{ "cells": [ { "cell_type": "code", "execution_count": 5, "metadata": { "collapsed": true, "nbsphinx": "hidden" }, "outputs": [], "source": [ "# Delete this cell to re-enable tracebacks\n", "import sys\n", "ipython = get_ipython()\n", "\n", "def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n", " exception_only=False, running_compiled_code=False):\n", " etype, value, tb = sys.exc_info()\n", " return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n", "\n", "ipython.showtraceback = hide_traceback" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Versioning" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "To create a new version of an existing object, specify the property(ies) you want to change and their new values:" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{\n", " \"type\": \"indicator\",\n", " \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n", " \"created\": \"2016-01-01T08:00:00.000Z\",\n", " \"modified\": \"2017-09-14T16:59:28.100Z\",\n", " \"labels\": [\n", " \"malicious-activity\"\n", " ],\n", " \"name\": \"File hash for Foobar malware\",\n", " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n", " \"valid_from\": \"2017-09-14T16:59:28.098521Z\"\n", "}\n" ] } ], "source": [ "from stix2 import Indicator\n", "\n", "indicator = Indicator(created=\"2016-01-01T08:00:00.000Z\",\n", " name=\"File hash for suspicious file\",\n", " labels=[\"anomalous-activity\"],\n", " pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n", "\n", "indicator2 = indicator.new_version(name=\"File hash for Foobar malware\",\n", " labels=[\"malicious-activity\"])\n", "print(indicator2)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "The modified time will be updated to the current time unless you provide a specific value as a keyword argument. Note that you can’t change the type, id, or created properties." ] }, { "cell_type": "code", "execution_count": 3, "metadata": { "scrolled": true }, "outputs": [ { "ename": "UnmodifiablePropertyError", "evalue": "These properties cannot be changed when making a new version: id.", "output_type": "error", "traceback": [ "\u001b[0;31mUnmodifiablePropertyError\u001b[0m\u001b[0;31m:\u001b[0m These properties cannot be changed when making a new version: id.\n" ] } ], "source": [ "indicator.new_version(id=\"indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21\")" ] }, { "cell_type": "markdown", "metadata": { "collapsed": true }, "source": [ "To revoke an object:" ] }, { "cell_type": "code", "execution_count": 9, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "{\n", " \"type\": \"indicator\",\n", " \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n", " \"created\": \"2016-01-01T08:00:00.000Z\",\n", " \"modified\": \"2017-09-14T17:03:31.222Z\",\n", " \"labels\": [\n", " \"malicious-activity\"\n", " ],\n", " \"name\": \"File hash for Foobar malware\",\n", " \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n", " \"valid_from\": \"2017-09-14T16:59:28.098521Z\",\n", " \"revoked\": true\n", "}\n" ] } ], "source": [ "indicator2 = indicator2.revoke()\n", "print(indicator2)" ] } ], "metadata": { "kernelspec": { "display_name": "Python 2", "language": "python", "name": "python2" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 2 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython2", "version": "2.7.12" } }, "nbformat": 4, "nbformat_minor": 2 }