cti-python-stix2/docs/versioning.ipynb

163 lines
4.4 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"cells": [
{
"cell_type": "code",
"execution_count": 5,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"# Delete this cell to re-enable tracebacks\n",
"import sys\n",
"ipython = get_ipython()\n",
"\n",
"def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
" exception_only=False, running_compiled_code=False):\n",
" etype, value, tb = sys.exc_info()\n",
" return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
"\n",
"ipython.showtraceback = hide_traceback"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Versioning"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"To create a new version of an existing object, specify the property(ies) you want to change and their new values:"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
" \"modified\": \"2017-09-14T16:59:28.100Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"File hash for Foobar malware\",\n",
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\"\n",
"}\n"
]
}
],
"source": [
"from stix2 import Indicator\n",
"\n",
"indicator = Indicator(created=\"2016-01-01T08:00:00.000Z\",\n",
" name=\"File hash for suspicious file\",\n",
" labels=[\"anomalous-activity\"],\n",
" pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
"\n",
"indicator2 = indicator.new_version(name=\"File hash for Foobar malware\",\n",
" labels=[\"malicious-activity\"])\n",
"print(indicator2)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The modified time will be updated to the current time unless you provide a specific value as a keyword argument. Note that you cant change the type, id, or created properties."
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {
"scrolled": true
},
"outputs": [
{
"ename": "UnmodifiablePropertyError",
"evalue": "These properties cannot be changed when making a new version: id.",
"output_type": "error",
"traceback": [
"\u001b[0;31mUnmodifiablePropertyError\u001b[0m\u001b[0;31m:\u001b[0m These properties cannot be changed when making a new version: id.\n"
]
}
],
"source": [
"indicator.new_version(id=\"indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21\")"
]
},
{
"cell_type": "markdown",
"metadata": {
"collapsed": true
},
"source": [
"To revoke an object:"
]
},
{
"cell_type": "code",
"execution_count": 9,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
" \"modified\": \"2017-09-14T17:03:31.222Z\",\n",
" \"labels\": [\n",
" \"malicious-activity\"\n",
" ],\n",
" \"name\": \"File hash for Foobar malware\",\n",
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\",\n",
" \"revoked\": true\n",
"}\n"
]
}
],
"source": [
"indicator2 = indicator2.revoke()\n",
"print(indicator2)"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 2",
"language": "python",
"name": "python2"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 2
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython2",
"version": "2.7.12"
}
},
"nbformat": 4,
"nbformat_minor": 2
}