101 lines
2.7 KiB
Plaintext
101 lines
2.7 KiB
Plaintext
{
|
|
"cells": [
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 2,
|
|
"metadata": {
|
|
"collapsed": true,
|
|
"nbsphinx": "hidden"
|
|
},
|
|
"outputs": [],
|
|
"source": [
|
|
"# Delete this cell to re-enable tracebacks\n",
|
|
"import sys\n",
|
|
"ipython = get_ipython()\n",
|
|
"\n",
|
|
"def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
|
|
" exception_only=False, running_compiled_code=False):\n",
|
|
" etype, value, tb = sys.exc_info()\n",
|
|
" return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
|
|
"\n",
|
|
"ipython.showtraceback = hide_traceback"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"## Parsing STIX Content"
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "markdown",
|
|
"metadata": {},
|
|
"source": [
|
|
"Parsing STIX content is as easy as calling the `parse()` function on a JSON string. It will automatically determine the type of the object. The STIX objects within `bundle` objects, and the cyber observables contained within `observed-data` objects will be parsed as well."
|
|
]
|
|
},
|
|
{
|
|
"cell_type": "code",
|
|
"execution_count": 10,
|
|
"metadata": {},
|
|
"outputs": [
|
|
{
|
|
"name": "stdout",
|
|
"output_type": "stream",
|
|
"text": [
|
|
"observed-data\n",
|
|
"0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038\n"
|
|
]
|
|
}
|
|
],
|
|
"source": [
|
|
"from stix2 import parse\n",
|
|
"\n",
|
|
"input_string = \"\"\"{\n",
|
|
" \"type\": \"observed-data\",\n",
|
|
" \"id\": \"observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf\",\n",
|
|
" \"created\": \"2016-04-06T19:58:16.000Z\",\n",
|
|
" \"modified\": \"2016-04-06T19:58:16.000Z\",\n",
|
|
" \"first_observed\": \"2015-12-21T19:00:00Z\",\n",
|
|
" \"last_observed\": \"2015-12-21T19:00:00Z\",\n",
|
|
" \"number_observed\": 50,\n",
|
|
" \"objects\": {\n",
|
|
" \"0\": {\n",
|
|
" \"type\": \"file\",\n",
|
|
" \"hashes\": {\n",
|
|
" \"SHA-256\": \"0969de02ecf8a5f003e3f6d063d848c8a193aada092623f8ce408c15bcb5f038\"\n",
|
|
" }\n",
|
|
" }\n",
|
|
" }\n",
|
|
"}\"\"\"\n",
|
|
"\n",
|
|
"obj = parse(input_string)\n",
|
|
"print(obj.type)\n",
|
|
"print(obj.objects[\"0\"].hashes['SHA-256'])"
|
|
]
|
|
}
|
|
],
|
|
"metadata": {
|
|
"kernelspec": {
|
|
"display_name": "Python 2",
|
|
"language": "python",
|
|
"name": "python2"
|
|
},
|
|
"language_info": {
|
|
"codemirror_mode": {
|
|
"name": "ipython",
|
|
"version": 2
|
|
},
|
|
"file_extension": ".py",
|
|
"mimetype": "text/x-python",
|
|
"name": "python",
|
|
"nbconvert_exporter": "python",
|
|
"pygments_lexer": "ipython2",
|
|
"version": "2.7.12"
|
|
}
|
|
},
|
|
"nbformat": 4,
|
|
"nbformat_minor": 2
|
|
}
|