418 lines
26 KiB
Plaintext
418 lines
26 KiB
Plaintext
{
|
|
"cells": [
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 1,
|
|
"metadata": {
|
|
"nbsphinx": "hidden"
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"# Delete this cell to re-enable tracebacks\n",
|
|
"import sys\n",
|
|
"ipython = get_ipython()\n",
|
|
"\n",
|
|
"def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
|
|
" exception_only=False, running_compiled_code=False):\n",
|
|
" etype, value, tb = sys.exc_info()\n",
|
|
" value.__cause__ = None # suppress chained exceptions\n",
|
|
" return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
|
|
"\n",
|
|
"ipython.showtraceback = hide_traceback"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 2,
|
|
"metadata": {
|
|
"nbsphinx": "hidden"
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"# JSON output syntax highlighting\n",
|
|
"from __future__ import print_function\n",
|
|
"from pygments import highlight\n",
|
|
"from pygments.lexers import JsonLexer, TextLexer\n",
|
|
"from pygments.formatters import HtmlFormatter\n",
|
|
"from IPython.display import display, HTML\n",
|
|
"from IPython.core.interactiveshell import InteractiveShell\n",
|
|
"\n",
|
|
"InteractiveShell.ast_node_interactivity = \"all\"\n",
|
|
"\n",
|
|
"def json_print(inpt):\n",
|
|
" string = str(inpt)\n",
|
|
" formatter = HtmlFormatter()\n",
|
|
" if string[0] == '{':\n",
|
|
" lexer = JsonLexer()\n",
|
|
" else:\n",
|
|
" lexer = TextLexer()\n",
|
|
" return HTML('<style type=\"text/css\">{}</style>{}'.format(\n",
|
|
" formatter.get_style_defs('.highlight'),\n",
|
|
" highlight(string, lexer, formatter)))\n",
|
|
"\n",
|
|
"globals()['print'] = json_print"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"## Serializing STIX Objects"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"The string representation of all STIX classes is a valid STIX JSON object."
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 3,
|
|
"metadata": {},
|
|
"outputs": [
|
|
{
|
|
"data": {
|
|
"text/html": [
|
|
"<style type=\"text/css\">.highlight .hll { background-color: #ffffcc }\n",
|
|
".highlight { background: #f8f8f8; }\n",
|
|
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
|
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
|
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
|
".highlight .o { color: #666666 } /* Operator */\n",
|
|
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
|
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
|
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
|
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
|
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
|
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
|
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
|
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
|
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
|
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
|
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
|
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
|
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
|
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
|
|
" <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator--5e515461-93ad-41a8-a540-4f9d1a098939"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"modified"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"File hash for malware variant"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern"</span><span class=\"p\">:</span> <span class=\"s2\">"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern_type"</span><span class=\"p\">:</span> <span class=\"s2\">"stix"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"valid_from"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span>\n",
|
|
"<span class=\"p\">}</span>\n",
|
|
"</pre></div>\n"
|
|
],
|
|
"text/plain": [
|
|
"<IPython.core.display.HTML object>"
|
|
]
|
|
},
|
|
"execution_count": 3,
|
|
"metadata": {},
|
|
"output_type": "execute_result"
|
|
}
|
|
],
|
|
"source": [
|
|
"from stix2 import Indicator\n",
|
|
"\n",
|
|
"indicator = Indicator(name=\"File hash for malware variant\",\n",
|
|
" pattern_type=\"stix\",\n",
|
|
" pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
|
|
"\n",
|
|
"print(indicator.serialize(pretty=True))"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"---\n",
|
|
"**New in 3.0.0:** \n",
|
|
"\n",
|
|
"Calling `str()` on a STIX object will call `serialize()` without any formatting options. The change was made to address the performance penalty induced by unknowingly calling with the pretty formatted option. As shown above, to get the same effect as `str()` had in past versions of the library, use the method directly and pass in the pretty argument `serialize(pretty=True)`.\n",
|
|
"\n",
|
|
"---\n",
|
|
"\n",
|
|
