Skip to main content

A data marking API for STIX 1 content.

Project description

A Python API for marking STIX data.

Source:

https://github.com/mitre/stixmarx/

Documentation:

https://stixmarx.readthedocs.org/

Information:

https://stixproject.github.io/

Travis CI Build Status Landscape.io Code Health PyPI Package Index

Data Markings Concept

Learn more about the Data Markings concept here.

Examples

The following examples demonstrate the intended use of the stixmarx library.

Adding Markings

# stixmarx imports
import stixmarx

# python-stix imports
from stix.indicator import Indicator
from stix.data_marking import MarkingSpecification
from stix.extensions.marking.tlp import TLPMarkingStructure as TLP


# Create a new stixmarx MarkingContainer with a
# new STIXPackage object contained within it.
container = stixmarx.new()

# Get the associated STIX Package
package = container.package

# Create an Indicator object
indicator = Indicator(title='Indicator Title', description='Gonna Mark This')

# Add the Indicator object to our STIX Package
package.add(indicator)

# Build MarkingSpecification and add TLP MarkingStructure
red_marking = MarkingSpecification(marking_structures=TLP(color="RED"))
amber_marking = MarkingSpecification(marking_structures=TLP(color="AMBER"))
green_marking = MarkingSpecification(marking_structures=TLP(color="GREEN"))


# Mark the indicator with our TLP RED marking
# This is the equivalent of a component marking. Applies to all descendants
# nodes, text and attributes.
container.add_marking(indicator, red_marking, descendants=True)


# Mark the indicator with TLP GREEN. If descendants is false, the marking
# will only apply to the indicator node. Does NOT include text, attributes
# or descendants.
container.add_marking(indicator, green_marking)


# Mark the description text.
# >>> type(indicator.description.value)  <type 'str'>
indicator.description.value = container.add_marking(indicator.description.value, amber_marking)
# >>> type(indicator.description.value)  <class 'stixmarx.api.types.MarkableBytes'>


# Mark the indicator timestamp attribute.
# >>> type(indicator.timestamp)  <type 'datetime.datetime'>
indicator.timestamp = container.add_marking(indicator.timestamp, amber_marking)
# >>> type(indicator.timestamp)  <type 'stixmarx.api.types.MarkableDateTime'>

# Print the XML!
print container.to_xml()

Retrieving Markings

# stixmarx
import stixmarx

# Parse the input into a MarkingContainer
container = stixmarx.parse("stix-document.xml")

# Get container package
package = container.package

# Get the markings that apply to the entire XML document
global_markings = container.get_markings(package)

# Print the dictionary representation for our only global marking
marking = global_markings[0]
print marking.to_dict()

# Get our only indicator from the STIX Package
indicator = package.indicators[0]

# Get the markings from the Indicator.
# Note: This will include the global markings and any other markings
# applied by an ancestor!
indicator_markings = container.get_markings(indicator)

# Print the Indicator markings!
for marking in indicator_markings:
    print marking.to_dict()

Notice

This software was produced for the U. S. Government, and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007).

Copyright (c) 2017, The MITRE Corporation. All Rights Reserved.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stixmarx-1.0.8.tar.gz (27.7 kB view details)

Uploaded Source

Built Distribution

stixmarx-1.0.8-py2.py3-none-any.whl (32.3 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file stixmarx-1.0.8.tar.gz.

File metadata

  • Download URL: stixmarx-1.0.8.tar.gz
  • Upload date:
  • Size: 27.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.4.2 requests/2.20.1 setuptools/44.1.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.18

File hashes

Hashes for stixmarx-1.0.8.tar.gz
Algorithm Hash digest
SHA256 f2a5855bb8a788c578cae8ecb0371a869030ec5ee3fb6f879eff7a3a0b85f075
MD5 d521d4b8bb814bf48e238dcc15ad447b
BLAKE2b-256 1820746954e0fd7bb01be6d3669e1af5933fc6406a9a7398f0093aae9845630c

See more details on using hashes here.

File details

Details for the file stixmarx-1.0.8-py2.py3-none-any.whl.

File metadata

  • Download URL: stixmarx-1.0.8-py2.py3-none-any.whl
  • Upload date:
  • Size: 32.3 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.15.0 pkginfo/1.4.2 requests/2.20.1 setuptools/44.1.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.18

File hashes

Hashes for stixmarx-1.0.8-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 6f506aee25a921fe7cd073d20787c4cdca305debbe72fc2cbd0169ca6c894d11
MD5 e639ba03865c6e4d1b4cea461d23f95a
BLAKE2b-256 ba67ca70fbceeb4e0dbece631ebd10fd919d3da77ca68efd95b53d53a85e2fee

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page