163 lines
4.4 KiB
Plaintext
163 lines
4.4 KiB
Plaintext
{
|
||
"cells": [
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 5,
|
||
"metadata": {
|
||
"collapsed": true
|
||
},
|
||
"outputs": [],
|
||
"source": [
|
||
"# Delete this cell to re-enable tracebacks\n",
|
||
"import sys\n",
|
||
"ipython = get_ipython()\n",
|
||
"\n",
|
||
"def hide_traceback(exc_tuple=None, filename=None, tb_offset=None,\n",
|
||
" exception_only=False, running_compiled_code=False):\n",
|
||
" etype, value, tb = sys.exc_info()\n",
|
||
" return ipython._showtraceback(etype, value, ipython.InteractiveTB.get_exception_only(etype, value))\n",
|
||
"\n",
|
||
"ipython.showtraceback = hide_traceback"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"metadata": {},
|
||
"source": [
|
||
"## Versioning"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"metadata": {},
|
||
"source": [
|
||
"To create a new version of an existing object, specify the property(ies) you want to change and their new values:"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 6,
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"{\n",
|
||
" \"type\": \"indicator\",\n",
|
||
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
|
||
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
|
||
" \"modified\": \"2017-09-14T16:59:28.100Z\",\n",
|
||
" \"labels\": [\n",
|
||
" \"malicious-activity\"\n",
|
||
" ],\n",
|
||
" \"name\": \"File hash for Foobar malware\",\n",
|
||
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
|
||
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\"\n",
|
||
"}\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"from stix2 import Indicator\n",
|
||
"\n",
|
||
"indicator = Indicator(created=\"2016-01-01T08:00:00.000Z\",\n",
|
||
" name=\"File hash for suspicious file\",\n",
|
||
" labels=[\"anomalous-activity\"],\n",
|
||
" pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
|
||
"\n",
|
||
"indicator2 = indicator.new_version(name=\"File hash for Foobar malware\",\n",
|
||
" labels=[\"malicious-activity\"])\n",
|
||
"print(indicator2)"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"metadata": {},
|
||
"source": [
|
||
"The modified time will be updated to the current time unless you provide a specific value as a keyword argument. Note that you can’t change the type, id, or created properties."
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 3,
|
||
"metadata": {
|
||
"scrolled": true
|
||
},
|
||
"outputs": [
|
||
{
|
||
"ename": "UnmodifiablePropertyError",
|
||
"evalue": "These properties cannot be changed when making a new version: id.",
|
||
"output_type": "error",
|
||
"traceback": [
|
||
"\u001b[0;31mUnmodifiablePropertyError\u001b[0m\u001b[0;31m:\u001b[0m These properties cannot be changed when making a new version: id.\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"indicator.new_version(id=\"indicator--cc42e358-8b9b-493c-9646-6ecd73b41c21\")"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "markdown",
|
||
"metadata": {
|
||
"collapsed": true
|
||
},
|
||
"source": [
|
||
"To revoke an object:"
|
||
]
|
||
},
|
||
{
|
||
"cell_type": "code",
|
||
"execution_count": 9,
|
||
"metadata": {},
|
||
"outputs": [
|
||
{
|
||
"name": "stdout",
|
||
"output_type": "stream",
|
||
"text": [
|
||
"{\n",
|
||
" \"type\": \"indicator\",\n",
|
||
" \"id\": \"indicator--ec05229c-9f9a-408c-aa91-6996e2e9b4db\",\n",
|
||
" \"created\": \"2016-01-01T08:00:00.000Z\",\n",
|
||
" \"modified\": \"2017-09-14T17:03:31.222Z\",\n",
|
||
" \"labels\": [\n",
|
||
" \"malicious-activity\"\n",
|
||
" ],\n",
|
||
" \"name\": \"File hash for Foobar malware\",\n",
|
||
" \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
|
||
" \"valid_from\": \"2017-09-14T16:59:28.098521Z\",\n",
|
||
" \"revoked\": true\n",
|
||
"}\n"
|
||
]
|
||
}
|
||
],
|
||
"source": [
|
||
"indicator2 = indicator2.revoke()\n",
|
||
"print(indicator2)"
|
||
]
|
||
}
|
||
],
|
||
"metadata": {
|
||
"kernelspec": {
|
||
"display_name": "Python 2",
|
||
"language": "python",
|
||
"name": "python2"
|
||
},
|
||
"language_info": {
|
||
"codemirror_mode": {
|
||
"name": "ipython",
|
||
"version": 2
|
||
},
|
||
"file_extension": ".py",
|
||
"mimetype": "text/x-python",
|
||
"name": "python",
|
||
"nbconvert_exporter": "python",
|
||
"pygments_lexer": "ipython2",
|
||
"version": "2.7.12"
|
||
}
|
||
},
|
||
"nbformat": 4,
|
||
"nbformat_minor": 2
|
||
}
|