132 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Plaintext
		
	
	
			
		
		
	
	
			132 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Plaintext
		
	
	
| {
 | |
|  "cells": [
 | |
|   {
 | |
|    "cell_type": "code",
 | |
|    "execution_count": 1,
 | |
|    "metadata": {
 | |
|     "collapsed": true,
 | |
|     "nbsphinx": "hidden"
 | |
|    },
 | |
|    "outputs": [],
 | |
|    "source": [
 | |
|     "# Delete this cell to re-enable tracebacks\n",
 | |
|     "import sys\n",
 | |
|     "ipython = get_ipython()\n",
 | |
|     "\n",
 | |
|     "def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
 | |
|     "                   exception_only=False, running_compiled_code=False):\n",
 | |
|     "    etype, value, tb = sys.exc_info()\n",
 | |
|     "    return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
 | |
|     "\n",
 | |
|     "ipython.showtraceback = hide_traceback"
 | |
|    ]
 | |
|   },
 | |
|   {
 | |
|    "cell_type": "code",
 | |
|    "execution_count": 2,
 | |
|    "metadata": {
 | |
|     "collapsed": true,
 | |
|     "nbsphinx": "hidden"
 | |
|    },
 | |
|    "outputs": [],
 | |
|    "source": [
 | |
|     "# JSON output syntax highlighting\n",
 | |
|     "from __future__ import print_function\n",
 | |
|     "from pygments import highlight\n",
 | |
|     "from pygments.lexers import JsonLexer\n",
 | |
|     "from pygments.formatters import HtmlFormatter\n",
 | |
|     "from IPython.display import HTML\n",
 | |
|     "\n",
 | |
|     "original_print = print\n",
 | |
|     "\n",
 | |
|     "def json_print(inpt):\n",
 | |
|     "    string = str(inpt)\n",
 | |
|     "    if string[0] == '{':\n",
 | |
|     "        formatter = HtmlFormatter()\n",
 | |
|     "        return HTML('<style type=\"text/css\">{}</style>{}'.format(\n",
 | |
|     "                    formatter.get_style_defs('.highlight'),\n",
 | |
|     "                    highlight(string, JsonLexer(), formatter)))\n",
 | |
|     "    else:\n",
 | |
|     "        original_print(inpt)\n",
 | |
|     "\n",
 | |
|     "print = json_print"
 | |
|    ]
 | |
|   },
 | |
|   {
 | |
|    "cell_type": "markdown",
 | |
|    "metadata": {},
 | |
|    "source": [
 | |
|     "## Parsing STIX Content"
 | |
|    ]
 | |
|   },
 | |
|   {
 | |
|    "cell_type": "markdown",
 | |
|    "metadata": {},
 | |
|    "source": [
 | |
|     "Parsing STIX content is as easy as calling the `parse()` function on a JSON string. It will automatically determine the type of the object. The STIX objects within `bundle` objects, and the cyber observables contained within `observed-data` objects will be parsed as well."
 | |
|    ]
 | |
|   },
 | |
|   {
 | |
|    "cell_type": "code",
 | |
|    "execution_count": 3,
 | |
|    "metadata": {},
 | |
|    "outputs": [
 | |
|     {
 | |
|      "name": "stdout",
 | |
|      "output_type": "stream",
 | |
|      "text": [
 | |
|       "observed-data\n",
 | |
|       "0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038\n"
 | |
|      ]
 | |
|     }
 | |
|    ],
 | |
|    "source": [
 | |
|     "from stix2 import parse\n",
 | |
|     "\n",
 | |
|     "input_string = \"\"\"{\n",
 | |
|     "    \"type\": \"observed-data\",\n",
 | |
|     "    \"id\": \"observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf\",\n",
 | |
|     "    \"created\": \"2016-04-06T19:58:16.000Z\",\n",
 | |
|     "    \"modified\": \"2016-04-06T19:58:16.000Z\",\n",
 | |
|     "    \"first_observed\": \"2015-12-21T19:00:00Z\",\n",
 | |
|     "    \"last_observed\": \"2015-12-21T19:00:00Z\",\n",
 | |
|     "    \"number_observed\": 50,\n",
 | |
|     "    \"objects\": {\n",
 | |
|     "        \"0\": {\n",
 | |
|     "            \"type\": \"file\",\n",
 | |
|     "            \"hashes\": {\n",
 | |
|     "                \"SHA-256\": \"0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038\"\n",
 | |
|     "            }\n",
 | |
|     "        }\n",
 | |
|     "    }\n",
 | |
|     "}\"\"\"\n",
 | |
|     "\n",
 | |
|     "obj = parse(input_string)\n",
 | |
|     "print(obj.type)\n",
 | |
|     "print(obj.objects[\"0\"].hashes['SHA-256'])"
 | |
|    ]
 | |
|   }
 | |
|  ],
 | |
|  "metadata": {
 | |
|   "kernelspec": {
 | |
|    "display_name": "Python 3",
 | |
|    "language": "python",
 | |
|    "name": "python3"
 | |
|   },
 | |
|   "language_info": {
 | |
|    "codemirror_mode": {
 | |
|     "name": "ipython",
 | |
|     "version": 2
 | |
|    },
 | |
|    "file_extension": ".py",
 | |
|    "mimetype": "text/x-python",
 | |
|    "name": "python",
 | |
|    "nbconvert_exporter": "python",
 | |
|    "pygments_lexer": "ipython2",
 | |
|    "version": "2.7.12"
 | |
|   }
 | |
|  },
 | |
|  "nbformat": 4,
 | |
|  "nbformat_minor": 2
 | |
| }
 |