"However, the pretty formatted string representation can be slow, as it sorts properties to be in a more readable order. If you need performance and don't care about the human-readability of the output, use the object's `serialize()` function to pass in any arguments `json.dump()` would understand:"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 4,
|
|
"metadata": {},
|
|
"outputs": [
|
|
{
|
|
"data": {
|
|
"text/html": [
|
|
"<style type=\"text/css\">.highlight .hll { background-color: #ffffcc }\n",
|
|
".highlight { background: #f8f8f8; }\n",
|
|
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
|
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
|
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
|
".highlight .o { color: #666666 } /* Operator */\n",
|
|
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
|
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
|
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
|
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
|
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
|
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
|
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
|
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
|
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
|
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
|
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
|
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
|
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
|
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span><span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"File hash for malware variant"</span><span class=\"p\">,</span> <span class=\"nt\">"pattern_type"</span><span class=\"p\">:</span> <span class=\"s2\">"stix"</span><span class=\"p\">,</span> <span class=\"nt\">"pattern"</span><span class=\"p\">:</span> <span class=\"s2\">"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']"</span><span class=\"p\">,</span> <span class=\"nt\">"pattern_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span> <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator"</span><span class=\"p\">,</span> <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span> <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator--5e515461-93ad-41a8-a540-4f9d1a098939"</span><span class=\"p\">,</span> <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span> <span class=\"nt\">"modified"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span> <span class=\"nt\">"valid_from"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">}</span>\n",
|
|
"</pre></div>\n"
|
|
],
|
|
"text/plain": [
|
|
"<IPython.core.display.HTML object>"
|
|
]
|
|
},
|
|
"execution_count": 4,
|
|
"metadata": {},
|
|
"output_type": "execute_result"
|
|
}
|
|
],
|
|
"source": [
|
|
"print(indicator.serialize())"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"If you need performance but also need human-readable output, you can pass the `indent` keyword argument to `serialize()`:"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 5,
|
|
"metadata": {},
|
|
"outputs": [
|
|
{
|
|
"data": {
|
|
"text/html": [
|
|
"<style type=\"text/css\">.highlight .hll { background-color: #ffffcc }\n",
|
|
".highlight { background: #f8f8f8; }\n",
|
|
".highlight .c { color: #408080; font-style: italic } /* Comment */\n",
|
|
".highlight .err { border: 1px solid #FF0000 } /* Error */\n",
|
|
".highlight .k { color: #008000; font-weight: bold } /* Keyword */\n",
|
|
".highlight .o { color: #666666 } /* Operator */\n",
|
|
".highlight .ch { color: #408080; font-style: italic } /* Comment.Hashbang */\n",
|
|
".highlight .cm { color: #408080; font-style: italic } /* Comment.Multiline */\n",
|
|
".highlight .cp { color: #BC7A00 } /* Comment.Preproc */\n",
|
|
".highlight .cpf { color: #408080; font-style: italic } /* Comment.PreprocFile */\n",
|
|
".highlight .c1 { color: #408080; font-style: italic } /* Comment.Single */\n",
|
|
".highlight .cs { color: #408080; font-style: italic } /* Comment.Special */\n",
|
|
".highlight .gd { color: #A00000 } /* Generic.Deleted */\n",
|
|
".highlight .ge { font-style: italic } /* Generic.Emph */\n",
|
|
".highlight .gr { color: #FF0000 } /* Generic.Error */\n",
|
|
".highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */\n",
|
|
".highlight .gi { color: #00A000 } /* Generic.Inserted */\n",
|
|
".highlight .go { color: #888888 } /* Generic.Output */\n",
|
|
".highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */\n",
|
|
".highlight .gs { font-weight: bold } /* Generic.Strong */\n",
|
|
".highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */\n",
|
|
".highlight .gt { color: #0044DD } /* Generic.Traceback */\n",
|
|
".highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */\n",
|
|
".highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */\n",
|
|
".highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */\n",
