A data marking API for STIX 1 content.
Project description
A Python API for marking STIX data.
Source: | https://github.com/mitre/stixmarx/ |
---|---|
Documentation: | https://stixmarx.readthedocs.org/ |
Information: | https://stixproject.github.io/ |
Data Markings Concept
Learn more about the Data Markings concept here.
Examples
The following examples demonstrate the intended use of the stixmarx library.
Adding Markings
# stixmarx imports import stixmarx # python-stix imports from stix.indicator import Indicator from stix.data_marking import MarkingSpecification from stix.extensions.marking.tlp import TLPMarkingStructure as TLP # Create a new stixmarx MarkingContainer with a # new STIXPackage object contained within it. container = stixmarx.new() # Get the associated STIX Package package = container.package # Create an Indicator object indicator = Indicator(title='Indicator Title', description='Gonna Mark This') # Add the Indicator object to our STIX Package package.add(indicator) # Build MarkingSpecification and add TLP MarkingStructure red_marking = MarkingSpecification(marking_structures=TLP(color="RED")) amber_marking = MarkingSpecification(marking_structures=TLP(color="AMBER")) green_marking = MarkingSpecification(marking_structures=TLP(color="GREEN")) # Mark the indicator with our TLP RED marking # This is the equivalent of a component marking. Applies to all descendants # nodes, text and attributes. container.add_marking(indicator, red_marking, descendants=True) # Mark the indicator with TLP GREEN. If descendants is false, the marking # will only apply to the indicator node. Does NOT include text, attributes # or descendants. container.add_marking(indicator, green_marking) # Mark the description text. # >>> type(indicator.description.value) <type 'str'> indicator.description.value = container.add_marking(indicator.description.value, amber_marking) # >>> type(indicator.description.value) <class 'stixmarx.api.types.MarkableBytes'> # Mark the indicator timestamp attribute. # >>> type(indicator.timestamp) <type 'datetime.datetime'> indicator.timestamp = container.add_marking(indicator.timestamp, amber_marking) # >>> type(indicator.timestamp) <type 'stixmarx.api.types.MarkableDateTime'> # Print the XML! print container.to_xml()
Retrieving Markings
# stixmarx import stixmarx # Parse the input into a MarkingContainer container = stixmarx.parse("stix-document.xml") # Get container package package = container.package # Get the markings that apply to the entire XML document global_markings = container.get_markings(package) # Print the dictionary representation for our only global marking marking = global_markings[0] print marking.to_dict() # Get our only indicator from the STIX Package indicator = package.indicators[0] # Get the markings from the Indicator. # Note: This will include the global markings and any other markings # applied by an ancestor! indicator_markings = container.get_markings(indicator) # Print the Indicator markings! for marking in indicator_markings: print marking.to_dict()
Notice
This software was produced for the U. S. Government, and is subject to the Rights in Data-General Clause 52.227-14, Alt. IV (DEC 2007).
Copyright (c) 2017, The MITRE Corporation. All Rights Reserved.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
stixmarx-1.0.8.tar.gz
(27.7 kB
view hashes)
Built Distribution
Close
Hashes for stixmarx-1.0.8-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6f506aee25a921fe7cd073d20787c4cdca305debbe72fc2cbd0169ca6c894d11 |
|
MD5 | e639ba03865c6e4d1b4cea461d23f95a |
|
BLAKE2-256 | ba67ca70fbceeb4e0dbece631ebd10fd919d3da77ca68efd95b53d53a85e2fee |