware variant",\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:38:55.476436Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 3,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
diff --git a/docs/guide/versioning.ipynb b/docs/guide/versioning.ipynb
index fbf445a..d38ba94 100644
--- a/docs/guide/versioning.ipynb
+++ b/docs/guide/versioning.ipynb
@@ -2,7 +2,7 @@
"cells": [
{
"cell_type": "code",
- "execution_count": 5,
+ "execution_count": 1,
"metadata": {
"collapsed": true,
"nbsphinx": "hidden"
@@ -21,6 +21,37 @@
"ipython.showtraceback = hide_traceback"
]
},
+ {
+ "cell_type": "code",
+ "execution_count": 2,
+ "metadata": {
+ "collapsed": true,
+ "nbsphinx": "hidden"
+ },
+ "outputs": [],
+ "source": [
+ "# JSON output syntax highlighting\n",
+ "from __future__ import print_function\n",
+ "from pygments import highlight\n",
+ "from pygments.lexers import JsonLexer\n",
+ "from pygments.formatters import HtmlFormatter\n",
+ "from IPython.display import HTML\n",
+ "\n",
+ "original_print = print\n",
+ "\n",
+ "def json_print(inpt):\n",
+ " string = str(inpt)\n",
+ " if string[0] == '{':\n",
+ " formatter = HtmlFormatter()\n",
+ " return HTML('{}'.format(\n",
+ " formatter.get_style_defs('.highlight'),\n",
+ " highlight(string, JsonLexer(), formatter)))\n",
+ " else:\n",
+ " original_print(inpt)\n",
+ "\n",
+ "print = json_print"
+ ]
+ },
{
"cell_type": "markdown",
"metadata": {},
@@ -37,26 +68,101 @@
},
{
"cell_type": "code",
- "execution_count": 6,
+ "execution_count": 3,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
- " \"created\": \"2016-01-01T08:00:00.000Z\",\n",
- " \"modified\": \"2017-09-14T16:59:28.100Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"name\": \"File hash for Foobar malware\",\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-14T16:59:28.098521Z\"\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--92bb1ae4-db9c-4d6e-8ded-ef7280b4439a",\n",
+ " "created": "2016-01-01T08:00:00.000Z",\n",
+ " "modified": "2017-09-26T23:39:07.149Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "name": "File hash for Foobar malware",\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:39:07.132129Z"\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 3,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
@@ -81,7 +187,7 @@
},
{
"cell_type": "code",
- "execution_count": 3,
+ "execution_count": 4,
"metadata": {
"scrolled": true
},
@@ -110,27 +216,102 @@
},
{
"cell_type": "code",
- "execution_count": 9,
+ "execution_count": 5,
"metadata": {},
"outputs": [
{
- "name": "stdout",
- "output_type": "stream",
- "text": [
- "{\n",
- " \"type\": \"indicator\",\n",
- " \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
- " \"created\": \"2016-01-01T08:00:00.000Z\",\n",
- " \"modified\": \"2017-09-14T17:03:31.222Z\",\n",
- " \"labels\": [\n",
- " \"malicious-activity\"\n",
- " ],\n",
- " \"name\": \"File hash for Foobar malware\",\n",
- " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
- " \"valid_from\": \"2017-09-14T16:59:28.098521Z\",\n",
- " \"revoked\": true\n",
- "}\n"
- ]
+ "data": {
+ "text/html": [
+ "{\n",
+ " "type": "indicator",\n",
+ " "id": "indicator--92bb1ae4-db9c-4d6e-8ded-ef7280b4439a",\n",
+ " "created": "2016-01-01T08:00:00.000Z",\n",
+ " "modified": "2017-09-26T23:39:09.463Z",\n",
+ " "labels": [\n",
+ " "malicious-activity"\n",
+ " ],\n",
+ " "name": "File hash for Foobar malware",\n",
+ " "pattern": "[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",\n",
+ " "valid_from": "2017-09-26T23:39:07.132129Z",\n",
+ " "revoked": true\n",
+ "}\n",
+ "
\n"
+ ],
+ "text/plain": [
+ ""
+ ]
+ },
+ "execution_count": 5,
+ "metadata": {},
+ "output_type": "execute_result"
}
],
"source": [
diff --git a/stix2/common.py b/stix2/common.py
index 8f34ed6..bd177fd 100644
--- a/stix2/common.py
+++ b/stix2/common.py
@@ -1,4 +1,4 @@
-"""STIX 2 Common Data Types and Properties"""
+"""STIX 2 Common Data Types and Properties."""
from collections import OrderedDict
diff --git a/stix2/exceptions.py b/stix2/exceptions.py
index 17aa8bf..841a8e9 100644
--- a/stix2/exceptions.py
+++ b/stix2/exceptions.py
@@ -1,3 +1,7 @@
+"""STIX 2 error classes.
+"""
+
+
class STIXError(Exception):
"""Base class for errors generated in the stix2 library."""
diff --git a/stix2/markings/__init__.py b/stix2/markings/__init__.py
index 400c54d..9194ee1 100644
--- a/stix2/markings/__init__.py
+++ b/stix2/markings/__init__.py
@@ -1,5 +1,5 @@
"""
-Python STIX 2.0 Data Markings API.
+Functions and classes for working with STIX 2 Data Markings.
These high level functions will operate on both object level markings and
granular markings unless otherwise noted in each of the functions.
diff --git a/stix2/patterns.py b/stix2/patterns.py
index 7858146..91f18bc 100644
--- a/stix2/patterns.py
+++ b/stix2/patterns.py
@@ -1,3 +1,6 @@
+"""Classes to aid in working with the STIX 2 patterning language.
+"""
+
import base64
import binascii
import re
diff --git a/stix2/sources/filters.py b/stix2/sources/filters.py
index a565006..8e77f56 100644
--- a/stix2/sources/filters.py
+++ b/stix2/sources/filters.py
@@ -117,7 +117,6 @@ def apply_common_filters(stix_objs, query):
Args:
stix_objs (list): list of STIX objects to apply the query to
-
query (set): set of filters (combined form complete query)
Returns:
@@ -125,7 +124,6 @@ def apply_common_filters(stix_objs, query):
the query.
"""
-
for stix_obj in stix_objs:
clean = True
for filter_ in query:
diff --git a/stix2/sources/memory.py b/stix2/sources/memory.py
index 6f07917..1886e60 100644
--- a/stix2/sources/memory.py
+++ b/stix2/sources/memory.py
@@ -6,7 +6,8 @@ Classes:
MemorySink
MemorySource
-TODO: Run through tests again, lot of changes.
+TODO:
+ Run through tests again, lot of changes.
TODO:
Use deduplicate() calls only when memory corpus is dirty (been added to)