|
|
".highlight .kp { color: #008000 } /* Keyword.Pseudo */\n",
|
|
".highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */\n",
|
|
".highlight .kt { color: #B00040 } /* Keyword.Type */\n",
|
|
".highlight .m { color: #666666 } /* Literal.Number */\n",
|
|
".highlight .s { color: #BA2121 } /* Literal.String */\n",
|
|
".highlight .na { color: #7D9029 } /* Name.Attribute */\n",
|
|
".highlight .nb { color: #008000 } /* Name.Builtin */\n",
|
|
".highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */\n",
|
|
".highlight .no { color: #880000 } /* Name.Constant */\n",
|
|
".highlight .nd { color: #AA22FF } /* Name.Decorator */\n",
|
|
".highlight .ni { color: #999999; font-weight: bold } /* Name.Entity */\n",
|
|
".highlight .ne { color: #D2413A; font-weight: bold } /* Name.Exception */\n",
|
|
".highlight .nf { color: #0000FF } /* Name.Function */\n",
|
|
".highlight .nl { color: #A0A000 } /* Name.Label */\n",
|
|
".highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */\n",
|
|
".highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */\n",
|
|
".highlight .nv { color: #19177C } /* Name.Variable */\n",
|
|
".highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */\n",
|
|
".highlight .w { color: #bbbbbb } /* Text.Whitespace */\n",
|
|
".highlight .mb { color: #666666 } /* Literal.Number.Bin */\n",
|
|
".highlight .mf { color: #666666 } /* Literal.Number.Float */\n",
|
|
".highlight .mh { color: #666666 } /* Literal.Number.Hex */\n",
|
|
".highlight .mi { color: #666666 } /* Literal.Number.Integer */\n",
|
|
".highlight .mo { color: #666666 } /* Literal.Number.Oct */\n",
|
|
".highlight .sa { color: #BA2121 } /* Literal.String.Affix */\n",
|
|
".highlight .sb { color: #BA2121 } /* Literal.String.Backtick */\n",
|
|
".highlight .sc { color: #BA2121 } /* Literal.String.Char */\n",
|
|
".highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */\n",
|
|
".highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */\n",
|
|
".highlight .s2 { color: #BA2121 } /* Literal.String.Double */\n",
|
|
".highlight .se { color: #BB6622; font-weight: bold } /* Literal.String.Escape */\n",
|
|
".highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */\n",
|
|
".highlight .si { color: #BB6688; font-weight: bold } /* Literal.String.Interpol */\n",
|
|
".highlight .sx { color: #008000 } /* Literal.String.Other */\n",
|
|
".highlight .sr { color: #BB6688 } /* Literal.String.Regex */\n",
|
|
".highlight .s1 { color: #BA2121 } /* Literal.String.Single */\n",
|
|
".highlight .ss { color: #19177C } /* Literal.String.Symbol */\n",
|
|
".highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */\n",
|
|
".highlight .fm { color: #0000FF } /* Name.Function.Magic */\n",
|
|
".highlight .vc { color: #19177C } /* Name.Variable.Class */\n",
|
|
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
|
|
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
|
|
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
|
|
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
|
|
" <span class=\"nt\">"name"</span><span class=\"p\">:</span> <span class=\"s2\">"File hash for malware variant"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern_type"</span><span class=\"p\">:</span> <span class=\"s2\">"stix"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern"</span><span class=\"p\">:</span> <span class=\"s2\">"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"pattern_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"type"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"spec_version"</span><span class=\"p\">:</span> <span class=\"s2\">"2.1"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"id"</span><span class=\"p\">:</span> <span class=\"s2\">"indicator--5e515461-93ad-41a8-a540-4f9d1a098939"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"created"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"modified"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span><span class=\"p\">,</span>\n",
|
|
" <span class=\"nt\">"valid_from"</span><span class=\"p\">:</span> <span class=\"s2\">"2020-06-26T18:47:20.215931Z"</span>\n",
|
|
"<span class=\"p\">}</span>\n",
|
|
"</pre></div>\n"
|
|
],
|
|
"text/plain": [
|
|
"<IPython.core.display.HTML object>"
|
|
]
|
|
},
|
|
"execution_count": 5,
|
|
"metadata": {},
|
|
"output_type": "execute_result"
|
|
}
|
|
],
|
|
"source": [
|
|
"print(indicator.serialize(indent=4))"
|
|
]
|
|
}
|
|
],
|
|
"metadata": {
|
|
"kernelspec": {
|
|
"display_name": "Python 3",
|
|
"language": "python",
|
|
"name": "python3"
|
|
},
|
|
"language_info": {
|
|
"codemirror_mode": {
|
|
"name": "ipython",
|
|
"version": 3
|
|
},
|
|
"file_extension": ".py",
|
|
"mimetype": "text/x-python",
|
|
"name": "python",
|
|
"nbconvert_exporter": "python",
|
|
"pygments_lexer": "ipython3",
|
|
"version": "3.9.0a6"
|
|
}
|
|
},
|
|
"nbformat": 4,
|
|
"nbformat_minor": 2
|
|
}
|